DODD 8540.01 CE-01
Cross Domain (CD) Policy
|Publication Date:||28 August 2017|
PURPOSE. This instruction:
a. Establishes policy, assigns responsibilities, and identifies procedures for the interconnection of information systems (ISs) of different security domains using CD solutions (CDSs) in accordance with the authority in DoD Directive (DoDD) 5144.02 (Reference (a)).
b. Aligns CD guidance for managing the information security risk and authorizing a CDS with the Risk Management Framework (RMF) in accordance with DoD Instruction (DoDI) 8510.01 (Reference (b)) and DoDI 8500.01 (Reference (c)).
c. Supersedes and cancels Assistant Secretary of Defense for Command, Control, Communications and Intelligence Memorandums (References (d) and (e)) and DoD Chief Information Officer (DoD CIO) Memorandum (Reference (f)).
APPLICABILITY a. This instruction applies to:
(1) OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff (CJCS) and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (referred to collectively in this instruction as the "DoD Components").
(2) All DoD CDSs providing CD capabilities to, from, within, or between DoD ISs to include mission partner (e.g., international, interagency, State government, or defense contractors) ISs.
b. Nothing in this instruction alters or supersedes the existing authorities and policies of the Director of National Intelligence (DNI) regarding the protection of Sensitive Compartmented Information (SCI) as directed by Executive Order 12333 (Reference (g)), associated amendments, and other laws and regulations. DoD ISs with CDSs connected to Top Secret (TS)/SCI IS must comply with DNI policy and guidance.
c. Nothing contained in this instruction relieves, exempts, or authorizes any individual or office to take any action in violation of the section 793 of Title 18, United States Code (Reference (h)) or relieves them from possible criminal prosecution for inadvertent or deliberate transmission of government security information to unauthorized individuals or for failure to establish a bona fide "need to know."