The purpose of this memorandum is to notify you that we are initiating the subject review. Public Law 113-283, “Federal Information Security Management Act of 2014 [FISMA],” December 18, 2014, requires each Federal agency to conduct an annual independent evaluation to determine the effectiveness of the agency’s information security program and practices. The objective of this review is to determine the effectiveness of the DoD’s information security policies, procedures, and practices and provide an annual independent evaluation in accordance with FISMA. 

We may revise the objective as the review proceeds, and we will also consider suggestions from management for additional or revised objectives. We will perform the review at the offices of the DoD Chief Information Officer; U.S. Cyber Command; Department of Defense Cyber Defense Command; Joint Chiefs of Staff Strategic Policy and Plans Directorate; Defense Information Systems Agency; Director for Privacy, Civil Liberties, and Transparency under the Director of Administration and Management; Military Department Chief Information Officers;