Leonel Garciga, the U.S. Army’s chief information officer and a two-time Wash100 awardee, has signed and issued a memorandum to provide strategic guidance and establish requirements for system owners, or SOs, to use authorized and certified cybersecurity service providers, or CSSPs, across the Army’s unified network.
Published on April 14, the memo seeks to maintain a secure and compliant cybersecurity posture in accordance with the regulations, directives and instructions of the Department of Defense and the Department of the Army.
ARCYBER & Army C5ISR Center
The policy memo states that Army Cyber Command, or ARCYBER, and the Army Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance, or C5ISR, Center are the only two certified and authorized CSSPs in the military branch.
According to the document, ARCYBER has the first right of refusal for providing CSSP services and will refer organizations to C5ISR for any services it is unable to provide.
The commanding general of ARCYBER serves as the Army’s appointed directive authority for cyberspace operations, or DACO, and provides general CSSP services.
In accordance with the DACO, C5ISR CSSP executes services and functions for Army-owned and -operated systems in commercial and private cloud environments; the Defense Research and Engineering Network, or Secret DREN; and Army-sponsored cleared defense contractor sites.
Requirements for System Owners
The policy directs SOs to document CSSP alignment in required authorization packages and in the Enterprise Mission Assurance Support Service. They must also comply with all requirements for cybersecurity reporting mandated by the CSSP.
SOs of systems without DoDIN connectivity and enclaves must have processes in place to report compliance, receive orders and directives, and share information on the security status of the system to the respective CSSP.
According to the memo, SOs should contact ARCYBER to determine if hardware or configuration changes are required or if existing configurations are suitable for immediate services.
Dive deep into new cyber initiatives and policies and learn about emerging trends in the cyber domain at the Potomac Officers Club’s 2025 Cyber Summit on May 15. Register here.
