scope:

Purpose. This instruction:

a . Establishes Department of the Navy (DON) policy for cybersecurity (CS) consistent with national and Department of Defense (DoD) CS policy directives and instructions.

b. Per references (a) and (b), designates the DON Chief Information Officer (DON CIO) as the official responsible for managing the DON's CS program and ensuring compliance wi th references (a), (b), and (c).

c. Assigns responsibilities in the DON for developing, implementing, managing, and evaluating DON CS programs, policies, procedures, and controls per reference (c).

Applicability.

This instruction applies to the offices of the Secretary of the Navy (SECNAV), the Chief of N~val Operations (CNO), the Commandant of the Marine Corps (CMC) , and all subordinate U.S. Navy and U. S. Marine Corps organizations.

a. This instruction and the accompanying policy manual, reference (e), apply to al l DON owned or controlled Information Technology (IT), including IT operated by a contractor or other entity on behalf of the DON .

b. Federal and DoD policy take precedence over any conflicting requirements of this instruction. Implementing authorities should identify and report conflicting policy to the DON CIO for resolution.

c. This policy shall not alter or supersede the existing authorities and policies of the Director of Naval Intelligence or the Director, National Security Agency regarding the protection of Communications Security (COMSEC), sensitive compartmented information, and special access programs for intelligence that fall under the purview of reference (f).

d. This policy shall not alter or supersede the existing authorities and policies of the Director, Naval Criminal Investigative Service (NCIS) regarding the conduct of counterintelligence and law enforcement investigations, operations, and analysis in the cyber domain pursuant to references (g) and (h).