Changelog for the DoD Cybersecurity Policy Chart

The goal of the DoD Cybersecurity Policy Chart is to capture the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

This page highlights and lists the updates to the DoD Cybersecurity Policy Chart.

Click here to view the DoD Cybersecurity Policy Chart.

21 November 2022

# Document Name Change/Justification
1 2022 National Security Strategyy The 2022 National Security Strategy was officially published in Oct 2022, and replaces the previous interim strategy located in the Cybersecurity Policy Chart.
2 2022 National Defense Strategy The public version of the 2022 National Defense Strategy (NDS) was released in Oct 2022, and replaces the NDS placeholder in the Policy Chart. This strategy document includes the 2022 Nuclear Posture Review and the 2022 Missile Defense Review.

13 October 2022

# Document Name Change/Justification
1 CNSSI 1253E, Attachment 5 Classified System Overlay This attachment overlay, released on September 30 2022 and highlighted under the “CNSSI-1253F, Atchs 1-5” box on the chart, lists additional privacy and control baselines to CNSSI 1253. It identifies security control specifications needed to safeguard classified information stored, processed, or transmitted by national security systems (NSS). This overlay is baseline independent and can be used with any NSS baseline (security and privacy) to safeguard classified information.
2 DoDI 8330.01 Interoperability of Information Technology, Including National Security Systems DoDI 8330.01, effective as of September 27, 2022, provides direction for certifying the interoperability of IT and NSS systems. The Purpose of this Instruction includes establishing the Interoperability Steering Group (ISG), and establishing the governing policy and responsibilities for interoperability requirements development, test, certification, and prerequisites for connection of IT, including NSS.
3 CJCSI 6510.02F Cryptographic Modernization Planning This Instruction, updated in August of 2022, has been adjusted in the Policy Chart. This Instruction provides policy and guidance for planning, programming and implementing the modernization of Type 1 cryptographic products certified by the NSA and held by the DoD.

01 September 2022

# Document Name Change/Justification
1 CNSSI 1253 Categorization and Control for National Security Systems CNSSI 1253, updated by CNSS on July 29, 2022, to build on and serve as a companion document to NIST SP 800-53, Rev. 5 and NIST SP 800-37, Rev. 2.
2 DoD Directive 5000.01 The Defense Acquisition System DoDI 5000.01 The Defense Acquisition System, with an objective of supporting National Defense Strategy, was updated in the Policy Chart as Change 1 became effective July 28, 2022.

26 July 2022

# Document Name Change/Justification
1* NIST SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations No update to Policy, but the chart has been edited to reflect the proper document title. The box title has been changed from “Security and Privacy Controls for Federal Information Systems” to “Security and Privacy Controls for Information Systems and Organizations”
2* NIST SP 800-53A Rev. 5 Assessing Security and Privacy Controls in Information Systems and Organizations No update to Policy, but the chart has been edited to reflect the proper document title. The box title has been changed from “Assessing Security and Privacy Controls in Federal Information Systems” to “Assessing Security and Privacy Controls in Information Systems and Organizations”
3 CNSSI 4009 Committee on National Security Systems (CNSS) Glossary CNSSI 4009 has been updated in March of 2022 to include new terms and to adjust definitions of current terms in the Glossary
4 DoD Instruction 8510.01 Risk Management Framework for DoD Systems DoDI 8510.01, updated as of 19 July 2022, establishes the cybersecurity Risk Management Framework (RMF) for DoD Systems and establishes policy, assigns responsibilities, and prescribes procedures for executing and maintaining the RMF

21 June 2022

# Document Name Change/Justification
1 CNSSP-32 Cloud Security for National Security Systems This Policy Document, released on 22 May 2022, establishes the minimum security requirements for National Security Systems (NSS) migrating to or operating in a cloud environment. This Policy derives its authority from National Security Directive 42, which outlines the roles and responsibilities for securing NSS.
2 DoD Instruction 5000.02 Operation of the Adaptive Acquisition Framework (AAF) DoDI 5000.02, with Change 1 effective on 8 June 2022, restructures defense acquisition guidance to improve process effectiveness and implement the AAF. Change 1 cancels DoDI 5000.02T in accordance with the 2020 coordination of this issuance and subsequent approval of the transition plan and updates the transition plan to document its completion and final location of information.

1 April 2022

# Document Name Change/Justification
1 2022 National Defense Strategy An unclassified version of the 2022 NDS has not yet been released, but the link will be posted once it is released. For now, the link for the 2022 National Defense Strategy will direct users to the Fact Sheet.
2 NIST SP 800-172A - Assessing Enhanced Security Requirements for Controlled Unclassified Information This publication, released in March 2022, provides federal agencies and nonfederal organizations with assessment procedures that can be used to carry out assessments of the requirements in NIST Special Publication 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171.
3 CNSSP 1 – National Policy for Safeguarding and Control of COMSEC Materials This policy, released in March 2022, is an update of an existing Policy Chart item and establishes the policy on Safeguarding and Control of COMSEC Material for National Security Systems (NSS).
4 CNSSD 600 – Directive on Communications Security (COMSEC) Monitoring
*CAC required
This directive, released in March 2022, provides policy and basic procedures for the establishment of COMSEC monitoring programs consistent with law, Executive Orders, and applicable Presidential Directives.

22 February 2022

# Document Name Change/Justification
1 DoD Software Modernization Strategy This DoD Strategy document, cleared for open publication on 2 Feb 2022, provides a goal of delivering better software faster. Projected outcomes include shifting secure software delivery left through modern infrastructure and platforms and enabling this shift through true process transformation and people development.
2 FIPS 201-3 Personal Identity Verification (PIV) of Federal Employees and Contractors This Publication, released in January 2022, supersedes FIPS 201-2 and establishes a standard for a Personal Identity Verification (PIV) system that meets the control and security objectives of Homeland Security Presidential Directive-12.
3* NIST SP 800-53A R5 Assessing Security & Privacy Controls in Federal Information Systems & Organizations This Publication, released in January 2022, supersedes NIST SP 8-53A R4, and provides a methodology and set of procedures for conducting assessments of security and privacy controls employed within systems and organizations within an effective risk management framework.
4** DoDD 5200.47E Anti-Tamper (AT) This Directive is replacing DoDD 5000.01 in the Policy Chart as it references Cybersecurity more specifically than the broad scope of DoDD 5000.01. It addresses the identification and protection of Critical Program Information (CPI) in accordance with DoDI 5200.39 Critical Program Information (CPI) Identification and Protection Within Research, Development, Test, and Evaluation (RDT&E).
5** DoDI 5000.02 Operation of the Adaptive Acquisition Framework This Instruction replaces DoDI 5000.02T in the Policy Chart in order to maintain the chart’s Cybersecurity relevance. DoDI 5000.02 restructures defense acquisition guidance to improve process effectiveness and implement the Adaptive Acquisition Framework (AAF). When the AAF realignment is complete, an administrative change to this issuance will cancel DoDI 5000.02T.
6 CNSSP-200 National Policy on Controlled Access Protection This Policy, released in January 2022, defines a minimum level of protection for automated information systems operated by executive branch, agencies and departments of the Federal Government and their contractors.

