Per DoDI 1015.16, the NAFI IT Working Group is responsible for tracking Military Service and Exchange implementation of DoDI 1015.16 requirements, establishing and defining BMA activities, scope, and responsibilities, and coordinating technology modernization efforts and standards across the DoD NAFI IT Enterprise. The NAF IT WG meets periodically to review and discuss challenges amongst Services and Exchanges and opportunities for cross-Services and Exchanges collaboration.

New DOD CIO AI Focus Group established:
AI Focus Group

Business Impact Analysis Template!
BIA Final Template_RMF

CMMC 2.0 - Final Rulemaking completed - Acquisition rulemaking in progress.
Only to affect APF Services and Contracts
https://dodcio.defense.gov/CMMC/

DOD Cyber Workforce Framework and DODD 8140.01
https://public.cyber.mil/wid/dcwf/

DOD Cloud Access Point Updates and SRG - Need a Waiver?
https://public.cyber.mil/dccs/

Cybersecurity Resource and Reference Guide
Executive Order on Improving the Nation's Cybersecurity

DoD CIO Cybersecurity Policy:
DoDI 8500.01, "Cybersecurity"
DoDI 8510.01, "Risk Management Framework (RMF) for DoD Information Technology (IT)"
DoDI 8530.01, "Cybersecurity Activities Support to DoD Information Network Operations"
DoDI 8310.01, "Information Technology Standards in the DoD"
DoDI 8560.01, "Communications Security (COMSEC) Monitoring"
DoDI 8582.01, "Security of Non-DoD Information Systems Processing Unclassified Nonpublic DoD Information"
DoDI 8910.01, "Information Collection and Reporting

DoD CIO Home Page
DoD CIO Library
Risk Management Framework (RMF) Knowledge Service
DoD CIO Memo: Continuous Authorization to Operate (cATO)

DoDI 1015.16 "NONAPPROPRIATED FUND INSTRUMENTALITIES INFORMATION TECHNOLOGY POLICIES AND PROCEDURES Change 1"

One Page Summary - DoDI 1015.16

DoDI 1015.16 establishes policy, assigns responsibilities, and provides procedures for reciprocal acceptance of authorization decisions and artifacts of DoD NAF Instrumentalities (NAFIs) governed by DoDI 1015.15 for the authorization and connection of NAFI IT.  DoDI 1015.16 establishes NAFI IT governance charged with ensuring all relevant parties are aware and informed participants in the maintenance and strategic development of NAF IT cybersecurity.

The NAF IT Business Mission Area (BMA) will identify common IT and cybersecurity policy vision, goals, desired capabilities, and outcome-measures based on participating (DoD NAFI) input and guidance. The goal of the BMA is to create NAF enterprise-wide representation and advice on NAF IT issues and advocate for DoD NAFIs collectively.