Skip Ribbon Commands Skip to main content
Policy & Guidance
Edit
  
Description
  
 E.O. Library
Executive Orders Home Page
Various
 Federal Register Website
Federal Register Website
Various
 White House website
White House Information and Resources
May 27, 2010
 GISA
Government Information Security Act of 2000
May 10,2000
 S-1999
Government Information Security Act of 1999
November 19, 1999
 H.R. 1259
Computer Security Enhancement Act of 2001
May 28,2001
 H.R. 2281
Digital Millennium Copyright Act (DCMA)
October 28, 1998
 H.R. 2458-48
Federal Information Security Management Act of 2002 (Title III of E-Gov)
None Assigned
 HSPD-7
Homeland Security Presidential Directive. Subject: Critical Infrastructure Identification, Prioritization, and Protection.
December 17, 2003
 OMB A-130
Managing Federal Information as a Strategic Resource
November 11, 2000
 FISMA Act of 2014
Federal Information Security Management Act of 2014 (Public Law 113-283)
Various
 Public Law 93-579
Privacy Act of 1974
August 17, 2015
 DoD Issuances
Official DoD Web Site for DoD Issuances: (Search DoD Directives, Instructions, Publications, Administrative Instructions and Directive Type Memoranda)
Various
 DISR Online (DoD PKI cert req'd)
DoD IT Standards Registry (DISR)
Various
 DoD Web Site Administration
DoD Web Masters Policies and Guidelines
Various
 DoDI 8550.01
DoD Internet Services and Internet-Based Capabilities
Sept 11, 2012
 DoDD 8140.01
Cyberspace Workforce Management. (DoDD) 8140.01 reissues and renumbers DoDD 8570.1
July 31, 2017
 CJCSI_6211.02D
Defense Information System Network (DISN): Policy and Responsibilities
January 24, 2012
 CJCSI_6510.01F
Assurance (IA) and Computer Network Defense (CND).
February 9, 2011
 CJCSM_6510.01B
Cyber Incident Handling Program
July 10, 2012
 Joint Electronic Library
Joint Doctrine, Education and Training Resources.
Various
 NSA IA Security Guides
National Security Agency Security Guides
Various
 Army Publications
Army Publications
Dec 29, 2017
 AR 25-2
Information Assurance
March 23, 2009
 Department of the Navy Memorandum
Navy DON CIO Policy and Guidance
Various
 Department of Navy Issuances
Department of Navy Issuances
Various
 Air Force Electronic Publications
Air Force Electronic Publications
Various
 USMC References
Library of Reference Documents
Various
 DISA Publications
DISA Publications Page
 Defense Switched Network (DSN)
The Defense Switched Network (DSN) Page
Various
 DoD IT Standards Registry Online (DoD PKI cert req'd)
DoD IT Standards Registry (DISR)
Various
 GAO-01-277
Advances & Challenges to Adoption of PKI: This report provides an assessment of the issues and challenges the government faces in adopting PKI.
February 1, 2001
 GAO-01-822
Combating Terrorism: Selected challenges and related recommendations.
September 1, 2001
 GAO-04-375
Information Technology Major Federal Networks That Support Homeland Security Functions
September 1, 2004
 Management Planning Guide for ISSA
Management Planning Guide for Information Systems Security Auditing
December 10, 2001
 AIMD-00-140
Information Security: Vulnerabilities in DOE's Systems for Unclassified Civilian Research
June 1, 2000
 AIMD-00-188R
Information Security: Software Change Controls at the Department of Defense
June 30, 2000
 AIMD-00-192R
Information Security: Software Change Controls at the Department of Labor
June 30, 2000
 AIMD-00-193R
Information Security: Software Change Controls at the Department of Transportation
June 30, 2000
 AIMD-00-199R
Information Security: Software Change Controls at the Department of State
June 30, 2000
 AIMD-00-200R
Information Security: Software Change Controls at the Department of the Treasury
June 30, 2000
 AIMD-00-215
Information Security: Fundamental Weaknesses Place EPA Data and Operations at Risk
July 1, 2000
 AIMD-00-295
Information Security: Serious and Widespread Weaknesses Persist at Federal Agencies
September 1, 2000
 AIMD-96-84
Computer Attacks at the Department of Defense Pose Increasing Risks
May 1, 1996
 AIMD-99-107
Information Security: Serious Weaknesses Continue to Place Defense Operations at Risk
August 26, 2009
 GAO-01-113T
Comparison of Federal Agency Practices With FTC's Fair Information Principles
October 11, 2000
 GAO-01-147R
Internet Privacy: Federal Agency Use of Cookies
October 20, 2000
 GAO-01-263
High Risk Series: An Update
January 1, 2001
 GAO-02-407
Information Security: Additional Actions Needed to Fully Implement Reform Legislation.
