Stand-to! update Beginning May 2022, STAND-TO! will no longer be published on and/or distributed to its subscribers. Please continue to learn about the U.S. Army on and follow @USArmy on our social media platforms. Thank you for your continued interest in learning about the U.S. Army.

Army Regulation 25-2, Cybersecurity

Friday, May 31, 2019

What is it?

Army Regulation 25-2, Cybersecurity, provides cohesive and comprehensive cybersecurity policy and guidance. Department of the Army (DA) Cybersecurity Program implementation instructions are provided in 14 DA Pamphlets published concurrently.

The regulation has been significantly updated to reflect new DOD policies, and assign roles and responsibilities to mission stakeholders, and effectively integrate cybersecurity into system lifecycles across all modernization efforts. This update was published on April 4, 2019 and is based on DOD policy documents (e.g., DoDI 8500.01 and DoDI 8510.01).

What are the current and past efforts of the Army?

The Army Cybersecurity Program sets the conditions necessary for the Army to:

  • Protect and safeguard information technology capabilities.
  • Support mission readiness and resilience.
  • Ensure the confidentiality, integrity, and availability of information.

The regulation transitions the cybersecurity posture from compliance-based to a risk-management focus to enable a more resilient, operationally-directed framework. The 14 associated DA PAMs separate policy from procedure and provide operational guidance on topics such as:

What continued efforts does the Army have planned?

The Army will continue to review and update resources to provide the force with policy guidance based on operational need, technology requirements and modernization efforts. The Chief Information Office/G-6 will develop an information technology (IT) user agreement template to standardize the agreement across the Army and provide a baseline of minimum requirements that govern the appropriate use of IT systems and resources.

Commanders and senior leaders must include cybersecurity readiness assessments in unit status reports, ensuring accountability and the importance of cybersecurity discipline at all levels.

Why is this important to the Army?

Cybersecurity policy and procedural guidance is a critical enabler of Army readiness. This major revision of the updated AR 25-2 and its associated DA PAMs provides a consolidated source for Army-wide implementation of cybersecurity policies and allows for more agile updates in the future.


Related STAND-TO!:

Related document:

Subscribe to STAND-TO! to learn about the U.S. Army initiatives.


MAY 2019

National Asian Pacific Heritage Month | Visit Asian Pacific Americans in the U.S. Army

May 27: Memorial Day