Skip to main content
U.S. flag

An official website of the United States government

Related Policies, Law, and Other Guidance

In addition to DoDI 1322.26 and STANAG 2591, the ADL Initiative performs its functions in accordance with multiple DoD and Federal Government laws, policies, and strategies.

Title Description
Creating Data Advantage Memorandum In May 2021, Defense Deputy Secretary Kathleen Hicks signed this memorandum, which outlines five data decrees to ensure data is a strategic advantage, including maximizing data sharing, ensuring DoD retains data rights, and using common interface specifications. The memo also emphasizes the use of "industry-standard, non-proprietary, preferably open-source, technologies, protocols, and payloads."
DoD Data Strategy This document, released in September 2020, reinforces the push toward enterprise (versus local) data ownership and provides the overarching vision, focus areas, guiding principles, essential capabilities, and goals necessary to transform the DoD into a data-centric enterprise.
Federal Data Strategy This document, published in June 2019 and updated annually, provides a set of principles for implementing Federal Government data innovations that drive value for the public. It identifies initial actions for agencies to establish processes, build capacity, and align existing efforts to better leverage data as a strategic asset. OMB Memo M-19-18, Federal Data Strategy: A Framework for Consistency , which establishes a Federal Data Strategy as a framework of operational principles and best practices. This Strategy enables enterprise-level use and management of Federal data, including goals to optimize value from data assets and protect security, privacy, and confidentiality.
Open, Public, Electronic and Necessary (OPEN) Government Data Act This law, included in the Foundations for Evidence-Based Policymaking Act (Public Law 115-435) as Title II, focuses on improving how the Federal Government makes data available to the public. Under the law enacted in October 2017, agencies must maintain and publish an inventory of data assets, and develop an open data plan "to facilitate collaboration with non-Government entities (including businesses), researchers, and the public for the purpose of understanding how data users value and use government data."
National Technology Transfer and Advancement Act of 1995 (Public Law 104-113) This law codified existing policies in OMB Circular A-119, originally published in October 1993 and updated in January 2016, for "Federal Participation in the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities." Circular A-119 encourages federal agencies to benefit from private sector expertise, promotes agency participation in standards bodies to support the creation of standards useful to the Government, and minimizes reliance on government-unique standards where an existing standard would meet the Government's objectives.

