A collection of policy, guidance, and best practices documents for Internet Protocol version 6 (IPv6) and Internet of Things (IoT) (which have also been called Smart Objects, Things, or Devices) in 3 parts. (Additional information about security and cybersecurity may also be found in the IPv6 and IoT Security Best Practices article of the Security section and the Secure Cloud Computing topic of the Cloud Computing using IPv6 article in the Infrastructure section
Part 1: United States (US) Federal government (other than the DoD) organizations documents
Part 2: US Department of Defense (DoD) organizations documents
Part 3: US Non-government and State and Local government organizations documents
Part 1: United States (US) Federal government (other than the DoD) organizations documents
Office of the President
International Strategy for Cyberspace, May, 2011
Executive Order 14028 “Improving the Nation’s Cybersecurity", May, 2021
National Cybersecurity Strategy, Mar, 2023
National Cybersecurity Strategy Implementation Plan, May, 2024, version 2
Office of Management and Budget (OMB)
Administrator, Office of E-Government and Information Technology
M-22-09 Moving the U.S. Government Toward Zero Trust Cybersecurity Principles, Jan, 2022
Memorandum M-05-22 of August 2, 2005. [Rescinded Nov, 2020, by OFCIO Memorandum M-21-07 Completing the Transition to Internet Protocol Version 6 (IPv6).]
Improving Agency Performance Using Information and Information Technology (Enterprise Architecture Assessment Framework v3.1), Jun, 2009
Management and Oversight of Federal Information Technology, Jun, 2015
Circular A-130 Managing Information as a Strategic Resource revised Jul 28, 2016 (Section 5.i Leveraging the Evolving Internet)
Deputy Director for Management
Council of the Inspectors General on Integrity and Efficiency
Office of the Federal Chief Information Officer (OFCIO)
Transition to IPv6, Sept, 2010. [Rescinded Nov, 2020, by OFCIO Memorandum M-21-07 Completing the Transition to Internet Protocol Version 6 (IPv6).] An updated Frequently Asked Questions (FAQ) for the Transition to IPv6 can be found here. The original FAQ for the Transition to IPv6 is available here.
Memorandum M-17-06 Policies for Federal Agency Public Websites and Digital Services, Nov 8, 2016
Federal Cloud Computing Strategy, Jun 24, 2019
White Paper: Networks of the Future, Dec 2, 2019
Memorandum M-21-07 Completing the Transition to Internet Protocol Version 6 (IPv6), Nov, 2020. The FAQ for M-21-07 can be found here.
(OMB and CISA also maintain a zerotrust.cyber.gov website containing Zero Trust guidance documents.)
Chief Information Officers (CIO) Council
CIO.gov website
Cloud Operations Best Practices & Resources Guide, Oct, 2023
Federal CIO Handbook, Mar, 2021
Federal Small Agency CIO and IT Executive Handbook, Apr, 2023
Federal IPv6 Task Force
IPv6 Transition Guidance, Feb, 2006. Note: An expanded outline of Section 4.2 Components of an IPv6 Transition Plan of this document can be found here
Demonstration Plan to Support Agency IPv6 Compliance, Jan, 2008
Planning Guide/Roadmap Toward IPv6 Adoption within the US Government, July, 2012. [Rescinded Aug, 2018, by OMB Memorandum M-18-23 Shifting From Low-Value to High-Value Work.] An updated FAQ can be found here. The original 2011 FAQ is available here.
Zero Trust Cybersecurity Current Trends report by the American Council for Technology-Industry Advisory Council (ACT-IAC), Apr, 2019
Federal IPv6 Transition Best Practices, Ralph Wallace (by permission of the author), Feb, 2021
Guidance for Program Management of Agency Transition to an IPv6-only Environment, Apr, 2021 (authentication required)
The CIO Council Federal IPv6 Task Force also maintains a comprehensive Federal IPv6 transition FAQ, a collection of M-21-07-specific Implementation Artifacts to assist agencies in their implementation of IPv6 (authentication required), a collection of key documents and resources (authentication required) specific to the deployment of IPv6 and a collection of recommended documents related to IPv6
Centers for Medicare and Medicaid Services (CMS)
CMS has worked alongside Health and Human Services (HHS) to develop a Department-wide IPv6 policy to which CMS will adhere. (See HHS Policy for the Transition to Internet Protocol version 6 (IPv6) under Department of Health and Human Services below)
Commodity Futures Trading Commission (CFTC)
Transition to Internet Protocol version 6 (IPv6), Jul, 2018
Congress of the United States of America
Internet of Things Cybersecurity Improvement Act of 2020, Dec, 2020
Department of Commerce (DoC)
Transition to Internet Protocol Version 6 (IPv6) Policy, Sep, 2021
(Note: Several federal Bureaus and Offices are part of the DoC. For example, NIST and the National Oceanic and Atmospheric Administration (NOAA) are part of the DoC.)