11 January 2022

# Document Name Change/Justification
1 EO 14028 on Improving the Nation’s Cybersecurity Added the number of the Executive Order to assist in locating the document on the policy chart. The link remains in the National/Federal subcategory.
2 NIST SP-800-213 IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements This Publication, released in November 2021, contains background and recommendations to help organizations consider how an IoT device they plan to acquire can integrate into a system.
3 CNSSI 1300 Secret NSS PKI X.509 Certificate Policy This Instruction, updated in December 2021, establishes the requirements for Federal Departments and Agencies to implement the National Security Systems Public Key Infrastructure to manage and support their Secret NSS networked systems.
4 DoDI 8140.02 Identification, Tracking, And Reporting of Cyberspace Workforce Requirements This Instruction, published in December 2021, establishes policy, assigns responsibilities, and provides guidance for the identification, tracking, data collection, and reporting requirements of DoD Cyberspace Workforce Framework (DCWF)work roles.

29 November 2021

# Document Name Change/Justification
1 CNSSD-505 Supply Chain Risk Management This directive released on 11/17/2021 updates formats and references regarding supply chain risk management (SCRM) capabilities for National Security Systems (NSS). This Directive provides a “whole of government approach” resulting in enhanced inter-agency collaboration and the sharing of lessons learned to address SCRM.
2 CNSSD-520 The Use of Mobile Devices to Process National Security Information Outside of Secure Spaces This directive released 11/09/2021 provides specific instructions for the control and use of mobile devices that are intended to store, process, and transmit NSI outside of secure spaces, both domestically and limited overseas, to ensure that mobile devices are protected commensurate to the threat environment and level of information stored, processed, transmitted, or communicated.
3 CNSSI 1011 Implementing Host-Based Security Capabilities on National Security Systems This Instruction released on 09/09/2021 provides operational guidance and assigns responsibilities for deploying host-based security capabilities for National Security Systems.
4 CNSSI 1013 Network Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS) on National Security Systems This Instruction released on 09/09/2021 provides operational guidance and assigns responsibilities for deploying network intrusion detection systems and network intrusion prevention systems (IDS/IPS) capabilities for National Security Systems (NSS).

19 October 2021

# Document Name Change/Justification
1 CNSSD-504 Directive on Protecting National Security Systems from Insider Threat Updated policy document from September 2021 added to the Develop the Workforce subcategory. Update only corrects for format and references. This document establishes that cybersecurity procedures should be implemented to protect against insider threats.
2 CNSSP-22 Cybersecurity Risk Management Policy updated September 2021. This policy document provides guidance for organizations that own, operate, or maintain national security systems (NSS) to establish an integrated, organization-wide Cybersecurity Risk Management Program among other cyber risk mitigation activities.
3 CNSSI-5000 Voice Over Internet Protocol (VoIP) Telephony Policy updated September 2021. This policy document contains requirements for providing on-hook and off-hook audio security for VoIP (video/voice) systems located in areas where NSS are located.

8 September 2021

# Document Name Change/Justification
1 CNSSP-10 National Policy Governing Use of Approved Security Containers in Information Security Applications New policy document from April 28, 2021 added to the Manage Access subcategory. Document establishes the Policy on the use of approved security containers in Information System Security applications.
2 CNSSP-11 National Policy Governing the Acquisition of Information Technology Products Policy updated July, 9, 2021. This policy governs the acquisition policies regarding national security systems.
3 CNSSP-14 National Policy Governing the Release of IA Products/Services Policy updated May 19, 2021. This policy governs the release of Information Assurance (IA) products and services to U.S. persons or activities that are not part of the federal government.
4 CNSSP-16 National Policy for the Destruction of COMSEC Paper Material Policy updated May 5, 2021. This policy requires departments and agencies to use crosscut shredders that meet the new NSA specification for the destruction of paper-based COMSEC material. It also defines parameters for the use of crosscut shredders currently in inventory until such time as new shredders are obtained.
5 CNSSP-18 National Policy on Classified Information Spillage Policy updated May 19, 2021. This policy applies to the spillage of classified national security information on any IS, be it government or nongovernment systems. It provides a framework for the consistent handling of the spillage of classified national security information.
6 CNSSI-1001 National Instruction on Classified Information Spillage Policy updated June 15, 2021. This instruction establishes the minimum actions required when responding to an information spillage of classified national security information.

24 June 2021

# Document Name Change/Justification
1 White House – President Biden: Executive Order on Improving the Nation’s Cybersecurity New document from 05/12/21 added to the National/Federal subcategory concerning improving cybersecurity capabilities of the nation. Specifically, the administration commits to prioritizing the prevention, detection, assessment, and remediation of cyber incidents.
2 * DoDD 5101.21E DoD Executive Agent for Unified Platform and Joint Cyber Command and Control (JCC2) New document from 06/04/20 added to the Strengthen Cyber Readiness subcategory regarding closing critical cyberspace capability gaps, and ensuring the delivery of resilient, agile, secure, and effective cyberspace capability solutions to the warfighter.

