NAVY - BUPERS 5239.5
(BUPERS-07) BUREAU OF NAVAL PERSONNEL CYBERSECURITY PROGRAM
|Publication Date:||8 December 2020|
Scope and Applicability.
This instruction applies to BUPERS and subordinate commands, to include Navy Personnel Command (NAVPERSCOM), personnel support detachments (PSD), and naval brigs. This also applies to BUPERS networks, to include all programs under BUPERS responsibility in the Enterprise Mission Assurance Support Service (eMASS) in order to meet the requirements of references (a) through (v); refer to enclosure (1) for specific references. This applies to BUPERS networks, to include NAVPERSCOM command-owned or controlled information systems (IS) and their authorized maintainers, administrators, and users. These systems include, but are not limited to information technology (IT) systems, training delivery system infrastructures, and programs of record. This instruction also applies to the above systems, whether operated by BUPERS, NAVPERSCOM, a contractor or other entity on behalf of BUPERS or NAVPERSCOM, such as a systems command. It also applies to BUPERS and NAVPERSCOM systems that receive, process, store, display, or transmit Department of Defense (DoD) or Department of the Navy (DON) information, regardless of categorization or security controls. The BUPERS command information officer (CIO) is responsible for ensuring compliance with the DON CS Program. The procedures and principles presented in these guidelines apply to all BUPERS military and civilian employees, including Government contractors, and all IT assets within the BUPERS organization.