Views
1 year ago

Department of Defense INSTRUCTION

x9tnk

DoDI 5000.02, January 7,

DoDI 5000.02, January 7, 2015 Table 12. Cybersecurity and Related Program Security Resources and Publications, Continued Category System Protection Title of Resource and Description DoDI 5200.39 (Reference (ai)) Provides policy and procedures for protecting CPI. CPI includes U.S. capability elements that contribute to the warfighters’ technical advantage, which if compromised, undermine U.S. military preeminence. U.S. capability elements may include, but are not limited to, software algorithms and specific hardware residing on the system, its training equipment, or maintenance support equipment. DoDI 5200.44 (Reference (aj)) Establishes policy and procedures for managing supply chain risk. A supply chain is at risk when an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system. Section 933 of the National Defense Authorization Act for Fiscal Year 2013, Public Law 112-239 (Reference (l)) Requires use of appropriate automated vulnerability analysis tools in computer software code during the entire life cycle, including during development, operational testing, operations and sustainment phases, and retirement. Section 937 of Public Law 113-66 (Reference (bj)) Requires the DoD to establish a joint federation of capabilities to support trusted defense system needs to ensure the security of software and hardware developed, maintained, and used by the DoD. DoD Instruction 8530.01 (Reference (cu)) Establishes policy and assigns responsibilities to protect the DoDIN against unauthorized activity, vulnerabilities, or threats. Joint Federated Assurance Center, chartered under Section 937 of Public law 113-66 (Reference (bj)) Federation of subject matter experts and capabilities to support program hardware and software assurance needs. National Cyber Range (NCR) The NCR is institutionally funded by AT&L Test Resource Management Center to provide cybersecurity T&E as a service to DoD Customers. The NCR provides secure facilities, computing resources, repeatable processes and skilled workforce as a service to Program Managers. The NCR Team helps the Program Manager plan and execute a wide range of event types including S&T experimentation, architectural evaluations, security control assessments, cooperative vulnerability, adversarial assessments, training and mission rehearsal. The NCR creates hifidelity, mission representative cyberspace environments and also facilitates the integration of cyberspace T&E infrastructure through partnerships with key stakeholders across DoD, the Department of Homeland Security, industry, and academia. Change 2, 02/02/2017 186 ENCLOSURE 14

DoDI 5000.02, January 7, 2015 Table 12. Cybersecurity and Related Program Security Resources and Publications, Continued Category Threat Assessment and Integration Risk, Issue, and Opportunity Management Cybersecurity T&E Title of Resource and Description Defense Intelligence Agency Produces intelligence and counterintelligence assessments, to include assessment of supplier threats to acquisition programs providing critical weapons, information systems, or service capabilities, and system threat intelligence reports. Defense Security Service Provides cleared U.S. defense industry with information about foreign intelligence threats and ensures that cleared U.S. defense industry safeguards the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. JAPEC Collaboration among the acquisition, intelligence, counterintelligence, law enforcement, and operations communities to prevent, mitigate, and respond to data loss. “Department of Defense Risk, Issue, and Opportunity Management Guide for Defense Acquisition Programs” (Reference (cv)) A guidance document that addresses the significant relationship between program success and effective risk management. DOT&E, “Procedures for Operational Test and Evaluation of Cybersecurity in Acquisition Programs” (Reference (cs)) A guidance document that describes approaches for operational cybersecurity testing. “Department of Defense Cybersecurity Test and Evaluation Guidebook” (Reference (cr)) A guidance document that addresses planning, analysis, and implementation of cybersecurity T&E for chief developmental testers, lead DT&E organizations, operational test agencies, and the larger test community. Change 2, 02/02/2017 187 ENCLOSURE 14

  • Page 1 and 2:

    The linked image cannot be displaye

  • Page 3 and 4:

    DoDI 5000.02, January 7, 2015 the M

  • Page 5 and 6:

    DoDI 5000.02, January 7, 2015 DAB r

  • Page 7 and 8:

    DoDI 5000.02, January 7, 2015 c. Ge

  • Page 9 and 10:

    DoDI 5000.02, January 7, 2015 a. Th

  • Page 11 and 12:

    DoDI 5000.02, January 7, 2015 (b) M

  • Page 13 and 14:

    DoDI 5000.02, January 7, 2015 (d) M

  • Page 15 and 16:

    DoDI 5000.02, January 7, 2015 (e) M

  • Page 17 and 18:

    DoDI 5000.02, January 7, 2015 3. Fi

  • Page 19 and 20:

    DoDI 5000.02, January 7, 2015 1. Mi

  • Page 21 and 22:

    DoDI 5000.02, January 7, 2015 by a

  • Page 23 and 24:

    DoDI 5000.02, January 7, 2015 (e) S

  • Page 25 and 26:

    DoDI 5000.02, January 7, 2015 addre

  • Page 27 and 28:

    DoDI 5000.02, January 7, 2015 (a) T

  • Page 29 and 30:

    DoDI 5000.02, January 7, 2015 syste

  • Page 31 and 32:

    DoDI 5000.02, January 7, 2015 appro

  • Page 33 and 34:

    DoDI 5000.02, January 7, 2015 e. Ad

  • Page 35 and 36:

    DoDI 5000.02, January 7, 2015 TABLE

  • Page 37 and 38:

    DoDI 5000.02, January 7, 2015 SOFTW

  • Page 39 and 40:

    DoDI 5000.02, January 7, 2015 Affor

  • Page 41 and 42:

    DoDI 5000.02, January 7, 2015 Safeg

  • Page 43 and 44:

    DoDI 5000.02, January 7, 2015 REFER

  • Page 45 and 46:

    DoDI 5000.02, January 7, 2015 (ar)

  • Page 47 and 48:

    DoDI 5000.02, January 7, 2015 (ck)

  • Page 49 and 50:

    DoDI 5000.02, January 7, 2015 Table

  • Page 51 and 52:

    DoDI 5000.02, January 7, 2015 (8)

  • Page 53 and 54:

    DoDI 5000.02, January 7, 2015 Table

  • Page 55 and 56:

    DoDI 5000.02, January 7, 2015 Table

  • Page 57 and 58:

    DoDI 5000.02, January 7, 2015 INFOR

  • Page 59 and 60:

    DoDI 5000.02, January 7, 2015 Table

  • Page 61 and 62:

    DoDI 5000.02, January 7, 2015 INFOR

  • Page 63 and 64:

    DoDI 5000.02, January 7, 2015 INFOR

  • Page 65 and 66:

    DoDI 5000.02, January 7, 2015 INFOR

  • Page 67 and 68:

    DoDI 5000.02, January 7, 2015 Table

  • Page 69 and 70:

    DoDI 5000.02, January 7, 2015 5. RE

  • Page 71 and 72:

    DoDI 5000.02, January 7, 2015 Table

  • Page 73 and 74:

    DoDI 5000.02, January 7, 2015 Table

  • Page 75 and 76:

    DoDI 5000.02, January 7, 2015 Table

  • Page 77 and 78:

    DoDI 5000.02, January 7, 2015 Table

  • Page 79 and 80:

    DoDI 5000.02, January 7, 2015 (3)c.

  • Page 81 and 82:

    DoDI 5000.02, January 7, 2015 a. If

  • Page 83 and 84:

    DoDI 5000.02, January 7, 2015 6. CC

  • Page 85 and 86:

    DoDI 5000.02, January 7, 2015 comma

  • Page 87 and 88:

    DoDI 5000.02, January 7, 2015 (2) P

  • Page 89 and 90:

    DoDI 5000.02, January 7, 2015 suffi

  • Page 91 and 92:

    DoDI 5000.02, January 7, 2015 (e) A

  • Page 93 and 94:

    DoDI 5000.02, January 7, 2015 secon

  • Page 95 and 96:

    DoDI 5000.02, January 7, 2015 for s

  • Page 97 and 98:

    DoDI 5000.02, January 7, 2015 For A

  • Page 99 and 100:

    DoDI 5000.02, January 7, 2015 softw

  • Page 101 and 102:

    DoDI 5000.02, January 7, 2015 assoc

  • Page 103 and 104:

    DoDI 5000.02, January 7, 2015 ENCLO

  • Page 105 and 106:

    DoDI 5000.02, January 7, 2015 e. Pr

  • Page 107 and 108:

    DoDI 5000.02, January 7, 2015 gover

  • Page 109 and 110:

    DoDI 5000.02, January 7, 2015 destr

  • Page 111 and 112:

    DoDI 5000.02, January 7, 2015 ENCLO

  • Page 113 and 114:

    DoDI 5000.02, January 7, 2015 b. Le

  • Page 115 and 116:

    DoDI 5000.02, January 7, 2015 (c) C

  • Page 117 and 118:

    DoDI 5000.02, January 7, 2015 7. OT

  • Page 119 and 120:

    DoDI 5000.02, January 7, 2015 10. R

  • Page 121 and 122:

    DoDI 5000.02, January 7, 2015 (b) F

  • Page 123 and 124:

    DoDI 5000.02, January 7, 2015 test

  • Page 125 and 126:

    DoDI 5000.02, January 7, 2015 14. T

  • Page 127 and 128:

    DoDI 5000.02, January 7, 2015 7014)

  • Page 129 and 130:

    DoDI 5000.02, January 7, 2015 c. Th

  • Page 131 and 132:

    DoDI 5000.02, January 7, 2015 a. Ma

  • Page 133 and 134:

    DoDI 5000.02, January 7, 2015 meeti

  • Page 135 and 136: DoDI 5000.02, January 7, 2015 and s
  • Page 137 and 138: DoDI 5000.02, January 7, 2015 b. Af
  • Page 139 and 140: DoDI 5000.02, January 7, 2015 ENCLO
  • Page 141 and 142: DoDI 5000.02, January 7, 2015 ENCLO
  • Page 143 and 144: DoDI 5000.02, January 7, 2015 Repor
  • Page 145 and 146: DoDI 5000.02, January 7, 2015 a. Do
  • Page 147 and 148: DoDI 5000.02, January 7, 2015 (4) T
  • Page 149 and 150: DoDI 5000.02, January 7, 2015 (1) T
  • Page 151 and 152: DoDI 5000.02, January 7, 2015 d. Ap
  • Page 153 and 154: DoDI 5000.02, January 7, 2015 ENCLO
  • Page 155 and 156: DoDI 5000.02, January 7, 2015 (f) S
  • Page 157 and 158: DoDI 5000.02, January 7, 2015 b. Th
  • Page 159 and 160: DoDI 5000.02, January 7, 2015 (3) A
  • Page 161 and 162: DoDI 5000.02, January 7, 2015 ENCLO
  • Page 163 and 164: DoDI 5000.02, January 7, 2015 4. RA
  • Page 165 and 166: DoDI 5000.02, January 7, 2015 (d) F
  • Page 167 and 168: DoDI 5000.02, January 7, 2015 (i) A
  • Page 169 and 170: DoDI 5000.02, January 7, 2015 and f
  • Page 171 and 172: DoDI 5000.02, January 7, 2015 ENCLO
  • Page 173 and 174: DoDI 5000.02, January 7, 2015 d. Sy
  • Page 175 and 176: DoDI 5000.02, January 7, 2015 (2) A
  • Page 177 and 178: DoDI 5000.02, January 7, 2015 (13)
  • Page 179 and 180: DoDI 5000.02, January 7, 2015 throu
  • Page 181 and 182: DoDI 5000.02, January 7, 2015 (5) I
  • Page 183 and 184: DoDI 5000.02, January 7, 2015 updat
  • Page 185: DoDI 5000.02, January 7, 2015 Table