26 May 2021

# Document Name Change/Justification
1 NIST SP 1800-25 Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events New document added to the Strengthen Cyber Readiness subcategory. Published December 2020. Document explores methods to effectively identify assets (devices, data, and applications) that may become targets of data integrity attacks, as well as the vulnerabilities in the organization’s system that facilitate these attacks.
2 CNSSI-4007 Communications Security (COMSEC) Utility Program * Relocated document link from Manage Access to Sustain Missions subcategory
3 DoDD 5144.02 DoD Chief Information Officer Relocated document from Develop and Maintain Trust to Sustain Missions subcategory

27 April 2021

# Document Name Change/Justification
1 CNSSI-4007 Communications Security (COMSEC) Utility Program Relocated document link from Partner for Strength to the Manage Access subcategory
2 DOD Instruction 5000.90, Cybersecurity for acquisition decision authorities and program managers* Change 10 was issued to update the instruction. Originating Component: Office of the Under Secretary of Defense for Acquisition and Sustainment. Added to the Prevent and Delay Attackers and Prevent Attackers from Staying subcategory.
Effective: December 31, 2020
3 Added Directive-type Memorandum 20-004 Enabling Cyberspace Accountability of DoD Components and Information Systems Added this new document link to the Design for the Fight subcategory. November 13, 2020. DTM 20-004, “Enabling Cyberspace Accountability of DoD Components and Information Systems”
4 MOA Between DoD and DHS (Jan. 19, 2017) Relocated document link from Design for the Fight to the Partner for Strength subcategory

19 March 2021

# Document Name Change/Justification
1 Interim National Security Strategic Guidance* The new Administration has issued interim guidance to which all Departments and Agencies should align their actions as the White House team begins work on a new National Security Strategy.
Published: Mar 21
2 National Cyber Strategy Document link fixed.
https://dodcio.defense.gov/Portals/0/Documents/Cyber/ICAM_Strategy.pdf
3 DoD Information Sharing Strategy Document link fixed.
https://dodcio.defense.gov/Portals/0/Documents/InfoSharingStrategy.pdf
4 DoD Identity, Credential, and Access Management (ICAM) Strategy Document link added.
https://dodcio.defense.gov/Portals/0/Documents/Cyber/ICAM_Strategy.pdf
5 NIST SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information** New Documentation.
https://doi.org/10.6028/NIST.SP.800-172
Published: Feb 21
6 DoDI 5000.02T Operation of the Defense Acquisition System Change 10 published on 31 December 2020. Document link updated.
https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/500002Tp.pdf?ver=2020-09-15-152849-783
7 DoDI 8510.01 Change 3, “Risk Management Framework (RMF) for DoD Information Technology (IT)” Document link updated.
Change 3 Published: 29 Dec 20
8 DoDI 8523.01, “Communications Security” Document link updated.
Reissued: 6 Jan 21
9 DoDI 8581.01 IA Policy for Space Systems Used by the DoD Document removed.
Canceled: Aug 2020

16 March 2021

# Document Name Change/Justification
1 Interim National Security Strategic Guidance* The new Administration has issued interim guidance to which all Departments and Agencies should align their actions as the White House team begins work on a new National Security Strategy.
Published: Mar 21
2 National Cyber Strategy Document link fixed.
https://dodcio.defense.gov/Portals/0/Documents/Cyber/ICAM_Strategy.pdf
3 DoD Information Sharing Strategy Document link fixed.
https://dodcio.defense.gov/Portals/0/Documents/InfoSharingStrategy.pdf
4 DoD Identity, Credential, and Access Management (ICAM) Strategy Document link added.
https://dodcio.defense.gov/Portals/0/Documents/Cyber/ICAM_Strategy.pdf
5 NIST SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information** New Documentation.
https://doi.org/10.6028/NIST.SP.800-172
Published: Feb 21
6 DoDI 5000.02T Operation of the Defense Acquisition System Change 10 published on 31 December 2020. Document link updated.
https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/500002Tp.pdf?ver=2020-09-15-152849-783
7 DoDI 8510.01 Change 3, “Risk Management Framework (RMF) for DoD Information Technology (IT)” Document link updated.
Change 3 Published: 29 Dec 20
8 DoDI 8523.01, “Communications Security” Document link updated.
Reissued: 6 Jan 21

30 November 2020

# Document Name Change/Justification
1 NIST SP 800-207, Zero Trust Architecture New document added. This document contains an abstract definition of zero trust architecture (ZTA) and gives general deployment models and use cases where zero trust could improve an enterprise’s overall information technology security posture.
Published: August 2020
2 NIST SP 800-209, Security Guidelines for Storage Infrastructure New document added. Comprehensive security recommendations for storage infrastructures. The security focus areas covered in this document not only span those that are common to the entire IT infrastructure—such as physical security, authentication and authorization, change management, configuration control, and incident response and recovery—but also those that are specific to storage infrastructure, such as data protection, isolation, restoration assurance, and data encryption.
Published: 26 October 2020
3 NIST SP 1800-16, Securing Web Transactions: TLS Server Certificate Management New document added. NIST SP 1800-16 describes the TLS certificate management challenges faced by organizations; provides recommended best practices for large-scale TLS server certificate management; describes an automated proof-of-concept implementation that demonstrates how to prevent, detect, and recover from certificate-related incidents; and provides a mapping of the demonstrated capabilities to the recommended best practices and to NIST security guidelines and frameworks.
Published: 06 June 2020
4 NIST SP 800-210, General Access Control Guidance for Cloud Systems New document added. This document presents cloud access control characteristics and a set of general access control guidance for cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service).
Published: July 2020
5 DoDD O-5100.19, Critical Information Communications (CRITICOM) System (CAC-required) New document added. Assigns responsibility and prescribes procedures for the establishment of software acquisition pathways IAW Section 800 of Public Law 116-92.
Published: 02 October 2020
6 DoDI 5000.87, Operation of the Software Acquisition Pathway USD(I) was changed to USD(I&S) to reflect office name change.
7 DoDI 5205.83, DoD Insider Threat and Management and Analysis Center (DITMAC) New document added. Enterprise-level capability for managing and analyzing insider threats.
Change 1: 29 October 2020
8 DoDM 3305.09, Cryptologic Accreditation and Certification New document added. Provides accreditation guidance and procedures for DoD education and training institutions that support the cryptologic community.
Change 2: 01 October 2020
9 DoDM 5205.02E, DoD Operations Security (OPSEC) Program Manual New document added. To provide baseline requirements to ensure national security-related missions and functions are protected (to include information systems)
Change 2: 29 October 2020
10 Cybersecurity Maturity Model Certification (CMMC), v. 1.02 New document added. Certification developed to enhance the protection of FCI and CUI within the DIB. Version dated 18 March 2020.

13 October, 2020

# Document Name Change/Justification
1 14 U.S.C. Ch. 7 Replaced with new hyperlink to authoritative source
2 DoDI 8531.01 The link to DoDI 8531.01 mistakenly linked to DoDI 8530.01 and has been fixed.

