Nearly 200 Pentagon cybersecurity regulations, all on a handy, 2-foot-long chart

Here's a mindblowingly complex and exhaustive info-chart outlining the 193 documents that govern the activities of the Pentagon's geek squads.

Developed by the DASD CIIA (that’s the Deputy Assistant Secretary of Defense for Cyber, Identity & Information Assurance), the goal of the chart is to “capture the tremendous breadth of applicable policies, some of which many IA practitioners may not even be aware, in a helpful organizational scheme.” And what a breadth it is: dozens and dozens of directives, strategies, policies, memos, regulations, strategies, white papers, and instructions, from “CNSSD-901: National Security Telecommunications and Information Security Systems Issuance System to “CNSSP-10: National Policy Governing Use of Approved Security Containers in Information System Security Applications to SP 800-37 R1: Guide for Applying the Risk Management Framework to Federal Information Systems.

The chart is two feet long. More at Danger Room, where you'll also find a larger copy of the image.

(thanks, Noah Shachtman).


  1. Funny, having recently worked in a job that was all about these rules I never thought much about how crazy they looked from the outside. Fun stuff.

  2. There has to be some contradictions lurking in there, as there is no way anything gets that complex under human supervision without creating its own paradox.

Comments are closed.