Transcription of Department of Defense DIRECTIVE
1 Department of Defense DIRECTIVE NUMBER November 21, 2014 Incorporating Change 1, September 19, 2017 DCMO SUBJECT: DoD Chief Information Offi cer ( DoD CIO) References: See Enclosure Under the authority vested in the Secretary of Defense by section 113 of Title 10,United States Code ( ) (Reference (a)), this DIRECTIVE :a. Assigns the responsibilities, functions, relationships, and authorities of the DoD CIO,pursuant to sections 2222-2224 of Reference (a), section 11315 of Title 40, (Reference (b)), and sections 3102, 3506, and 3544 of Title 44, (Reference (c)). DoD DIRECTIVE (DoDD) (Reference (d)). Any reference in any law,rule, regulation, or issuance to the Assistant Secretary of Defense for Networks and Information Integration (ASD(NII)) will be deemed to be a reference to the DoD CIO, unless otherwise specified by the Secretary of Defense .
2 The DoD CIO, as a Princi pal Staff Assistant (PSA) reporting directly to theSecretary of Defense , to e stablish DoD policy in DoD issuances within the responsibilities, functions, and authorities assigned in this DIRECTIVE , in accordance with DoD Instruction (DoDI) (Reference (e)). This DIRECTIVE applies to OSD, the Military Departments, the Office ofthe Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, theOffice of the Inspector General of the Department of Defense , the Defense Agencies, the DoDField Activities, and all other organizational e ntities within the DoD (referred to collectively inthis DIRECTIVE as the DoD Components ).
3 AND FUNCTIONS. The DoD CIO is the PSA and senior advisor tothe Secretary of Defense for information technology (IT) ( including national security systemsand Defense business systems), information resources management (IRM) and efficiencies. TheDoD CIO is responsible for all matters rela ting to the DoD information enterprise, includingcommunications; spectrum management; network policy and standards; information systems;DoDD , November 21, 2014 Change 1, 9/19/2017 2 cybersecur ity; positioning, navi ga tion, and timing (PNT) policy; and the DoD information enterprise that supports DoD command and control (C2). In this capacity, the DoD CIO: a. Deve lops D oD strategy and policy on the operation a nd protection of a ll DoD IT and infor mation systems, including development and promulgation of enterpr ise-wide architecture requirements and technical standards, and enf orcement, operation, a nd maintena nc e o f systems, interoperability, c ollaboration, a nd interface between DoD and non-DoD systems.
4 B. Serve s a s the A ge nc y Chief Infor mation Officer f or the D oD with the responsibilities, duties, and qualif ications, pursuant to section 11315 of Reference ( b) , and the a dditional responsibilities, pursuant to section 2223 of Reference ( a). In performanc e of these duties, the DoD CIO will: (1) Develop, maintain, and manage the implementation of a sound, secure, a nd integrated DoD IT architecture, ensure the interoperability o f IT throughout the DoD, and prescribe IT standards, including network and cybersecurity standards that apply throughout the DoD. (2) Ensure complianc e b y the Military Department c hief infor mation officers (CIOs) with their responsibilities, pursuant to section 2223 of Reference ( a), a nd ensure c omplianc e b y all DoD Component CIOs with DoD policy under the purview of the DoD CIO.
5 (3) Maintain a c onsolidated inventory o f DoD mission-critical and mission-essential infor mation systems, identify interfaces between the se systems, and develop and maintain contingency plans for responding to disruptions in the operation of any of t he se infor mation systems. (4) Monitor a nd evaluate the performanc e o f DoD IT investments through applicable perfor mance measurements and advise the Secretary of Defense , a nd advise relevant PSAs on investments under t heir purview, on whether to continue, modify, or t erminate such investments. (5) Review and provide recommendations on the DoD IT budget requests and the management of information resources.
6 (6) Provide f or t he e limination of duplicate DoD IT (including systems, applications, and infrastructure) within and between the DoD Components and interagency partners, and identify opportunities for improving IT efficiencies. (7) Develop and maintain, in coordination with the Under Secretary of Defense f or Acquisition, Technology, a nd Logistics (USD(AT&L)), a process for maximizing the value of, and assessing and managing the r isks related to, DoD IT acquisitions. Suc h a process will: (a) Be integrated with othe r key D oD decision support systems and processes that support capability i dentification; planning, programming, budgeting and execution; and acquisitions.
7 DoDD , November 21, 2014 Change 1, 9/19/2017 3 (b) Provide f or analyzing, selecting, monitoring, and eva luating DoD IT i nvestments. (c) Be performanc e, cost, a nd results based. (8) Perform all other responsibilities a nd functions a s required by s tatute, DIRECTIVE , or regulation pertaining to an age nc y CIO role. c. Serve s a s the CIO f or DoD with the responsibilities, pursuant to section 3506 of Reference (c), related to Federal i nf or mation policy. In performanc e of these duties, the DoD CIO will: (1) Advise a nd assist the PSAs and DoD Component heads on Federal information policy responsibilities related to issues that are unde r their purview.
8 (2) Oversee the management of infor mation resources to reduce information collection burde ns on the public; increase program efficienc y and effectiveness; and improve the integrity, quality, a nd utility of infor mation to all users within and outside DoD, including capa bilities f or ensuring dissemination of public infor mation, public access to government infor mation, and pr otections for privacy. (3) Ensure t hat privacy i mpact assessments are conducted and reviewed, pur suant to section 208 of P ublic Law 107-347 (Reference ( f)), prior to the initiation of new infor mation collections or the development or proc urement of any DoD IT that collects, maintains, or disseminates infor mation.
9 (4) Provide guidanc e and oversight on the administration of DoD interne t services, use of interne t-based capa bilities, and all interne t domain-related functions. (5) In cooperation with the U nder Secretary of Defense (Comptroller)/Chief F inancial Offi cer of the Department of D efense ( USD(C)/CFO), deve lop a f ull and accurate accounting o f DoD IT expe nditures, related expe nses, and performanc e metrics. (6) Develop and maintain a st rategic information resources mana ge ment plan. (7) In consultation with the Director of the Office of Management and Budget, the Administrator of G eneral Services, a nd the Archivist of the United States, maintain a c urrent and complete inventory of t he agency s infor mation resources, including directories necessary to fulfill the requirements o f s ection 3511 and chapter 35 of Referenc e ( c).
10 D. Consistent with section 932 of Public Law 113-66 (Reference (g), as implemented by Secretary of Defense memorandum (Reference (h)) and Deputy Secretary of Defense memorandum (Reference (i), directs, manages, a nd provides policy guidance a nd oversight of the D oD cybersecurity program, which includes responsibility f or the Defense Information Assuranc e Program, pursuant to s ection 2224 of Reference (a), and inf or mation security, pursuant to section 3544 of Reference ( c). In the perfor mance of these duties, the DoD CIO, in consultation and coordination with the U nder S ecretary of Defense f or Intelligence, will provide DoDD , November 21, 2014 Change 1, 9/19/2017 4 policy guidance to the Director, National Security Agency/Chief, Central Security Service (DIRNSA/CHCSS), regarding network operations and cybersecurity matters.))