09 October, 2020

# Document Name Change/Justification
1 Title 14, U.S. Code, Cooperation with Other Agencies Replaced with new hyperlink
2 NIST Special Publication 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations Long awaited and very important update, published September 2020, supersedes Rev. 4
3 CNSSD 507: National Directive for Identity, Credential, and Access Mgmt. Capabilities on the U.S. Federal Secret Fabric Provides a minimum set of requirements for Identity, Credential, and Access Management (ICAM) implementation and management that applies to the Federal Secret Fabric. Updated July 7, 2020.
4 DoD Directive 8140.01, Cyberspace Workforce Management Published October 5, 2020, superseding the earlier version dated August 11, 2015
5 DoD Instruction 8531.01, DoD Vulnerability Management Released on September 15, 2020
6 DoD Data Strategy The DoD Data Strategy supports the National Defense Strategy and Digital Modernization, published October 9, 2020
7 DTM 17-007, Ch. 3, Defense Support to Cyber Incident Response Change 3 issued May 29, 2020

30 July 2020

# Document Name Change/Justification
1 DoDI 8320.02: Sharing Data, Information, and Technology (IT) Services in the Department of Defense Incorporating Change 1, Effective June 24, 2020
SUMMARY OF CHANGE 1. The change to this issuance updates references and organizational titles and removes expiration language in accordance with current Chief Management Officer of the Department of Defense direction.
2 DoD Identity, Credential, and Access Management (ICAM) Strategy ICAM Strategy signed on 17 July 2020
3 MOA Between DoD and DHS Removed “requires CAC” language; CAC no longer required to view MOA.
4 RMF Knowledge Service Italicized to reflect no publicly accessible version available. Available with CAC only.
5 About This Chart Added note to open PDF document directly in a web browser
6 USD(I&S)* USD(I) was changed to USD(I&S) to reflect office name change.

22 June 2020

# Document Name Change/Justification
1 HSPD-12* Updated Link
2 NIST SP 800-37, R1* Replaced by NIST SP 800-37, R2
3 NIST SP 800-163* Replaced by NIST SP 800-163, R1
4 CJCSI 3213.02D, Joint Operations Security* Should be labeled as CJCSI 3213.01D
5 NIST SP 800-34, R1* Updated Link
6 OMB Circular A-130 Updated Link
7 DoD Cybersecurity Risk Reduction Strategy New Policy / Link to Document not publicly available.
8 “About This Chart” Added instructions for how to follow the link to a policy for those whose organizational policies block them from hyperlinking directly from a .pdf document.

29 May 2020

# Document Name Change/Justification
1 National Strategy to Secure 5G New policy added
2 DoD 5G Strategy New policy added
3 N/A Moved Executive Orders and Presidential Directives from “Lead and Govern” to “National/Federal” to make room for new strategies.

1 April 2020

# Document Name Change/Justification
1 NIST Framework for Improving Critical Infrastructure Cybersecurity Updated link
2 Common Criteria Evaluation and Validation Scheme (CCEVS) Updated to reflect change in CCEVS as of February 2020
3 DoDI 5000.02T Operation of the Defense Acquisition System Updated to reflect change in January 2020
4 DoDI 8510.01, Risk Management Framework for DoD IT Updated link
5 Joint Publication 6-0, Joint Communications System Updated link
6 MOA Between DoD and DHS (Jan 19, 2017, requires CAC) Updated link
7 DoDI 8420.01 Commercial WLAN Devices, Systems, and Technologies Updated link
8 DoD O-8530.1-M (CAC req’d) CND Service Provider Certification and Accreditation Program Updated link
9 DoDD 3020.40, Mission Assurance Updated link
10 DoDD 3100.10, Space Policy Updated link
11 Defense Acquisition Guidebook Updated link
12 Title 14, US Code, Cooperation With Other Agencies (Ch. 7) Updated link
13 NISTIR 7298, Rev. 3, Glossary of Key Information Security Terms Updated link to point to Rev. 3.
14 NIST SP 800-125A, R1, Security Recommendations for Hypervisor Platforms Updated link
15 NIST SP 800-88, R1,Guidelines for Media Sanitization New policy added

13 March 2020

# Document Name Change/Justification
1 NIST SP 800-171, R2 Protecting CUI in Nonfederal Systems and Organizations Superseded R1 of NIST SP 800-171 on 21 Feb 2020
2 DoDI 5200.48 Controlled Unclassified Information(CUI) New issuance, cancels DoD 5200.01 Volume 4. Issued 6 Mar 2020.
3 NIST SP 800-63 series Digital Identity Guidelines NIST SP 800-63-3, 800-63A, 800-63B, and 800-63C were all updated on 2 Mar 2020

19 February 2020

# Document Name Change/Justification
1 DoDI 8170.01, Online Information Management and Electronic Messaging Updated hyperlink

18 February 2020

# Document Name Change/Justification
1 DoDD 8140.01, Cyberspace Workforce Management Updated hyperlink
2 DoDI 8170.01, Online Information Management and Electronic Messaging Supersedes DoD Instruction 8550.01, “DoD Internet Services and Internet-Based Capabilities,” September 11, 2012 (which was removed from the chart)
3 Joint Special Access Program (SAP) Implementation Guide (JSIG) Updated hyperlink

29 January 2020

# Document Name Change/Justification
1 CNSSI-5002, Telephony Isolation Used for Unified Communications Implementations within Physically Protected Spaces Supersedes CNSSI No. 5002, National Information Assurance (IA) Instruction for Computerized Telephone Systems (February 2012) on December 18, 2019.
2 DTM 17-007, Defense Support to Cyber Incident Response Updated hyperlink

17 December 2019

# Document Name Change/Justification
1 NIST SP 800-34, R1 Contingency Planning Guide for Federal Information Systems New addition to chart to address contingency planning.*
2 NIST SP 800-82, R2 Guide to Industrial Control Systems (ICS) Security New addition to chart to address ISC cybersecurity.*
3 DoDI 8582.01, Security of Non-DoD Information Systems Processing Unclassified Nonpublic DoD Information Policy was updated on 9 Dec 2019.
4 UFC 4-010-06, Cybersecurity of Facility-Related Control Systems New addition to chart to address cybersecurity issues for facility-related control systems.*
5 Security Technical Implementation Guides (STIGs) Hyperlink updated to link to DISA’s updated website and new URL.†
6 Security Configuration Guides (SCGs) Hyperlink updated to link to NSA’s updated website and new URL.
7 NSA IA Guidance New addition to the chart includes 123 “security tip” documents for mitigating cyber risk

