Directive-Type Memorandum (DTM) 17-001: Cybersecurity in the Defense Acquisition System, January 11, 2017 [open pdf - 245KB]
"Cybersecurity is a requirement for all DoD programs. DoD program offices, systems, and networks, and supporting contractor facilities and activities, are at risk of cyber-attacks by state and non-state threat actors. [...] Responsibility for cybersecurity extends beyond network operators, software developers, and chief information officers, to every member of the acquisition workforce. Attention must be paid to cybersecurity at all acquisition category levels and all classification levels, including unclassified, throughout the entire life cycle. This includes systems that reside on networks and stand alone systems that are not persistently connected to networks during tactical and strategic operations."
Directive-Type Memorandum (DTM) 17-001
Defense Technical Information Center: http://www.dtic.mil/