DON Computer Network Incident Response and Reporting Requirements

SECNAVINST 5239.19A - Publish Date: 09/04/19

download PDF

The purpose of this instruction is to establish Department of the Navy computer incident handling policy, and to align and integrate DON computer incident handling and reporting requirements with the Department of Defense policy.


Ref: See enclosure (1)

Encl: (1) References
(2) Definitions
(3) Responsibilities
(4) Incident Categories
(5) Cybersecurity Service Provider (CSSP) Contact Information

1. Purpose. Establish Department of the Navy (DON) computer incident handling policy consistent with reference (a), and to align and integrate DON computer incident handling and reporting requirements with the Department of Defense (DoD) policy in references (b) and (c).

2. Cancellation. SECNAVINST 5239.19.

3. Definitions. See enclosure (2).

4. Applicability

a. This instruction applies to:

(1) The Offices of the Secretary of the Navy (SECNAV), the Chief of Naval Operations (CNO), the Commandant of the Marine Corps (CMC), and all U.S. Navy, U.S. Marine Corps installations, commands, activities, field offices, and all other organizational entities within the DON.

(2) This instruction applies to all DON owned, controlled, and contractor owned information systems that receive, process, store, display, or transmit DoD information, regardless of mission assurance category, classification, or sensitivity. Actions or missions executed in support of this instruction are limited to Defensive Cyberspace Operations Internal Defensive Measures (DCO-IDM).

b. This instruction does not apply to, alter, or supersede:

(1) Existing authorities and policies of the Director of National Intelligence regarding the protection of Sensitive Compartmented Information (SCI) and special access programs for intelligence.

(2) Communication security monitoring as defined in reference (d).

(3) Signals intelligence, foreign intelligence, or counter-intelligence collection activities.

(4) Interception of communications for law enforcement purposes.

(5) Authorized vulnerability assessments conducted by systems commands to determine new system technical vulnerabilities or to accomplish integration and installation of systems.

(6) Cooperative Assessments conducted during audits.

(7) Electronic spillage defined as a situation where information of higher classification than a system is authorized to process is introduced into that system, intentionally or otherwise.

5. Policy

a. To promote a strategy of risk management DON organizations must maintain Cybersecurity (CS) situational awareness and ensure compliance with CS policy, to include reporting of CS/Cyberspace Defense issues and significant incidents, as required by references (a) through (q).

b. Defensive Cyberspace Operations (DCO) embodies incident detection and incident response, and synchronizes the technical, operational, and intelligence assessments of a computer attack in order to defend against it.

6. Responsibilities. See enclosure (3).

7. Records Management

a. Records created as a result of this instruction, regardless of format or media, must be maintained and dispositioned according to the records disposition schedules found on the Directives and Records Management Division (DRMD) portal page:

b. For questions concerning the management of records related to this instruction or the records disposition schedules, please contact your local Records Manager or the DRMD program office.

8. Reports. The reporting requirements contained in enclosures (3), (4), and (6) are exempt from information collection control by reference (d), Part IV, paragraph 7c.

Signed by:
Thomas B. Modly
Under Secretary of the Navy

Related Policy
Related News
Related Resources