27 November 2019

# Document Name Change/Justification
1 CNSSD 506, National Directive to Implement PKI on Secret Networks New addition to the Policy Chart
2 CNSSD 520, The Use of Mobile Devices to Process National Security Information Outside of Secure Spaces New addition to the Policy Chart

30 October 2019

# Document Name Change/Justification
1 DoDI 5205.13 Defense Industrial Base (DIB) Cyber Security (CS) / IA Activities Change 2 issued on 21 August 2019
2 DoDI 8500.01, Cybersecurity Change 1 issued on 7 Oct 2019
3 NIST 800-128, Guide for Security-Focused Configuration Management of Information Systems Updated 10 October 2019
4 NIST 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems Added to the chart to reflect the increasing importance of this topic.
5 FIPS Pub 140-3, Security Requirements for Cryptographic Modules Superseded FIPS Pub 140-2. FIPS 140-3 was published on 22 Mar 2019, but didn’t officially become effective under the implementation schedule until 22 Sep 2019.

25 October 2019

# Document Name Change/Justification
1 DoDI 5205.13 Defense Industrial Base (DIB) Cyber Security (CS) / IA Activities Change 2 issued on 21 August 2019
2 DoDI 8500.01, Cybersecurity Change 1 issued on 7 Oct 2019
3 NIST 800-128, Guide for Security-Focused Configuration Management of Information Systems Updated 10 October 2019
4 NIST 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems Added to the chart to reflect the increasing importance of this topic.

23 July 2019

# Document Name Change/Justification
1 DoD Digital Modernization Strategy Added this new Strategy released on 12 July 2019
2 DoDM O-5205.13, Defense Industrial Base (DIB) Cybersecurity (CS) Program Security Classification Manual (SCM) Change 1 issued on 14 Jun 2019. (Note: This document requires a DoD PKI certificate for access.)
3 Directive-Type Memorandum (DTM) 17-007 – “Interim Policy and Guidance for Defense Support to Cyber Incident Response” Change 2 issued on 6 Jun 2019

22 May 2019

# Document Name Change/Justification
1 EO 13873: Securing the Information and Communications Technology and Services Supply Chain Added this new Executive Order signed 15 May 2019
2 EO 13800: Strengthening Cybersecurity of Fed Nets and CI Updated link to the Federal Register’s permalink
3 EO 13636: Improving Critical Infrastructure Cybersecurity Updated link to the Federal Register’s permalink
4 NIST SP 800-163, Vetting the Security of Mobile Applications Added this new publication, published on 19 Apr 2019
5 DoD Information Technology Environment Strategic Plan Moved from the Lead and Govern block to the National/Federal block to make room for the new Executive Order.
6 Cybersecurity Policy Chart Updated the red text in the bottom center of the chart to reflect the new location that DTIC established for updated versions of the chart.

28 February 2019

# Document Name Change/Justification
1 2019 National Intelligence Strategy Added this updated strategy
2 Department of Defense (DoD) Cloud Strategy Added this new strategy
3 Summary of the 2018 DoD Artificial Intelligence Strategy Added an unclassified summary of this new strategy
4 CYBERCOM Orders The Operational section of the chart removed older references to STRATCOM policies and has replaced it with a reference to CYBERCOM orders and JFHQ-DODIN orders. Neither is hyperlinked because these orders are not available to the public.
5 JFHQ-DODIN Orders See above

15 January 2019

# Document Name Change/Justification
1 CJCSI 5123.01H, Charter of the JROC and Implementation of the JCID As of 18 Aug 2018, CJCSI 5123.01H stated that “CJCSI 3170.01 Series, “Joint Capabilities Integration and Development System (JCIDS),” is hereby canceled, with content moved to Enclosure D of this CJCSI.”
2 Department of Defense (DoD) Joint Special Access Program (SAP) Implementation Guide (JSIG) Policy added to chart to expand coverage to JSAP.

7 January 2019

# Document Name Change/Justification
1 DoDI 5200.39, Critical Program Information (CPI) Identification and Protection Within Research, Development, Test, and Evaluation (RDT&E) Added per the suggestion of Ms. Creel of the CERT Division, Software Engineering Institute, Carnegie Mellon University.

5 December 2018

# Document Name Change/Justification
1 CJCSI 3170.01, Joint Capabilities Integration and Development System (JCIDS) Manual was converted to a “living document” available at the new hyperlink
2 UCP Unified Command Plan Updated link to unclassified site that identifies the 10 Combatant Commands and provides information on each.

25 September 2018

# Document Name Change/Justification
1 National Cyber Strategy Replaces the 2003 National Cyber Strategy.
2 2018 DoD Cyber Strategy Update to the 2015 DoD Cyber Strategy. It was signed on 27 July, but a publicly accessible, unclassified summary became available on 18 Sep. The hyperlink is to the unclassified summary.
3 CNSSP-28, “Cybersecurity of Unmanned National Security Systems,” 6 July 2018 New policy.
4 DoDI 8560.01, “Communications Security (COMSEC) Monitoring,” 22 Aug 2018 Incorporated and canceled DoD Instruction 8560.01, “Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing,” October 9, 2007.
5 DoD Cybersecurity Policy Chart Added additional CSIAC contact information to the upper left corner of the chart.

14 August 2018

# Document Name Change/Justification
1 2018 DoD Cyber Strategy Update to the 2015 DoD Cyber Strategy. It was signed on 27 July, but a publicly accessible version is not yet available, so the name is italicized in the chart indicating no public-facing hyperlink is available.
2 CNSSI-5000, Annex I, Voice Over Secure Internet Protocol (VoSIP) Annex released on 21 June 2018.

