Army Regulation AR 25-2 Information Management: Army Cybersecurity April 2019

This manual, Army Regulation AR 25-2 Information Management: Army Cybersecurity April 2019, establishes the Army Cybersecurity Program and sets forth the mission, responsibilities, and policies to ensure uniform implementation of public law and Office of Management and Budget, Committee on National Security Systems, and Department of Defense issuances for protecting and safeguarding Army information technology, to include the Army-managed portion of the Department of Defense Information Network, (hereafter referred to as information technology) and information in electronic format (hereafter referred to as information). Information technology includes infrastructure, services, and applications used directly by the Army or for the Army by legal agreements or other binding contracts. 


This regulation applies to the Regular Army, the Army National Guard/Army National Guard of the United States, and the U.S. Army Reserve, to include all Headquarters, Department of the Army staff, Army commands, Army Service component commands, direct reporting units, all other Army agencies, and all personnel, authorized users and privileged users, unless otherwise stated. It applies to all Army information technology and information in electronic format at all classification levels; and Special Access Program and Sensitive Activity information systems except when handling sensitive compartmented information. Nothing in this regulation alters or supersedes the existing authorities and policies of the Department of Defense or the Director of National Intelligence regarding the protection of sensitive compartmented information as directed by Executive Order 12333. The Director of National Intelligence has delegated authority for all Army Sensitive Compartmented Information systems to the Deputy Chief of Staff, G–2.