Cybersecurity-Related Policies and Issuances GOAL 1 ORGANIZE Lead and Govern EO 13636 Improving Critical Infrastructure Cybersecurity PPD 21 Critical Infrastructure Security and Resilience DoDD 8000 01 Management of the DOD Information Enterprise DoDI 8500 01 Cybersecurity National Strategy for Information Sharing and Safeguarding U S Int’l Strategy for Cyberspace The DoD Cyber Strategy DoD Defending Networks Systems and Data Strategy 25 Point Implementation Plan to Reform Federal IT Mgt NIST Framework for Improving Critical Infrastructure Cybersecurity Quadrennial Defense Review QDR Report National Defense Strategy NDS CNSSP-24 Policy on Assured Info Sharing AIS for National Security Systems NSS DoD Cyber Identity Information Assurance Strategic Plan National Military Strategy NMS National Military Strategy for Cyberspace Operations NMS-CO National Military Strategic Plan for the War on Terrorism GOAL 1 ORGANIZE GOAL 2 ENABLE GOAL 3 ANTICIPATE GOAL 4 PREPARE Design for the Fight Secure Data in Transit Understand the Battlespace Develop and Maintain Trust Common Criteria Evaluation and Validation Scheme CCEVS FIPS 140-2 Security Requirements for Cryptographic Modules SP 800-153 Guidelines for Securing Wireless Local Area Networks FIPS 199 Standards for Security Categorization of Federal Info and Info Systems SP 800-59 Guideline for Identifying an Information System as a NSS CNSSP-12 National IA Policy for Space Systems Used to Support NSS CNSSP-21 National IA Policy on Enterprise Architectures for NSS CNSSP-11 Nat’l Policy Governing the Acquisition of IA and IA-Enable IT DFARS Subpart 208 74 Enterprise Software Agreements CNSSP-1 National Policy for Safeguarding and Control of COMSEC Material CNSSP-15 Use of Pub Standards for Secure Sharing of Info Among NSS SP 800-60 R1 Guide for Mapping Types of Info and Info Systems to Security Categories SP 800-92 Guide to Computer Security Log Management NSTISSD-600 Communications Security COMSEC Monitoring NSTISSI-7002 TEMPEST Glossary DoDD 5000 01 The Defense Acquisition System DoDD 7045 20 Capability Portfolio Management CNSSP-17 Policy on Wireless Communications Protecting Nat’l Security Info CNSSP-19 National Policy Governing the Use of HAIPE Products SP 800-101 R1 Guidelines on Mobile Device Forensics NISTIR 7693 Specification for Asset Identification 1 1 CNSSI-5002 National Information Assurance IA Instruction for Computerized Telephone Systems DoDD 3100 10 Space Policy DoDD 8115 01 IT Portfolio Management DoDI 5000 02 Operation of the Defense Acquisition System CNSSP-25 National Policy for PKI in National Security Systems NSTISSP-101 National Policy on Securing Voice Communications DoDI S-5240 23 Counterintelligence CI Activities in Cyberspace DoDD 3020 40 DoD Policy and Responsibilities for Critical Infrastructure DoDD 5144 02 DoD Chief Information Officer DoDI 5200 44 Protection of Mission Critical Functions to Achieve TSN DoDI 7000 14 Financial Management Policy and Procedures PPBE NACSI-2005 Communications Security COMSEC End Item Modification CNSSI-5000 Guidelines for Voice Over Internet Protocol VoIP Computer Telephony DoDI 8115 02 IT Portfolio Management Implementation DoDI 8330 01 Interoperability of IT and National Security Systems NSS CNSSI-5001 Type-Acceptance Program for VoIP Telephones NACSI-6002 Nat’l COMSEC Instruction Protection of Gov’t Contractor Telecomm’s DoDI 8510 01 Risk Management Framework for DoD IT DoDI 8580 1 Information Assurance IA in the Defense Acquisition System NSTISSI-7003 Protective Distribution Systems PDS DoDD 8100 02 Use of Commercial Wireless Devices Services and Tech in the DoD GIG RMF Knowledge Service DoD CIO Memo Interim Guidance on Networthiness of IT Connected to DoD Networks DoDD 8521 01E Department of Defense Biometrics DoDI 4650 01 Policy and Procedures for Mgt and Use of the Electromagnetic Spectrum MOA between DoD CIO and ODNI CIO Establishing Net-Centric Software Licensing Agreements DoD CIO G PM 12-8430 Acquiring Commercial Software DoDI 8100 04 DoD Unified Capabilities UC DoDI 8420 01 Commercial WLAN Devices Systems and Technologies DODAF Version 2 02 DoD Architecture Framework CJCSI 3170 01I Joint Capabilities Integration and Development System JCIDS DoDI 8523 01 Communications Security COMSEC DoDI S-5200 16 Objectives and Min Stds for COMSEC Measures used in NC2 Comms CJCSI 6510 02D Cryptographic Modernization Plan CJCSI 6510 06B Communications Security Releases to Foreign Nations CJCSI 6212 01F Net Ready Key Performance Parameter Joint Publication 6-0 Joint Communications System Alignment Framework for the GIG IA Architecture AFG version 1 1 IA Component of the GIG Integrated Architecture