Professional Documents
Culture Documents
CJCSI 5123.01H HSPD-12 FIPS 201-2 DoDI 5000.90, Cybersecurity for DoDI 5200.39 NIST SP 800-34, R1 PPD 21: Critical Infrastructure Security PPD 41: United States Cyber Incident
Joint Publication 6-0 Policy for a Common ID Standard for Personal Identity Verification (PIV) of Acquisition Decision Authorities and CPI Identification and Protection within NIST SP 800-82, R2
Charter of the JROC and Contingency Planning Guide for Guide to Industrial Control Systems and Resilience Coordination
Joint Communications System Federal Employees and Contractors Federal Employees and Contractors Program Managers RDT&E
Implementation of the JCID Federal Information Systems (ICS) Security
NIST SP 800-207 NIST SP 800-210 DoDI 5205.83 DoDI 8530.01, Cybersecurity Activities FAR
General Access Control Guidance for DoD Insider Threat and Management Support to DoD Information Network CNSSP-18 CNSSP-22, IA Risk Management PPD 28, Signals Intelligence Activities Federal Acquisition Regulation
Zero Trust Architecture National Policy on Classified
Develop the Workforce Cloud Systems and Analysis Center Operations Policy for National Security Systems
Information Spillage
NIST SP 1800-16 CNSSP-16 DoDI 8551.01
NIST SP 800-181 R1 CNSSD-500 Securing Web Transactions: TLS DoDI 8531.01, DoD Vulnerability A-130, Management of Fed Info National Strategy to Secure
National Policy for the Destruction of Ports, Protocols, and Services CNSSP-300 CNSSI-1001
Workforce Framework for Information Assurance (IA) Education, Server Certificate Management Management Resources Cyberspace
COMSEC Paper Material Management (PPSM) National Policy on Control of National Instruction on Classified
Cybersecurity Training, and Awareness Compromising Emanations Information Spillage
CNSSP-3 CNSSD-507 DoD O-8530.1-M (CAC req’d)
NSTISSD-501 CNSSI-4000 National Policy for Granting Access to DoDM 5105.21V1, SCI Admin Security
National Directive for ICAM CND Service Provider Certification and CNSSI-4004.1, Destruction and CNSSI-7000 Ethics Regulations NIST Special Publication 800-Series
National Training Program for Maintenance of Communications Classified Cryptographic Information Manual: Info and Info Sys Security
Capabilities... Accreditation Program Emergency Protection Procedures for TEMPEST Countermeasures for
INFOSEC Professionals Security (COMSEC) Equipment
COMSEC and Class. Material Facilities
CNSSD-506 CJCSI 6510.01F
NSTISSI-4011 CNSSI-4012 National Directive to Implement PKI on CNSSI-1300 DTM 17-007, Ch. 2, Defense Support NIST SP 800-63 series NIST SP 800-88, R1,Guidelines for
Instructions for NSS PKI X.509 Information Assurance (IA) and
National Training Standard for National IA Training Standard for Secret Networks to Cyber Incident Response NSTISSI-7001 DoDD 3020.26 Digital Identity Guidelines Media Sanitization
Computer Network Defense (CND)
INFOSEC Professionals Senior Systems Managers NONSTOP Countermeasures DoD Continuity Policy
NSTISSI-3028 CJCSM 6510.01B CJCSM 6510.02 NIST SP 800-125A, R1, Security
CNSSI-4013 CNSSI-4014 Operational Security Doctrine for the CNSSI-4001 NIST SP 800-101, R1
Controlled Cryptographic Items Cyber Incident Handling Program IA Vulnerability Mgt Program DoDD 8000.01 Recommendations for Hypervisor
National IA Training Standard For National IA Training Standard For FORTEZZA User PCMCIA Card DoDD 3020.44 Guidelines on Mobile Device Forensics Platforms
System Administrators (SA) Information Systems Security Officers Management of the DOD Information Defense Crisis Management
CNSSI-4003 CNSSI-4005 Enterprise
NSTISSI-4015 CNSSI-4016 Safeguarding COMSEC Facilities and NIST SP 800-209 NISTIR 7298, R3, Glossary of Key
Reporting and Evaluating COMSEC DoDI 8410.02 Security Guidelines for Storage
National Training Standard for System National IA Training Standard For Risk Incidents Materials, amended by CNSS-008-14 DoDI 5000.83 Information Security Terms
Certifiers Analysts Technology & Program Protection to NetOps for the Global Information Infrastructure
ABOUT THIS CHART Maintain Technological Advantage