Department of Education (ED)
Enterprise Architecture Program Office
Enterprise Transition Strategy Plan, Feb, 2008, Section 9.0 IPv6 Transition Strategy and Milestones
IPv6 Transition Guide, Version 2.0, Jan, 2025
Office of the Chief Information Officer (OCIO)
Transition to Internet Protocol version 6 (IPv6), May, 2021
Information Assurance Services (IAS)
Security and Privacy Requirements for Information Technology Procurements, Sep, 2020, Section 2.5
Department of Energy (DoE)
Department of Energy Complete Transition to Internet Protocol Version 6 (IPv6) Interim Solution, May, 2021
Department of Energy Order 200.1A Chg 2 Information Technology Management, Aug, 2023
Federal Energy Regulatory Commission (FERC)
Internet Protocol version 6 (IPv6) Policy, Feb, 2024
Department of Health and Human Services (HHS)
Complete Transition to IPv6, May, 2021
HHS Policy for the Transition to Internet Protocol version 6 (IPv6), Aug, 2021
Office of Inspector General
Official HHS-OIG Policy on Transitioning to IPv6, Nov, 2021
Department of Homeland Security (DHS)
Securing the Internet of Things, Nov, 2016
Cybersecurity Strategy, May, 2018
The Industrial Internet of Things (IIOT): Opportunities, Risks, Mitigation, Dec, 2019
Deputy Undersecretary for Management
DHS Transition to Internet Protocol Version 6 (IPv6), May, 2021
Office of Inspector General
DHS Must Address Internet Protocol Version 6 Challenges, May, 2008
Cybersecurity and Infrastructure Security Agency (CISA)
The Internet of Things: Impact on Public Safety Communications, Mar, 2019
Internet of Things Tip Sheet, Dec, 2019
Internet of Things Security Acquisition Guidance, Feb, 2020
Cybersecurity Best Practices For Industrial Control Systems, May, 2020
High Value Asset Control Overlay Version 2.0, Jan, 2021
Reducing the Significant Risk of Known Exploited Vulnerabilities, Binding Operational Directive (BOD) 22-01, Nov, 2021
Internet Protocol Version 6 Considerations for Trusted Internet Connections 3.0, Jan, 2022
5G Security Evaluation Process Investigation Version 1, May, 2022
Binding Operational Directive 23-01, Oct, 2022
Binding Operational Directive 23-01 Implementation Guidance, Oct, 2022
Zero Trust Maturity Model (version 2), Apr, 2023
Secure Cloud Business Applications, Hybrid Identity Solutions Guidance, Mar, 2024
Shields Up Technical Guidance, ongoing
5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance, Aug, 2022
Cybersecurity Directives (A listing of CISA Emergency and Binding Operational Directives.)
Secure Cloud Business Applications (SCuBA) Project (A listing of guidance documents to secure agencies’ business applications environments)
(OMB and CISA also maintain a zerotrust.cyber.gov website containing Zero Trust guidance documents.)
US Joint Ransomware Task Force (JRTF)
#StopRansomwareGuide, Oct, 2023
National Security Telecommunications Advisory Committee (NSTAC)
Report to the President on Internet and Communications Resilience, Nov, 2017
Department of Justice (DoJ)
Securing your “Internet of Things” Devices, Jul, 2017
Department of Justice transition to Internet Protocol version 6 (IPV6), Feb, 2021
Department of State (DoS)
Department of State International Cyberspace Policy Strategy, Mar, 2016
Department of State Internet Protocol version 6 (IPv6) Policy Statement, Sep, 2021
Department of Transportation (DoT)
Internet Protocol version 6 (IPv6) Implementation Policy, May 2021
Federal Aviation Administration (FAA)
Internet Protocol version 6 (IPv6) Guidance, Jun, 2006
FAA Internet Protocol Version 6 (IPv6) and Internet Protocol Version 4 (IPv4) Policy and Strategy, May, 2021
Federal Transit Administration (FTA)
Report to Congress on Internet of Things, Feb, 2017
Department of Veterans Affairs (VA)
Department of Veterans Affairs Enterprise Architecture Guidance for the VA IPV6 Network Transition, Jan, 2006
Department of Veterans Affairs Transition Plan for IPV6, Version 3.00, Mar, 2009
Department of Veterans Affairs IPv6 Applications Testing Best Practices, Jun, 2010
Department of Veterans Affairs IPv6 Transition Guide, Jun 2023
Mobility Impact of Internet of Things (IoT), Nov, 2016
VA Internet Protocol Version 6 (IPv6) Transition Procedures (VIEWS 05135661), May, 2021
VA Internet Protocol version 6 (IPv6) Transition Policy, Jun, 2023
Virtual Office of Acquisition
Public Document Library (VA IPv6 policy documents)
Export-Import Bank of the United States (EXIM)
EXIM Internet Protocol Version 6 (IPv6) Compliance Policy, Oct, 2021
Federal Acquisition Regulation (FAR) staff
Internet Protocol Version 6 (IPv6), Dec, 2009 parts 7, 11, 12, and 39 as amended. (The NIST Special Publications for Profile for IPv6 and UGSv6 Test Methods referenced in the amended part 11 may be found in the NIST section below.)