v1 1 IATF Release 3 1 Information Assurance Technical Framework CNSS National Secret Fabric Architecture Recommendations Develop the Workforce CNSSD-500 Information Assurance IA Education Training and Awareness NSTISSD-501 National Training Program for INFOSEC Professionals Manage Access HSPD-12 Policy for a Common ID Standard for Federal Employees and Contractors FIPS 201-2 Personal Identity Verification PIV of Federal Employees and Contractors M-05-24 Implementation of HSPD-12 CNSSP-3 National Policy for Granting Access to Classified Cryptographic Information NSTISSI-4011 National Training Standard for INFOSEC Professionals CNSSP-16 National Policy for the Destruction of COMSEC Paper Material CNSSI-1300 Instructions for NSS PKI X 509 CNSSI-4012 National IA Training Standard for Senior Systems Managers CNSSI-4013 National IA Training Standard For System Administrators SA NSTISSI-3028 Operational Security Doctrine for the FORTEZZA User PCMCIA Card NSTISSI-4001 Controlled Cryptographic Items CNSSI-4014 National IA Training Standard For Information Systems Security Officers NSTISSI-4015 National Training Standard for System Certifiers NSTISSI-4003 Reporting and Evaluating COMSEC Incidents CNSSI-4005 Safeguarding COMSEC Facilities and Materials amended by CNSS-008-14 NSTISSI-4006 Controlling Authorities for COMSEC Material DoDD 1000 25 DoD Personnel Identity Protection PIP Program DoDI 5200 08 Security of DoD Installations and Resources and the DoD PSRB DoDI 8520 02 Public Key Infrastructure PKI and Public Key PK Enabling DoDI 8520 03 Identity Authentication for Information Systems DoDM 1000 13 Vol 1 DoD ID Cards ID Card Life-cycle NSTISSI-4000 COMSEC Equipment Maintenance and Maintenance Training CNSSI-4016 National IA Training Standard For Risk Analysts DoD 8570 01-M Information Assurance Workforce Improvement Program DoDD 8140 01 Cyberspace Workforce Management DoDI 8550 01 DoD Internet Services and InternetBased Capabilities Partner for Strength SP 800-144 Guidelines on Security and Privacy in Public Cloud Computing SP 800-171 Protecting CUI in Nonfederal Info Systems and Organizations CNSSP-14 National Policy Governing the Release of IA Products Services… CNSSI-1253 Security Categorization and Control Selection for Nat’l Security Systems Assure Information Sharing DoDI 8320 02 Sharing Data Info and IT Services in the DoD DoDI 8582 01 Security of Unclassified DoD Information on Non-DoD Info Systems CNSSI-1253F Atchs 1-5 Security Overlays CNSSI-4007 Communications Security COMSEC Utility Program DoD Information Sharing Strategy ASD NII DoD CIO Memo Use of Peer-to-Peer File Sharing Applications Across DoD CNSSI-4008 Program for the Mgt and Use of Nat’l Reserve IA Security Equipment DoDI 5205 13 Defense Industrial Base Cyber Security IA Activities United States Intelligence Community Information Sharing Strategy CJCSI 6211 02D Defense Information System Network DISN Responsibilities DoD 5220 22-M National Industrial Security Program Operating Manual NISPOM ICD 503 IT Systems Security Risk Management and C A CJCSM 3213 02C Ch 1 Joint Staff Focal Point DoDI 8581 01 IA Policy for Space Systems Used by the DoD Strengthen Cyber Readiness FIPS 200 Minimum Security Requirements for Federal Information Systems SP 800-37 R1 Guide for Applying the Risk Mgt Framework to Fed Info Systems SP 800-53 R4 Security Privacy Controls for Federal Information Systems SP 800-53A R4 Assessing Security Privacy Controls in Fed Info Systems Orgs SP 800-61 Rev 2 Computer Security Incident Handling Guide SP 800-124 Rev 1 Guidelines for Managing the Security of Mobile Devices in the Enterprise SP 800-128 Guide for Security-Focused Configuration Mgt of Info Systems CNSSAM IA 1-10 Reducing Risk of Removable Media in NSS DoDI O-8530 2 Support to Computer Network Defense CND DoDD O-8530 1 Computer Network Defense CND DoDI 8551 1 Ports Protocols and Services Management PPSM DoDM 5105 21V1 SCI Admin Security Manual Info and Info Sys Security DoD O-8530 1-M CND Service Provider Certification and Accreditation Program CJCSI 6510 01F Information Assurance IA and Computer Network Defense CND ABOUT THIS CHART This chart organizes cybersecurity policies and guidance by Strategic Goal and Office of Primary Responsibility see Color Key Double-clicking on the box directs users to the authoritative source Policies in italics indicate the document is marked for limited distribution or no authoritative public-facing hyperlink is currently available The linked sites are not controlled by the developers of this chart We check the integrity of the links on a regular basis but you may occasionally experience an error message due to problems