Skip Ribbon Commands
Skip to main content

Cybersecurity Community Homepage

Tools and TrainingTools and Training
Job Support Tools, Training Courses, Continuous Learning, Rapid Deployment Training
Tools and TrainingIn page navigation
Mission AssistanceMission Assistance
Mission Assistance, Workshops, Demonstrated Experience
Mission Assistance In page navigation
Reference LibraryReference Library
Links to Cybersecurity Policies, Guidebooks, and Related Resources and Functional Areas (Test and Evaluation, Systems Engineering, Program Management, Life Cycle Logistics, Information Technology)
Reference LibraryIn page navigation
Updated news feeds on topics of interest from the Cyber Security and Information Systems Information Analysis Center (CSIAC)
TrendingIn page navigation
Contact UsContact Us
Email DAU Cybersecurity SMEs with a question or comment. 
Contact UsIn page navigation
Picture Placeholder: STEPHEN MILLS
32/27/2018 9:09 AM

​Does the RMF help in achieving Cyber Resiliency?

KEVIN WILLIAMS9/3/2020 5:35 PMNo
Picture Placeholder: rcshanah
  • rcshanah
07/29/2020 9:26 AM

On 20 July 2020, ​OUSD(R&E) issued a new instruction governing technology and program protection. DoDI 5000.83, "Technology and Program Protection to Maintain Technological Advantage." It is another in a series of functional area instructions that incorporates and replaces parts of DoDI 5000.02T.

This new instruction does the following:

  • "Establishes policy, assigns responsibilities, and provides procedures for science and technology (S&T) managers and engineers to manage system security and cybersecurity technical risks from foreign intelligence collection; hardware, software, cyber, and cyberspace vulnerabilities; supply chain exploitation; and reverse engineering to:
o DoD-sponsored research and technology that is in the interest of national security.
o DoD warfighting capabilities.
  • Assigns responsibilities and provides procedures for S&T managers and lead systems engineers for technology area protection plans (TAPPs), S&T protection, program protection plans (PPPs), and engineering cybersecurity activities."
This policy applies to both in-house S&T/R&D efforts and those out-sourced to government-affiliated organizations such as FFRDCs, industry, and academia.

The policy incorporates and cancels parts of DoDI 5000.02T Enclosures 3 and 13 governing program protection and cybersecurity. Tables 1 & 2 in the new instruction state specific sections of those enclosures that transferred over.

Training on this new policy will likely be incorporated into an existing or a new DAU Rapid Deployment Training package that will be given at a future DAU Webcast as part of the Adaptive Acquisition Framework series.

7/29/2020 9:26 AMNo
Picture Placeholder: CICCO DI
05/20/2020 12:16 PM

​If the government requests this information as part of a forensic analysis as called out in DFARS 7012 paragraph (f), the contractor must in turn request this information from their CSP provider.

If not, then the contractor would be out of compliance with the DFARS clause. 

The only way I view that is one needs to have O365   Government Community Cloud High (GCC High) licenses.

Do all agree?  

Thank You


5/20/2020 12:16 PMNo
Picture Placeholder: STEPHANI HUNSINGER
23/23/2017 3:27 PM

​How do I transition from DIACAP to RMF?

LARKIN WALKER10/2/2017 8:38 AMNo

 Featured Multi-Media

 DAU Community Help Web Part

Tip: Sign in and then click 'Join this community' to become a member of this site.

What's happening
TIMOTHY DENMANSubject Matter Expert