DEPARTMENT OF THE NAVY
OFFICE OF THE CHIEF OF NAVAL OPERATIONS
2000 NAVY PENTAGON
WASHINGTON DC 20350-2000
OPNAVINST 5510.167
DNS-32
3 Mar 2023
OPNAV INSTRUCTION 5510.167
From: Chief of Naval Operations
Subj: OPNAV CYBERSECURITY VIOLATION AND REMEDIATION POLICY
Ref: (a) SECNAVINST 5239.19A
(b) DoD Manual 5200.01, Volume 3, DoD Information Security Program: Protection of
Classified Information, 28 July 2020
1. Purpose.
a. To provide standardized actions and remediation efforts for users causing cybersecurity
incidents, electronic spillages and non-compliance with Fiscal Year Cyber Awareness Challenge
requirements.
b. To use remediation as a preventative measure in reducing violations, ensuring the safety and
proper handling of our electronic systems and classified information.
2. Scope and Applicability. This policy applies to all OPNAV military, contractors, civilians and
visitors on Navy-Marine Corps Internet (NMCI) networks.
3. Terminology.
a. Per reference (a), an incident is defined as actions taken through the use of computer networks that
result in a compromise or an actual or potentially adverse effect on an information system and the
information residing therein. This includes the exfiltration of information from a network via cyber-
enabled means. Examples include, but are not limited to:
(1) Plugging unauthorized universal serial bus (USB) devices into government PCs.
(2) Activating port security by plugging NMCI devices into Secure Internet Protocol Router
Network (SIPR) ports (and vice versa).
b. Per reference (a), an electronic spillage is defined as a situation where information of higher
classification than a system is authorized to process is introduced into that system, intentionally or
otherwise. Examples include, but are not limited to:
(1) Sending classified attachments which exceed the classification of the network in use.
(2) Copying classified documents using a printer or copier of a lower classification.