CNSSI-4006 CNSSI-4007 Grid (GIG)
DoDI 8170.01 Controlling Authorities for COMSEC Communications Security (COMSEC) This chart organizes cybersecurity policies and guidance by Strategic CNSSD-502 CNSSD-900, Governing Procedures of
DoDD 8140.01 National Directive On Security of the Committee on National Security
Cyberspace Workforce Management Online Information Management and Material Utility Program Goal and Office of Primary Responsibility (see Color Key). Double- ICD 503 UFC 4-010-06,
Electronic Messaging National Security Systems Systems
clicking* on the box directs users to the most authoritative publicly IT Systems Security Risk Management Cybersecurity of Facility-Related
DoDI 1000.25 DoDI 5200.01 and C&A Control Systems
DoDM 3305.09 DoD 8570.01-M DoD Personnel Identity Protection DoD Information Security Program and accessible source. CNSSD-901 CNSSI-4009
Nat’l Security Telecomm’s and Info Sys Cmte on National Security Systems
Cryptologic Accreditation and Information Assurance Workforce (PIP) Program Protection of SCI Policies in italics indicate the document is marked for limited NSA IA Directorate (IAD) Management Defense Acquisition Guidebook Glossary
Certification Improvement Program Directive MD-110 Security (CNSS) Issuance System
DoDI 5200.08 DoDI 5200.48 distribution or no authoritative public-facing hyperlink is currently Program Protection
Cryptographic Key Protection
Security of DoD Installations and Controlled Unclassified available.
Resources and the DoD PSRB DoD Information Technology
Partner for Strength
Information(CUI) The linked sites are not controlled by the developers of this chart. We Environment Strategic Plan
DoDI 8520.02 DoDI 8520.03 regularly check the integrity of the links, but you may occasionally
Public Key Infrastructure (PKI) and Identity Authentication for Information experience an error message due to problems at the source site or the
NIST SP 800-144 NIST SP 800-171, R2 Public Key (PK) Enabling Systems
Guidelines on Security and Privacy in Protecting CUI in Nonfederal Systems site's decision to move the document. Please let us know if you OPERATIONAL
Public Cloud Computing and Organizations DoDM 5205.02 believe the link is no longer valid.
DoDM 1000.13, Vol. 1
NIST SP 800-172 CNSSP-14 DoD ID Cards: ID Card Life-cycle
DoD Operations Security (OPSEC) CNSS policies link only to the CNSS site.
Program Manual CYBERCOM Orders JFHQ-DODIN Orders
Enhanced Security Requirements for National Policy Governing the Release Boxes with red borders reflect recent updates.
Protecting CUI of IA Products/Services…
Assure Information Sharing *Note: It is best to open this PDF directly in a browser. However, if you
CNSSI-4008 DoDI 5205.13 are unable to open the links directly from this PDF document, place
Program for the Mgt and Use of Nat’l Defense Industrial Base (DIB) Cyber CNSSP-24 DoDI 8320.02 your cursor over the target box and right-click to copy the link location. SUBORDINATE POLICY
Reserve IA Security Equipment Security (CS) / IA Activities Policy on Assured Info Sharing (AIS) Sharing Data, Info, and IT Services in Open a web browser and paste the copied link into the address bar.
for National Security Systems(NSS) the DoD
DoDM O-5205.13 DoD 5220.22-M, Ch. 2 For the latest version of this chart or email alerts to updates go to Security Configuration Guides
Component-level Policy
DIB CS/IA Program Security National Industrial Security Program DoDI 8582.01 (Directives, Instructions, Publications,
CJCSI 3213.01D, https://dodiac.dtic.mil/dod-cybersecurity-policy-chart/ (SCGs) Memoranda)
Classification Manual Operating Manual (NISPOM) Security of Non-DoD Info Sys Processing
Joint Operations Security
Unclassified Nonpublic DoD Information
Cybersecurity Maturity Model MOA Between DoD and DHS Distribution Statement A: Approved for Public Release. Security Technical Implementation
Certification (CMMC) (Jan. 19, 2017) CJCSI 6211.02D NSA IA Guidance Guides (STIGs)
Defense Information System Network: Distribution is unlimited.
(DISN) Responsibilities