SECRETARY
OF
DEFENSE
1000
DEFENSE
PENTAGON
WASHINGTON
,
DC
20301-1000
JUL
1 8
2025
MEMORANDUM
FOR
SENIOR PENTAGON LEADERSHIP
COMMANDERS OF THE COMBATANT COMMANDS
DEFENSE AGENCY AND
DOD
FIELD ACTIVITY DIRECTORS
SUBJ: Enhancing Security Protocols for the Depa1tmP.nt
of
Defense
I direct the Department
of
Defense (DoD)
Chieflnformation
Officer (CIO), in
coordination with the Under Secretaries
of
Defense for Acquisition and Sustainment, Intelligence
and Security, and Research and Engineering,
to
take immediate actions to ensure
to
the
maximum extent possible that all information technology capabilities, including cloud services,
developed and procured for
DoD
are reviewed and validated
as
secure against supply chain
attacks by adversaries such as China and Russia.
The DoD will not procure any hardware or software susceptible to adversarial foreign
influence that presents ri
sk
to mission accomp
li
shment and must prevent such adversaries from
introducing malicious capabilities into the products and services that are utilized by the
Department.
To
that end, the Department will
fo
rti
fy
existing programs and processes utilized
within the Defense Industrial Base (DIB)
to
ensure that adversarial foreign influence is
appropriately eliminated
or
mitigated and determine what,
if
any, additional actions may be
required to address these risks. ·Specifically, the DoD CIO will leverage efforts such as the
Cybersecurity Maturity Model Certification, the Software Fast Track Program, the Authority to
Operate process, the Federal Risk and Authorization Management Program, and initiatives such
as the Secure Software Development Framework. Moreover, the Under Secretary
of
Defense for
Intelligence and Security will review and validate personnel security practices and insider threat
programs
of
the DIB and cloud service providers to the maximum extent possible.
I direct the DoD CIO to issue additional implementing guidance within
15
days
of
the
date
of
this memorandum
to
achieve and maintain a secure environment for our warfighters. My
point
of
contact in this matter is David McKeown, david.w.mckeown.civ@mail.mil, 703-695-
8705.
