scope:

PURPOSE.

This Instruction:

a. Establishes policy for managing the security of unclassified DoD information on non-DoD information systems in accordance with the guidance in DoD Instruction (DoDI) 5025.01 (Reference (a)) and the authority in DoD Directive (DoDD) 5144.1 (Reference (b)).

b. Incorporates and cancels Directive-Type Memorandum 08-027 (Reference (c)).

APPLICABILITY.

This Instruction:

a. Applies to:

(1) OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (hereinafter referred to collectively as the "DoD Components").

(2) The United States Coast Guard. The United States Coast Guard will adhere to DoD cybersecurity requirements, standards, and policies in this instruction in accordance with the direction in Paragraph 4a of the Memorandum of Agreement Between the Department of Defense and the Department of Homeland Security (Reference (q)).

(3) All unclassified DoD information in the possession or control of non-DoD entities on non-DoD information systems, to the extent provided by the applicable contract, grant, or other legal agreement with the DoD.

b. Does not apply to information technology (IT) services as described in DoDI 8500.01 (Reference (d)).