Federal Communications Commission (FCC)
Potential Impacts on Communications From IPv4 Exhaustion & IPv6 Transition, Dec, 2010
FCC Information Technology (IT) Internet Protocol version 6 (IPv6) Compliance Policy, Apr, 2021
FCC IT IPv6 Procurement Checklist, Apr, 2021
FCC IT IPv6 Implementation Plan and Checklist (draft), Oct, 2021
Federal Retirement Thrift Investment Board (FRTIB)
FRTIB IPv6 Policy, Mar, 2021
Federal Trade Commission (FTC)
Internet of Things: Privacy & Security in a Connected World, Nov, 2013
Careful Connections: Keeping the Internet of Things Secure, Sep, 2020
U.S. Federal Trade Commission Transition to Internet Protocol version 6 (IPv6), Sep, 2021
General Services Administration (GSA)
GSA Acquisition Manual (GSAM), Section 511.170 Information Technology Coordination and Standards Part (e), Dec, 2024
GSA and IPv6 White Paper, Feb, 2004
Internet Protocol version 6 (IPv6) Policy 2120.1A CIO (internal GSA policy), Dec, 2025
GSA Cybersecurity. An ongoing collection of products, services, programs and policy documents
Cybersecurity Terms and Definitions for Acquisition, Jul, 2024
The GSA also frequently updates a webpage containing a collection of IPv6 contracting and security resources
Government Accountability Office (GAO)
INTERNET PROTOCOL VERSION 6: Federal Agencies Need to Plan for Transition and Manage Security Risks, GAO-05-471, May, 2005
INTERNET PROTOCOL VERSION 6 Federal Government in Early Stages of Transition and Key Challenges Remain, GAO-06-675, Jun, 2006
Technology Assessment: The Technology of Things, GAO-17-75, May, 2017
Internet of Things: Enhanced Assessments and Guidance are Needed to Address Security Risks in DOD, GAO-17-668, Jul, 2017
Critical infrastructure Protection: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid, GAO-19-332, Aug, 2019
DoD Needs to Improve Transition Planning, GAO-20-402, Jun, 2020
Internet of Things: Information on Use by Federal Agencies, GAO-20-577, Aug, 2020
Secret Service Has Made Progress Toward Zero Trust Architecture, but Work Remains, GAO-23-105466, Nov, 2022
Internal Revenue Service (IRS) (see the US Treasury)
Millennium Challenge Corporation
Internet Protocol Policy, Jul, 2021
National Aeronautics and Space Administration (NASA)
NASA Integrated Communication Services (NICS) IPv6 Best Practices Guide, Apr, 2014
Status of NASA's Transition To Internet Protocol Version 6 (IPV6), Sep, 2010
Policies to Ensure IPv6 Compliance in acquiring Information Technology (IT), May, 2016
Complete Transition to Internet Protocol version 6 (IPv6), May, 2021
NASA FAR Supplement, Jun, 2023
National Archives and Records Administration (NARA)
Office of Inspector General (OIG)
Audit of NARA's Transition to Internet Protocol Version 6, Mar, 2009
NARA 803, Internet Protocol Version 6 (IPv6) Policy, May, 2021
National Institute for Standards and Technology (NIST)
Planning Report 05-2, IPv6 Economic Impact Assessment Final Report, Oct, 2005 (A related article: Could IPv6 Improve Network Security? And If So, at What Cost?, Jun, 2005)
A Profile for IPv6 in the U.S. Government – Version 1.0, Special Publication 500-267, July, 2008 [Superseded Nov, 2020, by SP 267Br1]
USGv6 Test Methods: General Description and Validation - Version 2.0, Special Publication 500-273, Nov, 2009 [Superseded Nov, 2020 by SP 500-281Br1]
NIST Networks of ‘Things’ Special Publication 800-183, Jul, 2016
List of Standards and Guidance cited in NIST Privacy Framework Request for Information (RFI) Responses, Feb, 2019
NIST Zero Trust Architecture Special Publication 800-207A, Sep, 2023
The NIST Cybersecurity Framework (CSF) 2.0, Feb, 2024
NIST Federal Information Processing Standards (FIPS) 197, Advanced Encryption Standard (AES), May, 2023
NIST IPv6 Profile, Special Publication 500-267Ar1, Nov, 2020
NISTv6 Capabilities Table, Special Publication 500-267Ar1s, Nov, 2020
A Preliminary Update from the Internet of Things Federal Working Group, Jul, 2023
