DOD issues directive to define CIO role

tech manager

The Defense Department on April 22 issued a new directive outlining the roles and responsibilities of the Pentagon's chief information officer, updating nearly decade-old governance to include some of DOD's most pressing concerns.

Perhaps most notable in DOD directive 5044.2 is the specific injection of cybersecurity, a phrase that does not appear in the directive's previous iteration, issued in 2005. In the interim there have been some updates – in particular, the disestablishment of the position of assistant secretary of defense (networks and information integration). The powers of ASD (NII) were officially transferred to the DOD CIO job under a January 2012 memo from Ashton Carter, deputy secretary of defense.

A DOD spokesman said the directive is just part of routine housekeeping, but the newly issued governance and its emphasis on cybersecurity, including collaboration and information-sharing, seems to represent an update in the priorities of the defense secretary's top adviser for all things IT.

The CIO "directs, manages and provides policy guidance and oversight of the DOD cybersecurity program, which includes responsibility for the Defense Information Assurance Program...and information security," the directive states.

The governance directs coordination on cybersecurity in a number of different ways, including participation in oversight groups dealing with cybersecurity, as well as specific orders to work with the commander of U.S. Cyber Command "on all matters under the commander’s purview related to the authorities, responsibilities, and functions assigned in this directive, including...requirements and capabilities for cyber operations, information network defense and monitoring, and cyberspace threats and domain requirements."

The evolution in coordination between DOD components – as well as roles and responsibilities that are similarly changing with the times – is something the DOD CIO herself, Teri Takai, addressed April 23 at an industry event in Arlington, Va.

"As we change the architecture, who in fact does cybersecurity, who does defense, who is able to see into networks – that is going to be evolving, and that has to do with what we're doing with CyberCom, how CyberCom operates with [the Defense Information Systems Agency], and how both of those organizations operate with the services and combatant commands," Takai said. "I say it's evolving because it's not something that we can set in stone today, because it's very much based on what infrastructure we have to operate in." Other new-era provisions in the directive include a measure to tackle the much-discussed shortage in cybersecurity professionals, an issue that was not mentioned in the 2005 directive.

Under the new directive, the DOD CIO "provides guidance and oversight with regard to the recruiting, retention, training and professional development of the DOD IT and cybersecurity workforce," the text notes. "The DOD CIO will assess the requirements for agency personnel regarding [information resources management] knowledge and skill and conduct formal training programs to educate agency program and management officials about IRM."

The directive also defines the government officials and other parties with which the CIO does and does not directly interface, another provision that did not appear in the 2005 measure.

According to the directive, the CIO is to "communicate with other executive branch officials, state and local officials, representatives of non-governmental organizations, members of the public and representatives of foreign governments, as appropriate, in carrying out assigned responsibilities and functions."

And while 2005's guidance described the CIO role as a DOD representative to the legislative branch, the new directive prescribes that "communications with representatives of the legislative branch must be conducted through the Assistant Secretary of Defense for Legislative Affairs or the [DOD comptroller], as appropriate, and be consistent with the DOD legislative program."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.


  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above