May 1, 2002
 GAO-04-467
Information Security - Technologies to Secure Federal Systems
March 1, 2004
 GGD-00-191
Internet Privacy: Agencies' Efforts to Implement OMB's Privacy Policy
September 1, 2000
 T-AIMD-00-229
Critical Infrastructure Protection: Comments on the Proposed Cyber Security Information Act of 2000
June 22, 2000
 T-AIMD-00-314
Computer Security: Critical Federal Operations and Assets Remain at Risk
September 11, 2000
 T-AIMD-00-321
VA Information Technology: Progress Continues Although Vulnerabilities Remain
September 21, 2000
 T-AIMD-00-330
FAA Computer Security: Actions Needed to Address Critical Weaknesses That Jeopardize Aviation Operations
September 27, 2000
 T-RCED-00-247
Nuclear Security: Information on DOE's Requirements for Protecting and Controlling Classified Documents
July 11, 2000
 NIST Library
NIST Computer Security Resource Center (CSRC)
Various
 CNSS Library Files
The Committee National Security Systems (CNSS) Libary - CNSS Home page and select Library from top navigation bar.
Various
 STRATCOM Directive 527-1 (INFOCON) (DoD PKI cert req'd)
March 27, 2015
 DoD Instruction 5000.02
Operation of the Defense Acquisition System
January 15, 2015
 NIAP Validated Products List
NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Various
 CND Matrix (DoD PKI cert req'd)
Matrix for obtaining computer data in criminal and counterintelligence investigations.
May 26, 2009
 H.R.1259
Computer Security Enhancement Act of 2001
November 28, 2001
 INFOCON Signature Page (DoD PKI cert req'd)
Information Operations Condition
March 10, 1999
 INFOCON Enclosure (DoD PKI cert req'd)
 Recommends actions to uniformly heighten or reduce defensive posture.
None listed
 DoDM 5200.01, Volume 1
DoD Information Security Program: Overview, Classification, and Declassification
February 24, 2012
 DoDM 5200.01, Volume 2
DoD Information Security Program: Marking of Classified Information
February 19, 2013
 DoDM 5200.01, Volume 3
DoD Information Security Program: Protection of Classified Information
February 19, 2013
 DoDD 3020.26
Defense Continuity Program (DCP) Certified Current January 1, 2007
January 9, 2009
 DoDI 8560.01
Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing (replaces DoDD 4640.6)
October 9, 2007
 DoDD O-8530.1 (DoD PKI cert req'd)
Computer Network Defense (CND) Directive.