12 June 2018

# Document Name Change/Justification
1 Directive-Type Memorandum (DTM) 17-007 – “Interim Policy and Guidance for Defense Support to Cyber Incident Response” NIST Released NIST SP 800-126, R3, SCAP 1.3 on 14 Feb 2018
2 CJCSI 6510.02E, Cryptographic Modernization Plan Updated from CJCSI 6510.02D
3 CJCSM 3213.02D, Joint Staff Focal Point Updated from CJCSM 3213.02C
4 NIST SP 800-171, R1, Protecting CUI in Nonfederal Systems and Organizations Rev. 1 final release date was 6/7/2018.
5 NIST SP 800-125A, R1, Security Recommendations for Hypervisor Platforms Rev. 1 final release date was 6/7/2018.
6 National Security Strategy Moved from National/Federal to Organize/Lead and Govern

9 April 2018

# Document Name Change/Justification
1 NIST SP 800-126, R2 SCAP 1.2 NIST Released NIST SP 800-126, R3, SCAP 1.3 on 14 Feb 2018
2 NIST SP 800-171 NIST Released NIST SP 800-171, R1, on 20 Feb 2018
3 NIST SP 800-125A Added NIST SP 800-125A, Security Recommendations for Hypervisor Deployment on Servers, 23 Jan 2018
4 DoD Directive 3020.26, “Department of Defense Continuity Programs,” January 9, 2009, as amended Reissued and canceled by DoDD 3026, DoD Continuity Policy, 14 Feb 2018
5 CJCSI 3170.01I, Joint Capabilities Integration and Development System (JCIDS) Updated link.
6 Stored Communications Act, 18 USC §2701 et seq. The Stored Communications Act was amended by the Clarifying Lawful Overseas Use of Data (CLOUD) Act, which was passed as part of the Consolidated Appropriations Act of 2018, signed into law on 23 March 2018. NOTE: The link to the Government Publishing Office’s text of the law currently does not reflect these most recent changes, nor does the House of Representatives official United States Code website. Both are expected to be updated after some time.

1 February 2018

# Document Name Change/Justification
1 2017 National Defense Strategy Released on 19 January 2018, it replaces the 2012 National Defense Strategy. Since the National Defense Strategy is classified, the link is to the unclassified summary.
2 Quadrennial Defense Review Removed from chart, based on the 2017 National Defense Authorization Act (NDAA), which replaced the legislative foundation of the Quadrennial Defense Review with requirements to be included in a National Defense Strategy.
3 Strategic Instruction (SI) 527-01 DoD INFOCON System Procedures, 27 March 2015 Superseded SD 527-01, 27 Jan 2006.
4 NIST Framework for Improving Critical Infrastructure Cybersecurity Updated broken link.
5 CJCSM 6510.02, Information Assurance Vulnerability Management Program Added this older policy to the chart. Policy is in italics because it is FOUO and so no publicly accessible link can be provided.

8 January 2018

# Document Name Change/Justification
1 EO 13636: Improve Critical Infrastructure Cybersecurity Corrected link to Document.
2 The DoD Cybersecurity Policy Chart Changed the gray/white background/text combos to gray/black.

18 December 2017

# Document Name Change/Justification
1 2017 National Security Strategy Released on 18 December 2017, it replaces the 2015 National Security Strategy.

13 December 2017

# Document Name Change/Justification
1 DoDI 8310.01 Information Technology Standards in the DoD Added to chart
2 EO 13636: Improving Critical Infrastructure Cybersecurity Corrected Link to document
3 DoDI 8582.01 Security of Unclassified DoD Information on Non-DoD Info Systems Policy updated by DoDI 8310.01
4 NSTISSI 7003 Protective Distribution Systems Changed to CNSSI 7003, Protected Distribution Systems

6 November 2017

# Document Name Change/Justification
1 NIST SP 800-18, Rev 1 Corrected Link to document

3 November 2017

# Document Name Change/Justification
1 ASD(NII)/DoD CIO Memo on Use of Peer-to-Peer File Sharing Applications Removed, was canceled by DoDI 8500.01, Cybersecurity
2 CNSSI-4001 Added link.
3 CNSSI-4005 Added link.
4 CNSSP-16 Added link.
5 DoDD 3020.40 Updated link.
6 DoDI 5200.01 Updated link.
7 DoDI 8320.02 Corrected link.
8 DoDI 8551.01 Updated link.
9 Ethics Regulations Updated link.
10 E. O. 13800 Added.
11 FIPS 140-2 Updated link.
12 FIPS 199 Updated link.
13 FIPS 200 Updated link.
14 ICD 503 Updated link.
15 NISTR 7693 Updated link.
16 NIST SP 800-18, Rev 1 Updated link.
17 NIST SP 800-39 Updated link.
18 NIST SP 800-59 Updated link.
19 NIST SP 800-60, Vol 1, Rev 1 Updated link.
20 NIST SP 800-92 Updated link.
21 NIST SP 800-126, Rev 2 Updated link.
22 NIST SP 800-128 Updated link.
23 NIST SP 800-137 Updated link.
24 NIST SP 800-153 Updated link.
25 NSTISSI-4003 Changed to CNSSI 4003 and added link.
26 NSTISSI-4006 Changed to CNSSI 4006 and added link.
27 OMB A-130 White House temporarily moved many policies to the Obama White House archives site, though these appear to be in full force unless or until formally rescinded or superseded.
28 Security Configuration Guides Updated link.

15 Aug 2017

# Document Name Change/Justification
1 DoDD 8000.01 Change issued 27 July 2017 to include US Coast Guard in applicability paragraph and make other administrative updates.
2 DoDD 8140.01 Change issued 31 July 2017 to include US Coast Guard in applicability paragraph and make other administrative updates.
3 DoDI 8510.01 Change issued 28 July 2017 to include US Coast Guard in applicability paragraph and make other administrative updates.
4 DoDI 8520.03 Change issued 27 July 2017 to include US Coast Guard in applicability paragraph and make other administrative updates.
5 DoDI 8530.01 Change issued 25 July 2017 to include US Coast Guard in applicability paragraph and make other administrative updates.
6 DoDI 8551.01 Change issued 27 July 2017 to include US Coast Guard in applicability paragraph and make other administrative updates.
7 MOA Between DoD & DHS MOA signed 19 January 2017 regarding Department of Defense and U.S. Coast Guard cooperation on cybersecurity and cyberspace operations.

30 Jun 2017

# Document Name Change/Justification
1 All DoDDs, DoDIs, DoDMs, and other DoD issuances 46 hyperlinks changed to reflect the movement of the official DoD Issuances website to a new URL.
2 DoD Acquisition Guidebook Hyperlink changed to reflect updated URL for the DAG. Link is to Chapter 9, which is the deepest link permitted, but subpart 3.2.2, Risk Management Framework for DoD IT is the pertinent reference.