Title Description
2022 National Defense Strategy The 2022 National Defense Strategy (NDS) details the Department’s path forward into a decisive decade—from helping to protect the American people, to promoting global security, to seizing new strategic opportunities, and to realizing and defending our democratic values. According to the report, “The Department is establishing a new framework for strategic readiness, enabling a more comprehensive, data-driven assessment and reporting of readiness to ensure greater alignment with NDS priorities.”
DevSecOps Directives DoD has released multiple directives on DevSecOps, a software engineering culture and practice that aims at unifying software development (Dev), security (Sec) and operations (Ops). These include the DoD Enterprise DevSecOps Fundamentals (May 2021), DoD Enterprise DevSecOps Reference Design v.1 (August 2019), specific guides available from the DoD Cyber Exchange.
DoD Cloud Native Access Point (CNAP) Reference Design The purpose of the CNAP RD is to describe and define the set of capabilities, fundamental components, data flows, logical design pattern, and derived reference implementations for deploying, connecting to, and operating a CNAP. The RD guides the development of next generation cybersecurity capabilities to enable connectivity from the internet into DoD resources and services hosted in commercial cloud environments.
DoD Cloud Strategy This strategy document, published in December 2018, reasserts DoD's commitment to cloud initiatives from an enterprise perspective, identifies seven strategic objectives, and outlines guiding principles. It emphasizes mission and tactical edge needs along with the requirement to prepare for artificial intelligence while accounting for protection and efficiencies.
DoD Continuous Authority to Operate The purpose of this memo is to provide specific guidance on the necessary steps to allow systems to operate under a cATO state.
DoD Digital Modernization Strategy This strategy document, published in July 2019, is an organizing framework for DoD technology and data modernization efforts, including the DoD data strategy, DevSecOps guidance, DoD cloud modernization, artificial intelligence, and cybersecurity.
DoD Enterprise Digital Learning Modernization The Enterprise Digital Learning Modernization (EDLM) reform is a sweeping effort meant to improve DoD’s digital learning systems. It includes two major goals: first, improve the way DoD buys and maintains digital learning software and services, and second, modernize digital learning systems by implementing federated digital architectures and enterprise data-driven methods. The ADL Initiative is helping to build this architecture, including the Enterprise Course Catalog and Enterprise Learner Records Repository.
DoD Identity, Credential, and Access Management (ICAM) Strategy This strategy document, published in March 2020, sets goals for making ICAM fast, reliable, secure, and auditable across the DoD enterprise. ICAM refers to the "full range of activities related to the creation of digital identities and maintenance of associated attributes, credential issuance for person/non-person entities, authentication using the credentials, and making access management control decisions based on authenticated identities and associated attributes." See DoD Enterprise ICAM Reference Design
DoD Software Development and Open Source Software Memorandum This memorandum, released in January 2022, reinforces the Department's preference for using open-source software, particularly through a through a Modular, Open-Systems Approach (MOSA), and it provides guidance for acquiring and securing open-source components. The Federal Government also has a corresponding Government-wide open-source software policy. open-source software policy.
DoD Software Modernization Strategy This document, released in February 2022, reinforces the use of DevSec¬Ops and enterprise-level software modernization initiatives—particularly in support of interoperable data. The DoD Software Modernization Strategy provides the approach for achieving faster delivery of software capabilities in support of Department priorities such as Joint All Domain Command and Control and AI.
DoD Zero Trust Reference Architecture Zero Trust (ZT) is a cybersecurity strategy and framework that embeds security throughout the architecture to prevent malicious personas from accessing our most critical assets. It provides zones for visibility and information technology (IT) mechanisms positioned throughout the architecture to secure, manage and monitor every device, user, application, and network transaction occurring at the perimeter and/or within a network enclave. Zero Trust is an enterprise consideration and is written from the perspective of cybersecurity. The foundational tenet of the Zero Trust Model is that no actor, system, network, or service operating outside or within the security perimeter is trusted. Instead, we must verify anything and everything attempting to establish access. It is a dramatic paradigm shift in philosophy of how we secure our infrastructure, networks, and data, from verify once at the perimeter to continual verification of each user, device, application, and transaction.
Executive Order 14028 improving the Nation's Cybersecurity This policy of the Administration that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security. The Federal Government must lead by example. All Federal Information Systems should meet or exceed the standards and requirements for cybersecurity set forth in and issued pursuant to this order.
Federal Source Code Policy This federal policy, published in August 2016, addresses issues in custom software development and directs use of increased cross-organizational code reuse. Encourages new government-created code to be open-source.

Title Description
2022 DoD Learning and Evaluation Agenda for Partnerships (LEAP) Framework In Fiscal Year (FY) 2022, the DoD started transitioning from an annual strategic evaluation plan to a comprehensive learning agenda framework. The LEAP Framework builds on existing DoD processes and guidance, streamlining security cooperation (SC) learning and evidence-building under a common framework to increase coordination, collaboration, and deconfliction across the SC community.
Army People Strategy The US Army published this strategy document in October 2019, defines a comprehensive vision for talent management across acquisition, development, employment, and retention. Emphasizes data-driven approaches that use a range of technologies, incentives, and policies.
Competency Modeling The US Air Force in February 2022 published this augmentation to Air Force Policy Directive 36-26 Total Force Development, published in March 2019. The document provides information and instructional material on how and when Air Force competency models are planned, built, and executed.
Personnel and Readiness 2030 Strategy In October 2020, the Under Secretary for Personnel and Readiness (P&R) released this strategy, emphasizing the role of data dominance and discusses the need to transition from the Industrial Age of human resources to the data-centric Information Age.
US Army Learning Concept for 2020-2040 This report, published in April 2017, defines "a continuous, adaptive learning enterprise that facilitates a career-long continuum of learning." It requires a learner-centric approach, holistic and efficient technology-based training infrastructure, outcomes-based curricula, and a blended learning environment.

