DEPARTMENT OF THE NAVY
OFFICE OF THE CHIEF OF NAVAL OPERATIONS
2000
NAVY PENTAGON
W
ASHINGTON DC 20350-2000
OPNAVINST 5239.4
N2N6
14 Sep 2018
OPNAV INSTRUCTION 5239.4
From: Chief of Naval Operations
Subj: CHIEF OF NAVAL OPERATIONS CYBERSECURITY SAFETY PROGRAM
Ref: (a) SECNAVINST 5239.22
(b) DoD Instruction 5000.02 of 7 January 2015
(c) DoD Instruction 5200.44 of 5 November 2012
(d) IATA-STD-004-DFIA-V3.0, Defense-in-Depth Functional Implementation
Architecture (DFIA) Standard
(e) National Institute of Standards and Technology, Framework for Improving
Critical Infrastructure Cybersecurity, Version 1.1, 16 April 2018
(f) Committee on National Security Systems Instruction No. 4009, Committee
on National Security Systems Glossary of 6 April 2015
(g) IATA-STD-CSGC-011R0 V1.0, Navy Cybersecurity Safety (CYBERSAFE) Grading
Criteria Standard
(h) IATA-STD-CSGR-012R0 V1.0, Navy Cybersecurity Safety (CYBERSAFE) Grade
Requirements Standard
(i) SECNAVINST 5400.15C
(j) OPNAVINST 5239.1D
(k) IATA-STD-017-CSC-V1.0, Navy Cybersecurity Safety (CYBERSAFE) Certification
Standard
(l) IATA-STD-018-CSAU-V1.0, Navy Cybersecurity Safety (CYBERSAFE) Audit
Standard
(m) IATA-STD-TSN-015-V1.0, Trusted Systems and Networks Standard
(n) SECNAVINST 5000.2E
1. Purpose. The purpose of cybersecurity safety (CYBERSAFE) is to best position the U.S.
Navy to fight and win with speed and agility in the increasingly contested and connected cyber-
dominated battlespace by providing maximum reasonable assurance of resiliency for mission
critical industrial control systems, platform information technology (PIT), and information
technology (IT) systems.
2. Background. As directed by reference (a), this instruction establishes CYBERSAFE policy,
governance, and implementation management for the Navy CYBERSAFE Program. In addition
to the mitigations required by reference (b), enclosure (14), CYBERSAFE implements the
Department of Defense (DoD) trusted systems and networks strategy by identifying and
protecting mission critical items (i.e., safety critical) as described in references (c) and (d). The