05 Jun 2017

# Document Name Change/Justification
1 National Strategy for Information Sharing and Safeguarding (2012) Updated link:
https://obamawhitehouse.archives.gov/sites/default/files/rss_viewer/internationalstrategy_cyberspace.pdf
2 U.S. International Strategy for Cyberspace (2011) Updated link:
https://obamawhitehouse.archives.gov/sites/default/files/rss_viewer/internationalstrategy_cyberspace.pdf
3 25 Point Implementation Plan to Reform Federal IT Management (2010) Removed.
4 NIST Framework for Improving Critical Infrastructure Cybersecurity (2014) Updated link:
https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf
5 National Defense Strategy (NDS) (2012) Updated broken link:
http://www.acqnotes.com/Attachments/2012%20National%20Defense%20Strategy.pdf
6 IA Component of the GIG Integrated Architecture, Version 1.1 (2002) Removed.
7 Alignment Framework for the GIG IA Architecture (AFG) Version 1.1 (2002) Removed.
8 IATF Release 3.1 Information Assurance Technical Framework (2002) Removed.
9 DoDI 5000.02 Operation of the Defense Acquisition System (2017) Updated broken link:
http://www.dtic.mil/whs/directives/corres/pdf/500002_dodi_2015.pdf
10 DoD CIO Memo (2011) Interim Guidance on Networthiness of IT Connected to DoD Networks Removed.
11 DoD CIO G&PM 12-8430 (2001) Acquiring Commercial Software Removed.
12 NSTISSI-4000 to: CNSSI-4000 Maintenance of Communications Security (COMSEC) Equipment (2012) Link Broken/Document Type Changed:
https://www.cnss.gov/CNSS/issuances/Instructions.cfm
13 ICD 503 IC Information Technology Systems Security Risk Management Updated link:
https://www.dni.gov/index.php/intelligence-community/ic-policies-reports/intelligence-community-directives
14 OMB M-05-24 Implementation of HSPD-12 Removed.
15 From NSTISSI to CNSSI 4001 Controlled Cryptographic Items (2013) Document Type Change/Updated link:
https://www.cnss.gov/CNSS/issuances/Instructions.cfm
16 DoDI 5200.01 Dod Information Security Program And Protection Of Sensitive Compartmented Information (SCI) (2016) Updated broken link:
http://www.dtic.mil/whs/directives/corres/pdf/520001p.pdf
17 DoD Information Sharing Strategy (2007) Updated broken link:
http://dodcio.defense.gov/Portals/0/Documents/DIEA/InfoSharingStrategy.pdf
18 ASD(NII)/DoD CIO Memo Use of Peer-to-Peer File Sharing Applications Across DoD Removed. This Memo was canceled by DoDI 8500.01, Cybersecurity
19 CJCSI 6211.02D Defense Information System Network (DISN) Responsibilities (2012) Updated broken link:
http://www.jcs.mil/Portals/36/Documents/Library/Instructions/6211_02a.pdf?ver=2016-02-05-175050-653
20 CJCSM 6510.01B Cyber Incident Handling Program (2014) Updated broken link:
http://www.jcs.mil/Portals/36/Documents/Library/Manuals/m651001.pdf?ver=2016-02-05-175710-897
21 CJCSI 6510.01F Information Assurance (IA) And Support To Computer Network Defense (CND) (2015) Updated broken link:
http://www.jcs.mil/Portals/36/Documents/Library/Instructions/6510_01.pdf?ver=2016-02-05-175054-497
22 NSTISSD-600 Communications Security Monitoring (1990) Added link:
https://www.cnss.gov/CNSS/issuances/Directives.cfm
23 DoDD 3020.40 Mission Assurance (MA) (2016) Ttitle and Link Updated:
http://www.dtic.mil/whs/directives/corres/pdf/302040_dodd_2016.pdf
24 DoDI 8581.01 Information Assurance (IA) Policy for Space Systems Used by the Department of Defense (2010) Keep
25 DoDD S-5100.44 and DoDD S-3710.01 Replacement/Updated Link. Replaced DoDD S-5100.44, Defense and National Leadership Command Capability (DNLCC) with DoDD S-3710.01, National Leadership Command Capability (NLCC)
New link:
http://www.dtic.mil/whs/directives/corres/pdf/S371001_placeholder.pdf
26 CNSSP-300 National Policy on Control of Compromising Emanations (2006) Updated broken link:
https://www.cnss.gov/CNSS/issuances/Policies.cfm
27 CNSSI-4004.1 Destruction and Emergency Protection Procedures for COMSEC and Classified Material (2008) Updated broken link:
https://www.cnss.gov/CNSS/issuances/Instructions.cfm
28 Defense Acquisition Guidebook Sect 7.5 Information Assurance (2013) and the DAG (2016) Replaced/Updated Link. Replaced Defense Acquisition Guidebook Sect 7.5 Information Assurance (2013) with the DAG (2016)
New link:
https://dap.dau.mil/glossary/pages/178.aspx?scroll=0
29 2015 National Security Strategy Updated broken link:
http://www.jcs.mil/Portals/36/Documents/Publications/2015_National_Military_Strategy.pdf
30 NSD 42 Updated link:
https://www.cnss.gov/cnss/assets/authorities/NSD-42.pdf
31 OMB A-130 (2016) Updated broken link:
https://www.federalregister.gov/documents/2016/07/28/2016-17872/revision-of-omb-circular-no-a-130-managing-information-as-a-strategic-resource
32 CNSSI 4009 Committee on National Security Systems (CNSS) Glossary (2015) Updated Title.
33 Security Configuration Guides (SCGs) Consider Deleting. Current link takes you to “Media Destruction Guidance”. A search of the term SCG nets many different websites. Is there a particular site to reference?
34 Security Reference Review Scripts  Consider Deleting/Broken Link. A search of the term SCG nets many different websites. Is there a particular site to reference?
35 Component—Level Policy Consider Deleting/Broken Link. This is too vague considering that everything on the chart has specific references.

