DoDI 8531.01, September 15, 2020
REFERENCES 24
REFERENCES
Committee on National Security Systems Instruction No. 1253, “Security Categorization and
Control Selection for National Security Systems,” March 27, 2014
Committee on National Security Systems Instruction No. 4004.1, “Destruction and Emergency
Protection Procedures for COMSEC and Classified Material,” January 10, 2008
Committee on National Security Systems Instruction No. 4009, “Committee on National
Security Systems (CNSS) Glossary,” April 6, 2015, as amended
DoD Directive 5144.02, “DoD Chief Information Officer (DoD CIO),” November 21, 2014, as
amended
DoD Directive 5505.13E, “DoD Executive Agent (EA) for the DoD Cyber Crime Center
(DC3),” March 1, 2010, as amended
DoD Instruction 5000.02T, “Operation of the Defense Acquisition System,” January 23, 2020
DoD Instruction 6530.01, “Defense Medical Logistics Program,” August 23, 2017
DoD Instruction 8310.01, “Information Technology Standards in the DoD,” July 31, 2017, as
amended
DoD Instruction 8320.03, “Unique Identification (UID) Standards for Supporting the DoD
Information Enterprise,” November 4, 2015, as amended
DoD Instruction 8320.04, “Item Unique Identification (IUID) Standards for Tangible Personal
Property,” September 3, 2015, as amended
DoD Instruction 8500.01, “Cybersecurity,” March 4, 2014, as amended
Food and Drug Administration, FDA-2015-D-5105, “Postmarket Management of Cybersecurity
in Medical Devices,” December 2016
Food and Drug Administration, FDA-2013-S-0610, “Cybersecurity for Networked Medical
Devices Containing Off-the-Shelf (OTS) Software,” January 2005
National Institute of Standards and Technology Interagency Report 7435, “The Common
Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems,”
August 2007
National Institute of Standards and Technology Special Publication 800-30, “Revision 1, "Guide
for Conducting Risk Assessments," September 2012
National Institute of Standards and Technology Special Publication 800-37, “Revision 2, "Risk
Management Framework for Information Systems and Organizations," December 2018
National Institute of Standards and Technology Special Publication 800-115, “Technical Guide
to Information Security Testing and Assessment," December 2018
Office of the Chairman of the Joint Chiefs of Staff, “DoD Dictionary of Military and Associated
Terms,” current edition
The White House, Office of the Press Secretary, “Vulnerabilities Equities Policy and Process for
the United States Government,” November 15, 2017
United States Code, Title 44