The DoD Cybersecurity Policy Chart

Defending Department of Defense (DoD) networks, systems and data (DDNSD) is a complex and ongoing challenge. On November 13, 2013, the DoD Chief Information Officer issued a new cybersecurity strategy for the Department. At the end of March an unclassified version was made publicly available. Click on the icon below to download a copy of the document. In the Strategy, the four focus areas are listed below:

  1. Establish a Resilient Cyber Defense Posture

  2. Transform Cyber Defense Operations

  3. Enhance Cyber Situational Awareness

  4. Assure Survivability against Highly-Sophisticated Cyber Attacks

DDNSD Strategy

An updated version of the DoD cybersecurity policy chart aligning to this new strategy will be issued in the near term.

The goal of the DoD Cybersecurity Policy Chart (downloadable via the hyperlinked icon below) is to capture the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme. The use of color, fonts and hyperlinks are all designed to provide additional assistance to cybersecurity professionals navigating their way through policy issues in order to defend their networks, systems and data.

At the bottom center of the chart is a legend that identifies the originator of each policy by a color-coding scheme. On the right hand side of the Cybersecurity Policy Chart, there are boxes, which identify key legal authorities, federal/national level cybersecurity policies, and operational and subordinate level documents that provide details on defending the DoD Information Network (DoDIN) and its assets. Links to these documents can be found in the Chart.


Click on the chart preview to download the full PDF file with links to all policies:

Updated October 27, 2015

Click here for a list of the updates made.

Click here if you would like to be alerted via email when the Policy Chart is updated.

PLEASE NOTE: Due to a recent redesign of the CNSS website, deep-linking to a specific CNSS document is no longer possible. As such all CNSS links in the chart will link only to the page on which the policy is found. The user will have to find the policy on the page and click it to get the specific document. (This includes all CNSSP, CNSSD, CNSSI, NSTISSP, NSTISSD, NSTISSI, NSTISSAM, and NACSI policy documents.) We are working with CNSS to come up with a better solution, but this is the best currently available based on the new CNSS website implementation.

Because Cybersecurity Policy development is a wide-ranging and ongoing process, we ask for input from all who download this chart, advising us of any policies that may have been overlooked, but should be included. In addition, we ask for any policy updates that may not be properly reflected on the Cybersecurity Policy Chart or any suggestions to improve the chart.

Please use the form here to send suggestions, comments, or questions about the chart. We welcome all feedback. If you have questions about the content of any particular policy, please contact the POC for that policy directly.