CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION
References: See Enclosure D
1. Purpose. Provide joint policy and responsibilities for IA and support to CND in accordance with (IAW) Department of Defense Directive (DODD) 8500.01E, “Information Assurance (IA)” (reference a).
2. Cancellation. CJCSI 6510.01E, 15 August 2007, “Information Assurance (IA) and Computer Network Defense (CND),” (reference b) is canceled.
a. This instruction applies to the Joint Staff, combatant commands, Services, Defense agencies, DOD field activities, and joint activities (hereafter referred to as CC/S/As).
b. Nothing in this instruction shall alter or supersede the existing authorities and policies of the Director of National Intelligence (DNI) regarding the protection of Sensitive Compartmented Information (SCI) and special access programs for intelligence as directed by Executive Order 12333, “United States Intelligence Activities” (reference c) and other laws and regulations.
4. Policy. See Enclosure A.
5. Definitions. See Glossary. Major source documents for definitions in this instruction are Joint Publication (JP) 1-02, “DOD Dictionary of Military and Associated Terms,” (reference d) and Committee on National Security Systems Instruction (CNSSI) No. 4009, “National Information Assurance Glossary” (reference e).
6. Responsibilities. See Enclosures B and C.
7. Summary of Changes
a. Provides CC/S/A-level responsibilities for Vulnerability Management and the Information Assurance Vulnerability Management (IAVM) program.
b. Provides guidance and responsibilities for foreign national access to unclassified and classified information systems (ISs).
c. Provides guidance and responsibilities for the Cyber Security Inspection Program and Command Cyber Readiness Inspections (CCRIs).
d. Updates guidance on use of Portable Electronic Devices (PEDs) and removable media.
e. Updates guidance on Internet access and use of commercial e-mail.
f. Updates guidance on sanitization, declassification, and release of IS storage media.
g. Updates guidance on spillage of classified information.
h. Introduces the Cyber Conditions (CYBERCON) system as future replacement for Information Operations Conditions (INFOCON) system.
i. Updates titles for Designated Accrediting Authority (DAA) to Authorizing Official; Information Assurance Manager (IAM) to Information Systems Security Manager (ISSM); and Information Assurance Officer (IAO) to Information Systems Security Officer (ISSO) to align with CNSSI No. 4009 (reference e) terms. Replaces term certification with assessment and accreditation with authorization (to operate) in alignment with CNSSI No. 4009 (reference e) terminology. The new terms are followed by legacy terms in parentheses throughout instruction.
j. Removes sections on Defense Critical Infrastructure Programs and Communications Security (COMSEC) Material Incidents, which can be found in other DOD issuances.
8. Releasability. This instruction is approved for public release; distribution is unlimited. DOD components (to include the combatant commands), other federal agencies, and the public may obtain copies of this instruction through the Internet from the Chairman of the Joint Chiefs of Staff (CJCS) Directives Home Page at http://www.dtic.mil/cjcs_directives.
9. Effective Date. This instruction is effective upon receipt.