scope:

Purpose

The purpose of the Cybersecurity Strategy (CSS) for Programs of Record (POR) is to ensure compliance with the statutory requirements of the Title 40, United States Code (USC), Subtitle III (Clinger-Cohen Act) and related legislation, as implemented by DODI 5000.02. The CSS is an appendix to the program protection plan (PPP) that satisfies the statutory requirement in Section 811 of Public Law 106 - 398 for mission-essential and mission-critical information technology (IT) systems. The program manager (PM) develops the acquisition CSS to help the program office (PO), organize and coordinate its overall cybersecurity approach to identifying and satisfying cybersecurity requirements consistent with Department of Defense (DOD) and Army policies, standards, and architectures for all new systems or networks. This document replaces the acquisition information assurance (IA) strategy originally required by DODI 8580.1 to reflect guidance in DODI 5000.02, DODI 8500.01, and DODI 8510.01.