January 8, 2001
 DoDI O-8530.2 (DoD PKI cert req'd)
Support to Computer Network Defense (CND)
March 9, 2001
 CND Response Actions Memo (DoD PKI cert req'd)
Guidance for Computer Network Defense Response Actions
February 26, 2003
 NIST SP 800-53A, Revision 4
Federal Information Systems and Organizations: Building Effective Assessment Plans - approved as FINAL by Special Pub 800-53A Revision 4. (Gives link to final publication PDF).   Dec 2014
July 1, 2014
 DoD Directive 8910.1-M
DoD Procedures For Management Of Information  Requirements
May 19, 2014
 CNSS Instruction No. 4009
National Information Assurance (IA) Glossary
April 6, 2015
 Subsection 552a of title 5, United States Code
FOIA, 5 U.S.C. Sect.552 as amended by Public Law No. 104-231, 110 Stat. 3048
13 Aug 2014
August 13, 2014
 RMF for DoD IT
Risk Management Framework (RMF) for DoD Information Technology (IT)
March 12, 2014
 SCIG Memorandum
DoD Strategic Communication Integration Group (SCIG) Memorandum
January 31, 2007
 Enterprise Architecture Congruence
Early versions of the Department of Defense (DoD) Enterprise Architecture (EA) Reference Models (RM)s
April 7, 2014
 GAO-04-777
Report to the Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, Committee on Government Reform, House of Representatives
August 1, 2004
 Government CIO site
CIO Council site
Various
 FISMA Official Wiki (DoD PKI cert req'd)
Use the FISMA Official Wiki for all related information and documentation
Various
 Global Information Grid Enterprise Services (GIG ES): Core Enterprise Services (CES) Implementation
This memorandum provides guidance for existing and future acquisition programs to implement the plans for Global Information Grid Enterprise Services (GIG ES).
November 12, 2003
 DASD CIIA Strategy
Deputy Assistant Secretary of Defense for Cyber, Identity, and Information Assurance Strategy.
August 2009
 Mission: Possible, Security to the Edge (full version)
Document discussing the importance of protecting the Global Information Grid (GIG). Full version.
February 2, 2005
 Mission: Possible, Security to the Edge (powerpoint version)
Document discussing the importance of protecting the Global Information Grid (GIG). Powerpoint version.
August 31, 2005
 Mission: Possible, Security to the Edge (trifold version)
Document discussing the importance of protecting the Global Information Grid (GIG). Brochure version.
February 2, 2005
 Mission: Possible, Security to the Edge (single-gate version)
Document discussing the importance of protectin the Global Information Grid (GIG). Single-gate version
February 2, 2005
 DoD IA Strategic Plan Version 1.1
This document provides information regarding protecting information, defending systems and networks, providing IA situational awareness, transforming and enabling IA capabilities and creating an IA empowered workforce
January 1, 2004
 The National Strategy to Secure Cyberspace
Strategy to secure Cyberspace signed by the President
February 1, 2003
 Information Security Oversight Office Homepage
The Information Security Oversight Office (ISOO) is responsible to the President for policy oversight of the Government-wide security classification system and the National Industrial Security Program.
Various
 ISOO Policies
Information Security Oversight Office Policy Documents
Various
 Marking Classified National Security Information
Executive Order 13526( replacing E.O. 12958), as amended, and ISOO Implementing Directive No. 1 prescribe a uniform security classification system. This system requires that standard markings be applied to classified information.
January 2014
 DoD 5220.22-M-SUP
National Industrial Security Program Operating Manual Supplement
February 1, 1995
 DoD Directive 5220.22
National Industrial Security Program September 24, 2004; Certified Current as of December 1, 2006
March 18, 2011
 DoD Net-Centric Data Strategy
DoD CIO Memo
May 9, 2003
 DoD Directive 8320.02
Data Sharing in a Net-Centric Department of Defense Certified Current April 23, 2007
August 25, 2013
 DoD IT Standards Registry (DISR online) (Formerly DoD Joint Technical Architecture) (DoD PKI cert req'd)
DoD IT Standards Registry (DISR)
Various
 GIG NCOW
Enabling Transformation Achieving Net-Centric Operations and War fighting briefing
None listed
 Freedom Of Information Act/Privacy Act
The goal of the NSA/CSS Freedom Of Information Act/Privacy Act Office is to release as much information as possible, consistent with the need to protect information under the exemption provisions of these laws.
