DoD Cybersecurity Discipline Implementation Plan - October 2015, Amended February 2016 [open pdf - 390KB]
From the Executive Summary: "Inspections and incidents across the Department of Defense (DoD) reveal a need to reinforce basic cybersecurity requirements identified in policies, directives, and orders. In agreement with the Secretary of Defense, the Deputy Secretary of Defense, and the Joint Chiefs of Staff, the DoD Chief Information Officer (CIO) identified key tasks needed to ensure those requirements are achieved. The DoD Cybersecurity Campaign reinforces the need to ensure Commanders and Supervisors at all levels, including the operational level, are accountable for key tasks, including those identified in this Implementation Plan. The Campaign does not relieve a Commander's and Supervisor's responsibility for compliance with other cybersecurity tasks identified in policies, directives, and orders, but limits the risk assumed by one Commander or Supervisor in key areas in order to reduce the risk to all other DoD missions. As part of the Campaign, this Implementation Plan is grouped into four Lines of Effort. The requirements within each Line of Effort represent a prioritization of all existing DoD cybersecurity requirements. Each Line of Effort focuses on a different aspect of cybersecurity defense-in-depth that is being exploited by our adversaries to gain access to DoD information networks. The four Lines of Effort are: 1. Strong authentication - to degrade the adversaries' ability to maneuver on DoD information networks; 2. Device hardening - to reduce internal and external attack vectors into DoD information networks; 3. Reduce attack surface - to reduce external attack vectors into DoD information networks; and 4. Alignment to cybersecurity / computer network defense service providers - to improve detection of and response to adversary activity."
US Department of Defense: http://www.defense.gov/