DODD 8551.01 CE-01
Ports, Protocols, and Services Management (PPSM)
|Publication Date:||27 July 2017|
PURPOSE. In accordance with the authority in DoD Directive (DoDD) 5144.02 (Reference (a)) and pursuant to DoD Instruction (DoDI) 8500.01 (Reference (b)), this instruction reissues DoDI 8551.1 (Reference (c)).
a. Updates policy and standardizes procedures to catalog, regulate, and control the use and management of protocols in the Internet protocol suite, and associated ports (also known as "protocols, data services, and associated ports" or "ports, protocols, and services"); referred to in this instruction as PPS on DoD information networks (DODIN) including the connected information systems, platform information technology (IT) systems, platform IT (PIT), and products based on the potential that unregulated PPSM can damage DoD operations and interests.
b. Establishes PPSM support requirements for configuration management and continuous monitoring to include discovery and analysis of PPS to support near real time command and control (C2), of the DODIN and Joint Information Environment (JIE).
c. Establishes on the unclassified Risk Management Framework (RMF) Knowledge Service (KS), at https://rmfks.osd.mil, a presence for current PPSM policies and procedures and provides a mechanism for the DoD cybersecurity community to post and share PPSM practical solutions and documents with other DoD community and mission partners.
d. Incorporates and cancels Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer memorandums regarding PPS (References (d) and (e)).
APPLICABILITY. This instruction:
a. Applies to OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff (CJCS) and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the DoD, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (referred to collectively in this instruction as the "DoD Components").
b. Applies to the United States Coast Guard. The United States Coast Guard will adhere to DoD cybersecurity requirements, standards, and policies in this issuance in accordance with the direction in Paragraphs 4a, b, c, and d of the Memorandum of Agreement Between the Department of Defense and the Department of Homeland Security (Reference (u)).
c. Does not alter or supersede existing authorities and policies of the Director of National Intelligence regarding the protection of Sensitive Compartmented Information and special access programs for intelligence as directed by Executive Order 12333 (Reference (f)), and for national security information systems as directed by Executive Order 13231 (Reference (g)), and other applicable laws and regulations.