Various
 GIG NCES
GIG Enterprise Services web site
Various
 DoD Directive 8115.01
Information Technology Portfolio Management
October 10, 2005
 Net-Centric Checklist
The purpose of the Net-Centric Checklist is to assist program managers in understanding the net-centric attributes that their programs need to implement to move into the net-centric environment as part of a service-oriented architecture in the Global Information Grid
May 12, 2004
 Net-Centric Data Strategy
DoD Net-Centric Web site
May 9, 2003
 Assignment of Program Office Responsibilities
Assignment of Program Office Responsibilities for the Department of Defense Public Key Infrastructure (PKI)
April 9, 1999
 DoD X.509 Certificate Policy
United States Department of Defense X.509 Certificate Policy
June 12, 2012
 DoD Key Recovery Policy Version 3.0
Key Recovery Policy for the United States Department of Defense Version 3.0
August 31, 2003
 DoD PKI PK-enabling Instruction 8520.2
Public Key Infrastructure PK enabling Instruction
May 24, 2011
 DoD PKI Road Map
Defines how we move from current implementations to final Target Architecture
1999
 HSPD-12
Policy for a Common Identification Standard for Federal Employees and Contractors.
August 27, 2004
 Category Assurance List (CAL) Sorted by Ports (DoD PKI cert req'd)
This guidance is used by Organizations, Systems, and Enterprise DAA Certification & Accreditation processes; acquisition and development Program Managers and engineers responsible for developing and implementing DoD Information Systems; and Network Administrators responsible for the configuration of network security device
 Category Assurance List (CAL) Sorted by Data Services (DoD PKI cert req'd)
This guidance is used by Organizations, Systems, and Enterprise DAA Certification & Accreditation processes; acquisition and development Program Managers and engineers responsible for developing and implementing DoD Information Systems; and Network Administrators responsible for the configuration of network security device
 Category Assurance List (CAL) Record of Changes (DoD PKI cert req'd)
This Document tracks changes made to the Category Assurance List
 Vulnerability Assessment Reports Directory (DoD PKI cert req'd)
These guidance are used by Organizations, Systems, and Enterprise DAA Certification & Accreditation processes; acquisition and development Program Managers and engineers responsible for developing and implementing DoD Information Systems; and Network Administrators responsible for the configuration of network security device
 PPSM Exception Management Process (DoD PKI cert req'd)
The Department of Defense is committed to the interoperability, security, and the mitigation of shared risks to DoD Information Systems (DoD IS). It is therefore paramount that all Combatant Commands/Services/Agencies (CC/S/A) ensure that all DoD IS ports, protocols, and services, that are accessible to the DoD Enterprise or Component managed networks are acquired, developed, implemented, and registered in the Ports, Protocols, and Services Management (PPSM) central registry in accordance with DoD Instruction 8551.1, Ports, Protocols, and Services Management. In addition, the PPSM program performs Vulnerability Assessments (VA) on ports, protocols, and services entered into the PPSM Registry, assigning each protocol, or service a Category Assurance Level and establishing the minimum required mitigations based on common assessment criteria. When coupled with the appropriate Security Technical Implementation Guide (STIG), the VA reports enhance network security by creating an authoritative source for known vulnerabilities and minimum mitigating controls required for all ports, protocols, and services deployed across the Global Information Grid (GIG). This information is to be used to configure network security devices such as routers, firewalls, and intrusion detection/prevention devices to allow only approved protocols or services
 PPSM Registry User Guide (DoD PKI cert req'd)
PPSM Registry User GuiPPSM Registry User Guide *PKI This guide provides instructions for performing the following functions associated with initiating, submitting, and updating a Department of Defense Information System (DoD IS) registration on the DoD Ports, Protocols, and Services Management Registry:
- Accessing the DoD Ports, Protocols, and Services Management Registry
- Preparing and submitting a DoD IS registration
- Searching for a DoD IS registration
- Maintaining a DoD IS registration, including points of contact
- Viewing technical guidance
- Maintaining your profile, including your password
- Viewing system release change notifications

Each functional subsection includes an overview, a description of the user's role and responsibilities, and the steps to perform each function. de *PKI This guide provides instructions for performing the following functions associated with initiating, submitting, and updating a Department of Defense Information System (DoD IS) registration on the DoD Ports, Protocols, and Services Management Registry:
 Defense Privacy Office
Defense Privacy Office - multiple policy links
Various
 DISA Security Configuration Guides
DISA FSO Security Configuration Guidelines
Various
 DoD Mobile Code Guides (DoD PKI cert req'd)
Current List of DoD Mobile Code Guidance
Various
 NSA Media Destruction Guidance
NSA Media Destruction Guidance is available for those who need to sanitize, destroy or dispose of media containing sensitive or classified information.
