DoDI 8500.01, March 14, 2014
Change 1, 10/07/2019 11 ENCLOSURE 1
(bj) DoD Manual 5200.01, Volume 3, “DoD Information Security Program: Protection of
Classified Information,” February 24, 2012, as amended
(bk) DoD Manual 5200.01, Volume 4, “DoD Information Security Program: Controlled
Unclassified Information (CUI),” February 24, 2012, as amended
(bl) DoD 5400.11-R, “Department of Defense Privacy Program,” May 14, 2007
(bm) Committee on National Security Systems Instruction 1010, “Cyber Incident Response,”
December 16, 2016
(bn) DoD Manual 5200.01, Volume 1, “DoD Information Security Program: Overview,
Classification, and Declassification,” February 24, 2012, as amended
(bo) DoD Instruction 1400.25, Volume 731, “DoD Civilian Personnel Management System:
Suitability and Fitness Adjudication For Civilian Employees,” August 24, 2012
(bp) Title 29, United States Code
(bq) National Institute of Standards and Technology Special Publication 800-34, Revision 1,
“Contingency Planning Guide for Federal Information Systems,” current edition
(br) DoD 5200.08-R, “Physical Security Program,” April 9, 2007, as amended
(bs) DoD Manual 5200.01, Volume 2, “DoD Information Security Program: Marking of
Classified Information,” February 24, 2012, as amended
(bt) DoD 5220.22-R, “Industrial Security Regulation,” April 12, 1985
(bu) Committee on National Security Systems Policy 300, “National Policy on Control of
Compromising Emanations,” January 11, 2006, as amended
(bv) Committee on National Security Systems Instruction 7000, “TEMPEST Countermeasures
for Facilities,” May 2004, as amended
(bw) DoD Instruction 5015.02, “DoD Records Management Program,” August 17, 2017
(bx) Unified Command Plan, current edition
(by) National Institute of Standards and Technology Special Publication 800-30, “Guide for
Conducting Risk Assessments,” current edition
(bz) DoD Directive 5105.53, “Director of Administration and Management (DA&M),”
February 26, 2008
(ca) National Institute of Standards and Technology Special Publication 800-37, “Guide for
Applying the Risk Management Framework to Federal Information Systems: A Security
Life Cycle Approach,” current edition
(cb) Committee on National Security Systems Instruction 1253, “Security Categorization and
Control Selection for National Security Systems,” March 27, 2014
(cc) National Institute of Standards and Technology Special Publication 800-53, “Security and
Privacy Controls for Federal Information Systems and Organizations,” current edition
(cd) National Institute of Standards and Technology Special Publication 800-53A, “Guide for
Assessing the Security and Privacy Controls in Federal Information Systems and
Organizations,” current edition
(ce) Section 806 of the Ike Skelton National Defense Authorization Act for Fiscal Year 2011,
January 7, 2011
(cf) DoD Directive 3020.26, “DoD Continuity Programs,” February 14, 2018
(cg) Secretary of Defense Memorandum, “Maintaining Readiness to Operate in Cyberspace
Domain,” December 7, 2012
(ch) DoD Instruction 8523.01, “Communications Security (COMSEC),” April 22, 2008