DODD 8310.01 CE-01
Information Technology Standards in the DoD
|Publication Date:||31 July 2017|
PURPOSE. In accordance with the authority in DoD Directive (DoDD) 5144.02 (Reference (a)) and the guidance in DoDD 8000.01 (Reference (b)), this instruction:
a. Establishes policy, assigns responsibilities, and provides direction for identifying, developing, and prescribing DoD standards for information technology (IT), to include national security systems (NSS) and defense business systems (DBS), pursuant to section 2223 of Title 10, United States Code (U.S.C.) (Reference (c)).
b. Delineates the responsibilities of the Director, Defense Information Systems Agency (DISA) as DoD Executive Agent (EA) for IT Standards, in accordance with DoDD 5105.19 (Reference (d)).
a. This instruction applies to:
(1) OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff (CJCS) and the Joint Staff, the Combatant Commands (CCMDs), the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (referred to collectively in this instruction as the "DoD Components").
(2) The United States Coast Guard. The United States Coast Guard will adhere to DoD cybersecurity requirements, standards, and policies in this issuance in accordance with the direction in Paragraph 4a of the Memorandum of Agreement Between the Department of Defense and the Department of Homeland Security (Reference (ae)).
(3) All IT, to include NSS and DBS (referred to in this instruction as "IT") systems or services, as defined in DoD Instruction (DoDI) 8320.02 (Reference (e)), that any DoD Component plans, designs, develops, acquires, sponsors, or uses, including:
(a) IT that shares, exchanges, and uses information to enable units or forces to operate in joint, multinational, or interagency operations.
(b) IT supporting business activities, including DBS within the DoD.
(c) IT that supports DoD mobility initiatives to include infrastructure, applications, services, and management.
(3) External organizational entities, by mutual agreements, conducting activities with the DoD, including:
(a) Non-government organizations, both commercial and nonprofit.
(b) Federal agencies of the U.S. government and State, local, and tribal government entities other than the DoD.
(c) Foreign national governments.
(d) International government organizations.
b. Nothing contained in this instruction is construed to limit the authority of a Milestone Decision Authority (MDA) to issue an Acquisition Decision Memorandum that may, where authorized and appropriate, include waivers of requirements, standards, or policy, as deemed appropriate by the MDA. The MDA provides for the acquisition of joint urgent operational needs and other urgent operational needs, and for exploratory development activities not withstanding other provisions of this policy.
c. This instruction does not alter or supersede existing authorities and policies of the Director of National Intelligence regarding the protection of Sensitive Compartmented Information and Special Access Programs for intelligence pursuant to Executive Order 12333 (Reference (f)), national security information systems pursuant to Executive Order 13231 (Reference (g)), and other laws and regulations.
d. This instruction does not apply to cleared contractors' information systems processing classified information under the National Industrial Security Program, which are subject to certification and accreditation by the Defense Security Service in its role as the Designated Approving Authority in accordance with DoDI 5220.22 (Reference (h)).