21 Aug 2016

# Document Name Change/Justification
1 Presidential Policy Directive 41: United States Cyber Incident Coordination New PPD issued.
2 CJCSI 6212.01F Net Ready Key Performance Parameter Canceled by CJCSI 5123.01G, 12 Feb 15
3 DoD 5220.22-M, Ch. 2 National Industrial Security Program Operating Manual (NISPOM) Change 2 published May 18, 2016. Updated link.
4 DoDD 8000.01 Management of the DOD Information Enterprise Policy and link updated.
5 DoDD 8521.01E Department of Defense Biometrics Updated link.
6 DoDI O-8530.1 Superseded by DoDI 8530.01, link updated.
7 DoDI O-8530.2 Superseded by DoDI 8530.01, link updated.
8 DoDI 5200.01 DoD Information Security Program and Protection of SCI Added as a new policy based on recent update.
9 DoDI 5200.08 Change 3 issued, link updated.
10 SP 800-30, Rev. 1, Guide for Conducting Risk Assessments Moved to:
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
11 SP 800-126 Rev. 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 Moved to:
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-126r2.pdf
12 SP 800-128, Guide for Security-Focused Configuration Management of Information Systems (August 2011) Moved to:
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-128.pdf
13 SP 800-137, Information Security Continuous http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-137.pdf

27 Oct 2015

# Document Name Change/Justification
1 National Strategy for Information Sharing and Safeguards Updated link:
https://www.whitehouse.gov/sites/default/files/docs/2012sharingstrategy_1.pdf
2 Quadrennial Defense Review Report Updated link:
http://archive.defense.gov/pubs/2014_Quadrennial_Defense_Review.pdf
3 National Defense Strategy Updated link:
http://www.defense.gov/Portals/1/Documents/pubs/2008NationalDefenseStrategy.pdf
4 DoD Cyber Strategy Updated link:
http://www.defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf
5 DoD Strategy for Operating in Cyberspace Removed as superseded by the DoD Cyber Strategy
6 National Military Strategic Plan for the War on Terrorism Updated link:
https://digitalndulibrary.ndu.edu/cdm/compoundobject/collection/strategy/id/9695/rec/8
7 Title 44 – Federal Information Security Modernization Act (Ch. 35) Updated link to reflect the amendments effected by the Federal Information Security Modernization Act to amend the Federal Information Security Management Act.
Updated link:
https://www.congress.gov/113/plaws/publ283/PLAW-113publ283.pdf
8 CNSSI 1300 De-italicized to show that a publicly accessible link is available at:
https://www.cnss.gov/CNSS/issuances/Instructions.cfm
9 DFARS Subpart 208.74 Updated link:
http://www.acq.osd.mil/dpap/dars/dfars/html/current/208_74.htm
10 DoDD 8570.01 Directive was superseded by 8140.01.
11 DoDD 5000.02 Updated broken link:
http://www.dtic.mil/whs/directives/corres/pdf/500002p.pdf
12 CJCSI 6211.02D Updated link:
http://www.dtic.mil/cjcs_directives/cdata/unlimit/6211_02a.pdf

15 Aug 2015

# Document Name Change/Justification
1 National Military Strategy (NMS) Link updated to 2015 NMS:
http://www.jcs.mil/Portals/36/Documents/Publications/National_Military_Strategy_2015.pdf
2 National Security Strategy (NSS) 2015 NSS added:
https://www.whitehouse.gov/sites/default/files/docs/2015_national_security_strategy_2.pdf
3 National Military Strategy for Cyberspace Operations (NMS-CO) Updated link:
http://nsarchive.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-023.pdf
4 DoDD 8140.01 Cyberspace Workforce Management Signed 11 Aug 2015, cancelled DoD Directive 8570.01, “Information Assurance (IA) Training, Certification, and Workforce Management,” August 15, 2004, as amended.
5 DoDI 8330.01 Interoperability of IT and National Security Systems (NSS) Correct spacing in title.
6 CJCSI 3170.01H Joint Capabilities Integration and Development System (JCIDS) Updated to CJCSI 3170.01I:
https://dap.dau.mil/policy/Documents/2015/CJCSI_3170_01I.pdf
7 Presidential Memo, “Classified Information and Controlled Unclassified Information, “27 May 09” Memo withdrawn. Removed from chart.
8 FAR Federal Acquisition Regulation Updated link:
https://www.acquisition.gov/?q=browsefar

24 Apr 2015

# Document Name Change/Justification
1 The DoD Cyber Strategy New Issuance, 23 Apr 2015
2 Comprehensive National Cybersecurity Initiative Removed
3 DoDI S-5240.23, Counterintelligence (CI) Activities in Cyberspace Added new link to aid those with SIPRNet access to find document.
4 DoDI S-5200.16, Objectives and Min Stds for COMSEC Measures used in NC2 Comms Added new link to aid those with SIPRNet access to find document.
5 DoDD S-5100.44, Defense and National Leadership Command Capability (DNLCC) Added new link to aid those with SIPRNet access to find document.
6 DoDD O-5100.30, Department of Defense (DoD) Command and Control (C2) Superseded by DoD DoDD 3700.01, DoD Command and Control (C2) Enabling Capabilities
7 DoDD O-8530.1, Computer Network Defense (CND) Added new link to aid those with a DoD PKI cert to access this document.
8 DoDI O-8530.2, Support to Computer Network Defense (CND) Added new link to aid those with a DoD PKI cert to access this document.
9 DoD O-8530.1-M, CND Service Provider Certification and Accreditation Program Added new link to aid those with a DoD PKI cert to access this document.

17 Feb 2015

# Document Name Change/Justification
1 Executive Order 13691, Promoting Private Sector Cybersecurity Information Sharing New Issuance, 13 Feb 2015
2 National Security Strategy New Issuance, Feb 2015
3 NIST SP – 800-37 Rev 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach New link includes updates as of 6 May 2014
4 SP 800-61 Rev. 2, Computer Security Incident Handling Guide Updated link
5 FIPS 201-1, Personal Identity Verification (PIV) of Federal Employees and Contractors Superseded by FIPS 201-2, Personal Identity Verification (PIV) of Federal Employees and Contractors
6 DoD Defending Networks, Systems, and Data Strategy New direct link
7 DoD Cyber, Identity & Information Assurance Strategic Plan Updated link
8 National Military Strategy Updated link
9 CNSSAM IA 1-10, Reducing Risk of Removable Media in NSS Updated link
10 CNSSI-1300, Instructions for NSS PKI X.509SP Updated link
11 DoDI 5000.02, Operation of the Defense Acquisition System Updated link
12 DoD CIO Memo Interim Guidance on Networthiness of IT Connected to DoD Networks Updated link
13 NSSMOA between DoD CIO and ODNI CIO Establishing Net-Centric Software Licensing Agreements Updated link
14 Title 44 – Federal Information Security Mgt Act, (§3541 et seq) Updated link
15 NSTISSI-4002 Classification Guide for COMSEC Information Removed to make room for new E.O. 13691 (the NSTISSI-4002 did not have a public-facing link anyway)
16 Security Technical Implementation Guides (STIGs) Updated link
17 About this chart box Updated the text