DEPARTMENT OF THE NAVY
OFFICE OF THE CHIEF OF NAVAL OPERATIONS
2000
NAVY PENTAGON
W
ASHINGTON DC 20350-2000
OPNAVINST 5239.1D
N2N6
18 Jul 2018
OPNAV INSTRUCTION 5239.1D
From: Chief of Naval Operations
Subj: U.S. NAVY CYBERSECURITY PROGRAM
Ref: See enclosure (1)
Encl: (1) References
(2) Risk Management Framework Taxonomy
1. Purpose
a. This instruction establishes policies, procedures, and
assigns responsibilities for executing and maintaining the
United States Navy’s (USN) Cybersecurity Program and implements
the provisions of references (a) through (aw).
b. Specifically included in this instruction is the USN
policy and the responsibilities pertaining to reference (a),
which replaces the Department of Defense (DoD) information
assurance certification and accreditation process (DIACAP) with
the risk management framework for DoD information technology
(IT). This instruction is a complete revision and should be
reviewed in its entirety.
2. Cancellation. OPNAVINST 5239.1C and NAVADMIN 081/12.
3. Scope and Applicability
a. This instruction is consistent with and supports
references (b) and (c), and includes roles and responsibilities
that enable the Office of the Chief of Naval Operations (OPNAV),
the fleet, echelon 2 commands, systems commands (SYSCOM), type
commands, program executive offices (PEO), and other development
and acquisition activities to implement cybersecurity. It
applies to all USN activities and organizations, as well as
contractors and their sub-contractors, and contractor facilities
(with appropriate contract provisions) that perform the
functions in subparagraphs 3a(1) through 3a(4).