Title Description
Defense Training Records, DoD 0005 DoD issued a final rule in October 2021 to amend its regulations to exempt portions of this directive (published in December 2020) from certain provisions of the Privacy Act of 1974. The system covers DoD\'s collection, use, and maintenance of records about training delivered to DoD Service members, civilian personnel, and other DoD-affiliated individuals.
DoD Privacy Impact Assessment (PIA)
(DD Form 2930)
This assessment document, published in November 2008, is a decision tool used to identify and mitigate privacy risks in systems that rely on the collection of Personally Identifiable Information (PII).
DoDI 5000.88 Modular Open Systems This DoD Instruction, published in November 2020, requires that Major Defense Acquisition Programs (MDAPs), in their technical approach, shall "incorporate a modular open systems approach (MOSA) to the maximum extent practicable. All other programs should consider implementing MOSA."
DoDI 5400.16 DoD Privacy Impact Assessment (PIA) Guidance This DoD Instruction, published in July 2015 and updated in August 2017, establishes policy for completion and approval of Privacy Impact Assessments (PIAs). It provides procedures for the completion and approval of PIAs in DoD to analyze and ensure personally identifiable information (PII) in electronic form is collected, stored, protected, used, shared, and managed in a manner that protects privacy.
DoDI 8170.01 Online Information Management and Electronic Messaging This DoD Instruction, published in January 2019 and updated in August 2021, establishes policy for conducting, establishing, operating, and maintaining electronic messaging services to collect, distribute, store, and process official DoD information, both unclassified and classified.
DoDI 8310.01 Information Technology Standards in the DoD This DoD Instruction, published in February 2015 and updated in July 2017, directs DoD Components to "...identify, develop, and prescribe IT standards to promote interoperability, information sharing, reuse, portability, and cybersecurity across the DoD in accordance with the Joint Enterprise Standards Committee (JESC)."
DoDI 8320.07 Sharing of Data, Information, and Information Technology (IT) Services This DoD Instruction, published in August 2015 and updated in December 2017, requires that: "For existing systems, high-value data and content will be made available through Web application programming interfaces (APIs) and apply metadata tagging, as appropriate."
DoDI 8330.01: Interoperability of Information Technology, Including National Security Systems This Instruction establishes policy, assigns responsibilities, and provides direction for certifying the interoperability of information technology (IT) and national security systems (NSS). This new Instruction, issued September 27, 2022, establishes policy, assigns responsibilities, and provides direction for certifying the interoperability of IT and national security systems (NSS). It also establishes the governing policy and responsibilities for interoperability requirements development, test, certification, and prerequisites for connection of IT, including NSS.
H.R. 3979 - SEC. 801 (Title VIII) Acquisition Policy Under this law passed in 2015, DoD must use of Modular Open Systems approaches in acquisition programs, including to "...develop standards and define architectures necessary to enable open systems approaches...and ensure that acquisition programs include open systems approaches in the product design and acquisition of information technology systems..."

Title Description
DoDD 1322.18 Military Training This DoD Directive, published in October 2019, reissues and updates policies for training military and DoD civilian employees and, when authorized, contractors, allies, and other personnel. The ADL Initiative's DoDI flows directly from this directive as we develop, manage, provide, and evaluate distributed learning for DoD military and civilian personnel.
DoDI 1215.21 Reserve Component Use of Electronic-Based Distributed Learning Methods for Training This DoD Instruction, published in October 2014, establishes policy for members of the Selected Reserve to use electronic-based distributed learning methods to conduct training away from scheduled unit training assemblies or apart from other collective training time.
DoDI 1322.26 Distributed Learning This DoD Instruction, originally issued in 2006 and published in October 2017, establishes DoD-wide distributed learning policy, assigning responsibilities to the ADL Initiative and establishing the Defense ADL Advisory Committee (DADLAC).
DoDI 1322.33 DoD Credentialing Programs This DoD Instruction, published in October 2021, establishes policy for DoD credentialing programs that enable authorized Service members to obtain and maintain professional credentials.
DoDI 1430.16 Growing Civilian Leaders This new Instruction, issued April 23, 2022, establishes policies, assigns responsibilities, and describes procedures for educating, training, and developing civilian leaders below the executive level in the DoD.
Instruction 1800.01F Officer Professional Military Education Policy This DoD Instruction, issued by the Chairman of the Joint Chiefs of Staff in May 2020, outlines the policies, objectives, and responsibilities for officer Professional Military Education (PME), including applicable uses for distributed learning.