at the source site or the site's decision to move the document Please let us know if you believe the link is no longer valid CNSS policies only link to the CNSS site per restrictions implemented by its website design Boxes with red borders reflect recent updates Note Users of the iPad iPhone or iPod Touch may find they can view this Chart but that its hyperlinks are inoperable because of Apple's decision not to fully support certain Adobe products For those who desire a workaround for this issue there are apps in the iTunes store for less than $1 00 For the latest version of this chart go to http iac dtic mil csiac ia_policychart html You can sign up to be alerted by e-mail to any updates to this document Title 10 Armed Forces §§2224 3013 b 5013 b 8013 b Title 14 Cooperation With Other Agencies Ch 7 §§ 141 144 145 148 149 150 Title 32 National Guard §102 Title 40 Public Buildings Property and Works Ch 113 §§11302 11315 11331 Title 44 Federal Information Security Mod Act Chapter 35 Title 50 War and National Defense §§3002 1801 Clinger-Cohen Act Pub L 104-106 UCP Unified Command Plan US Constitution Art II Title 10 50 NATIONAL FEDERAL Computer Fraud and Abuse Act Title 18 §1030 Pen Registers and Trap and Trace Devices Title 18 §3121 et seq Stored Communications Act Title 18 §2701 et seq Executive Order 13691 Promoting Private Sector Cybersecurity Information Sharing SP 800-18 R1 Guide for Developing Security Plans for Federal Information Systems SP 800-126 R2 SCAP Ver 1 2 Foreign Intelligence Surveillance Act Title 50 §1801 et seq Executive Order 13526 Classified National Security Information SP 800-30 Rev 1 Guide for Conducting Risk Assessments SP 800-39 Managing Information Security Risk Executive Order 13231 as Amended by EO 13286 - Critical Infrastructure Protection in the Info Age NSD 42 National Policy for the Security of Nat’l Security Telecom and Information Systems SP 800-137 Continuous Monitoring DoDD 3700 01 DoD Command and Control C2 Enabling Capabilities Executive Order 13587 Structural Reforms To Improve Classified Nets PPD 28 Signals Intelligence Activities DoDD S-5100 44 Defense and National Leadership Command Capability DNLCC DoDI 8560 01 COMSEC Monitoring and Information Assurance Readiness Testing NSPD 54 HSPD 23 Computer Security and Monitoring A-130 Management of Fed Info Resources FAR Federal Acquisition Regulation Ethics Regulations Sustain Missions CJCSM 6510 01B Cyber Incident Handling Program Last Updated October 27 2015 Send questions suggestions to info@csiac com AUTHORITIES SP 800-119 Guidelines for the Secure Deployment of IPv6 Prevent and Delay Attackers and Prevent Attackers from Staying Developed by the DoD Deputy CIO for Cybersecurity CNSSP-18 National Policy on Classified Information Spillage CNSSP-22 IA Risk Management Policy for National Security Systems amended by CNSS-021-13 2015 National Security Strategy National Strategy to Secure Cyberspace CNSSP-300 National Policy on Control of Compromising Emanations CNSSI-1001 National Instruction on Classified Information Spillage NIST Special Publication 800 Series NISTIR 7298 Rev 2 Glossary of Key Information Security Terms CNSSI-4004 1 Destruction and Emergency Protection Procedures for COMSEC and Class Material CNSSI-7000 TEMPEST Countermeasures for Facilities NSTISSI-7001 NONSTOP Countermeasures DoDD 3020 26 Department of Defense Continuity Programs DoDD 3020 44 Defense Crisis Management DoDI 8410 02 NetOps for the Global Information Grid GIG Defense Acquisition Guidebook Section 7 5 Information Assurance NSA IA Directorate IAD Management Directive MD-10 Cryptographic Key Protection CNSSD-502 National Directive On Security of National Security Systems CNSSD-901 Nat’l Security Telecomm’s and Info Sys Security CNSS Issuance System CNSSD-900 Governing Procedures of the Committee on National Security Systems CNSSI-4009 National Information Assurance Glossary Federal Wiretap Act Title 18 §2510 et seq OPERATIONAL SD 527-01 DoD INFOCON System Procedures SI 504-04 Readiness Reporting SI 507-01 NetOps Community of Interest NCOI Charter SI 701-01 NetOps Reporting STRATCOM CONPLAN 8039-08 STRATCOM OPLANs Color Key - OPRs ASD NII ASD C3I DOD CIO NIST USD I CNSS NSTISS NSA USD P DISA OSD USD P R DNI STRATCOM Other Agencies USD AT L Recently updated box Expired Update pending JCS NIAP USD C Computer Network Directives CTO FRAGO WARNORD SUBORDINATE POLICY Security Configuration Guides SCGs Component-level Policy Directives Instructions Publications Memoranda Security Readiness Review Scripts SRRs Security Technical Implementation Guides STIGs Distribution Statement A Approved for Public Release Distribution is unlimited