Various
 DoD Section 508
DoD Section 508
None Assigned
 Air Force Web Guidance
Links to the Air Force Web Policy and Guidance
Various
 Army Web Guidance
Guidance for Management of Publicly Accessible U.S. Army Web sites
Various
 DoDI 5120.04
DoD Newspapers, Magazines, Guides, and Installation Maps
March 17, 2015
 Privacy Policies and Data Collection
Privacy Policies and Data Collection on DoD Public Web Sites
July 13, 2000
 Navy Web Guidance
Department of the Navy Policy for Content of Publicly Accessible World Wide Web Sites
December 28, 2005
 SECNAV Instruction 5720.47 (Part A)
Department of the Navy Policy for Content Publicly Accessible World Wide Web sites
October 24, 2003
 SECNAV Instruction 5720.47 (Part B)
Department of the Navy Policy for Content Publicly Accessible World Wide Web sites
December 28, 2005
 DoD Commercial Mobile Device (CMD) Interim Policy
This memorandum defines interim CMD use policy and establishes responsibilities to increase mission capabilities of CMDs while adhering to DoD security policies.
January 17, 2012
 NIST Wireless Security Guidance SP 800-48
Rev 1. Guide to securing egacy IEEE802.11 Wireless Networks
July 2008
 DoDI 8420.01
Commercial Wireless Local-Area Network (WLAN) Devices, Systems, and Technologies
November 3, 2009
 Wireless STIG
Current version of Wireless STIG
Various
 Information for Agencies
Information for Agencies
Various
 U.S. Congress
Congressional Information and Resources
Various
 DoDI 8500.01
Cybersecurity
Mar 14, 2014
 DODI 8510.01
Risk Management Framework (RMF) for DoD Information Technology
Jul 28, 2017
 DoDI 8530.01
Cybersecurity Activities Support to DoD Information Network Operations
March 7, 2016
 Department of Homland Security
Department of Homland Security
 Department of Homeland Security
Department of Homeland Security
Dec 29, 2017
 DoDM 5200.01 Volume 1
DoD 5200.1-R - Information Security Program - has been replaced with DoDM 5200.1 Volumes 1, 2, 3, 4. Search "5200" on the DTIC site. Additionally, see DoD 5200.01 link above.
Feb 24, 2012
 DoDM 5200.01 Volume 2
DoD 5200.1-R - Information Security Program - has been replaced with DoDM 5200.1 Volumes 1, 2, 3, 4. Search "5200" on the DTIC site. Additionally, see DoD 5200.01 link above.
Mar 19, 2013
 DoDM 5200.01 Volume 3
DoD 5200.1-R - Information Security Program - has been replaced with DoDM 5200.1 Volumes 1, 2, 3, 4. Search "5200" on the DTIC site. Additionally, see DoD 5200.01 link above.
Mar 19, 2013
 DoDM 5200.01 Volume 4
DoD 5200.1-R - Information Security Program - has been replaced with DoDM 5200.1 Volumes 1, 2, 3, 4. Search "5200" on the DTIC site. Additionally, see DoD 5200.01 link above.
Feb 24, 2012
 DoDM 5200.02
Procedures for the DoD Personnel Security Program (PSP)
Apr 3, 2017