This document provides an outline and high-level guidance on the expectations for the Cybersecurity Strategy as required by the Clinger-Cohen Act (40 U.S.C. Subtitle III) in the 2001 NDAA §811(P.L. 106-398), DoDI 5000.02 – Operation of the Defense Acquisition System, and DoDI 8500.01 – Cybersecurity. This document replaces the Acquisition Information Assurance (IA) Strategy outlined in DoDI 8580.1 - Information Assurance (IA) in the Defense Acquisition System.
This revision reflects the thrust of cybersecurity and acquisition integration of these new policies, as well as DoDI 8510.01 - Risk Management Framework (RMF) for DoD Information Technology (IT) and the DoD Program Manager’s (PM) Guidebook for Integrating the Cybersecurity RMF into the DoD System Acquisition Lifecycle.