Title Description
Common Rule (for Protection of Human Subjects) This 1981 rule of ethics (updated in 2018) addresses biomedical and behavioral research involving human subjects. While the ADL Initiative does not contribute to this policy, we do follow it. Closely related to the Common Rule is DoDI 3216.02 Protection of Human Subjects and Adherence to Ethical Standards in DoD-Supported Research, which establishes policy and responsibilities for the protection of human subjects in DoD-supported programs.
DoDI 1100.13 Surveys This DoD Instruction, published in January 2015 and updated in March 2017, specifies policies for surveys requesting participation of personnel from more than one DoD or OSD Component, or a DoD or OSD Component sponsored survey of members of the public.
DoDI 2040.02 International Transfers of Technology, Articles, and Services This DoD Instruction, published in March 2014 and updated in July 2017, establishes policy for the international transfer of dual-use and defense-related technology, articles, and services and directs the use of a DoD automated export license system.
DoDI 3100.08 The Technical Cooperation Program (TTCP) This DoD Instruction, published in August 2012 and updated in October 2018, establishes policy for the organization, membership, functions, and responsibilities of TTCP. It specifies that the DoD shall cooperate with TTCP participating countries to the greatest degree possible to develop and exchange defense technology base information. It is DoD policy that TTCP will be used to acquaint participating countries with each other's technology to avoid duplication and identify technologies of interest for possible collaboration.
DoDI 3200.12 DoD Scientific and Technical Information Program (STIP) This DoD Instruction, published in August 2013 and updated in December 2018, establishes policy to carry out the DoD STIP consistent with the national science and technology policy and priorities described in section 6602 of Title 42, U.S.C.
DoDI 3200.20 Scientific and Engineering Integrity This DoD Instruction, published in July 2012 and updated in October 2018, supports a culture of scientific and engineering integrity, recognizing the role that science and engineering plays in DoD's mission, including for policy and systems acquisition decision making.
DoDI 3210.07 Research Integrity and Misconduct This DoD Instruction, published in May 2004 and updated in October 2018, specifies procedures and standards for the prevention of research misconduct and calls upon Federal Agencies that support or conduct research on an intramural or extramural basis to issue policies and procedures that conform to Federal policy.
DoDI 5000.83 Technology and Program Protection to Maintain Technological Advantage This DoD Instruction, published in July 2020 and updated in May 2021, establishes policy for science and technology (S&T) personnel to manage system security and cybersecurity technical risks from foreign intelligence collection. It assigns responsibilities to S&T managers and engineers for technology area protection plans, S&T protection, program protection plans, and engineering cybersecurity activities.

Title Description
AWS Managed Services This DoD Enterprise DevSecOps Reference Design is specifically for a collection of Amazon Web Services (AWS) managed services. The managed services explicitly identified as part of this reference design are built from Infrastructure as Code (IaC) baselines that leverage automation to generate preconfigured, preauthorized, Platform as a Service (PaaS) focused environments. These environments, whenever possible, leverage security services offered by the Cloud Service Provider (CSP, AWS in this case) over traditional datacenter tools.
CNCF Kubernetes This DoD Enterprise DevSecOps Reference Design is specifically for Cloud Native Computing Foundation (CNCF) Certified Kubernetes implementations. This enables a Cloud agnostic, elastic instantiation of a DevSecOps software factory anywhere: Cloud, On Premise, Embedded System, Edge Computing.
DevSecOps Fundamentals This document conveys the relationship between each DevSecOps phase, a taxonomy of supporting tools for a given phase, and the set of activities that occur at each phase cross-referenced to the tool(s) that support the specific activity.
DISA Container Hardening Guide This document focuses on the Department of Defense (DoD) Enterprise DevSecOps Initiative (DSOP) and was created to detail the Enterprise DevSecOps Container Hardening Process and ensure it meets the DoD Hardened Containers Cybersecurity Requirements. It is important to understand both DevSecOps and cybersecurity concepts and principals, as well as have knowledge of containers and container platforms. Refer to the Master Approach Document for more information on how the DSOP platform functions.
Kubernetes Hardening Guide (NSA) This guide describes the security challenges associated with setting up and securing a Kubernetes cluster. It includes strategies for system administrators and developers of National Security Systems, helping them avoid common misconfigurations and implement recommended hardening measures and mitigations when deploying Kubernetes.
Multi-cluster CNCF Kubernetes This reference design is intended to serve as architectural and design guidance to DoD organizations that intend to build and deploy cloud-native software on Kubernetes. This reference design describes the verifiable attributes and lists the preferred and required set of tools and activities across all phases of the DevSecOps lifecycle.
Pathway to Reference Design This document captures the Pathway to a Reference Design. It solicits best practices, innovative and differentiating software factory architectures, and captures the requisite steps necessary to produce a vetted software factory reference design.