USGv6 Profile, Special Publication 500-267Br1, Nov, 2020
USGv6 Capabilities Table, Special Publication 500-267Br1s, Nov, 2020
USGv6 Test Program Guide, Special Publication 500-281Ar1, Nov, 2020
USGv6 Suppliers Declaration of Conformity, Special Publication 500-281Ar1s, Nov, 2020
USGv6 Test Methods: General Description and Validation, Special Publication 500-281Br1, Nov, 2020
Guidelines for the Secure Deployment of IPv6, Special Publication 800-119, Dec, 2010
Security and Privacy Controls for Information Systems and Organizations, Special Publication 800-53r5, Sep, 2020
Publications (a listing of documents published by the Cybersecurity for IoT Program)
NISTIR Internet of Things (IoT) Trust Concerns (unpublished DRAFT), Oct, 2018
Internet of Things Advisory Board
Internet of Things Federal Working Group
National Cybersecurity Center of Excellence (NCCoE)
Securing Home IoT Devices using Manufacture Usage Descriptions (MuD) (several topics), since May, 2021
Secure IPv6-only Implementation in the Enterprise (draft), Dec, 2021
Securing Distributed Energy Resources: An Example of Industrial internet of Things Cybersecurity 1800-32 (in 5 volumes), Feb, 2022
National Labor Relations Board
IPv6 Policy, Nov, 2021
National Security Agency (NSA)
Committee on National Security Systems (CNSS) Secretariat
CNSS Glossary, Apr, 2015
Digital Media Center Publications
The Next Wave: Internet of Things, Vol. 21, No. 2, Jan, 2016
IPv6 Security Guidance, PP-22-1805, Jan, 2023
National Telecommunications and Information Administration (NTIA)
Incentives, Benefits, Costs, and Challenges to IPv6 Implementation, Aug, 2016
Various comments (received in response to the above), Oct, 2016
Securities and Exchange Commission (SEC)
Chief Information Officer
Transition to Internet Protocol version 6 (IPv6), Jul, 2021
Social Security Administration (SSA)
SSA IPv6 Policy 2005-17-21 (informal)
Social Security Information Resources Management Strategic Plan, Fiscal Year 2007 (excerpt relating to IPv6)
Social Security Administration Enterprise Roadmap Fiscal Years 2014-2017, Mar 2014 (pages 100-102)
Office of the Inspector General
The Social Security Administration’s Implementation of Internet Protocol version 6, Aug, 2008
United States Agency for International Development (USAID)
Chief Information Officer (CIO)
ADS Chapter 509 Management and Oversight of Agency Information Technology Resources, Apr, 2021
ADS Chapter 549 Telecommunications Management, Apr, 2021
USAID Transition to Internet Protocol Version 6 (IPv6), May, 2022
Office of the Deputy Chief Information Officer (M/DCIO)
IPv6 Plans and Standards, Jun, 2006
Office of the Inspector General (OIG)
Audit of USAID's Implementation of Internet Protocol version 6, A-000-08-006-P, Sep, 2008
United States Commission on Civil Rights (CCR)
IPv6 Policy, May, 2021
United States Department of Agriculture (USDA)
Policies to Ensure IPv6 Compliance for Information Technology (IT) Purchases, Aug 2016
Procurement Advisory No. 127, Nov 2016
IPv6 Policy Waiver Request, Jun 2018
United States Department of Interior (DOI)
DOI Enterprise Transition Strategy, Feb, 2006
Transition to Internet Protocol Version 6, Jun 2021
United States Department of Labor (DOL)
DOL Enterprise Transition Plan - 2011, Apr, 2011
Complete Transition to Internet Protocol version 6 (IPv6), May, 2021
United States Department of State (DoS)
Department of State Internet Protocol version 6 (IPv6) Policy Statement, Sep, 2021
United States Department of Treasury (US Treasury)
Internet Protocol version 6 (IPv6) Implementation, Nov, 2005
Final Audit Report – Planning Is Underway for the Enterprise-Wide Transition to Internet Protocol Version 6, but Further Actions Are Needed, Feb, 2014
Acquisition Procedures Version 1.0, Oct, 2018, see part 1011.002(g)
Guidance for the Transition to Internet Protocol Version 6 (IPv6), May, 2021
Updated procedures for requesting IPv6 Waivers, Sep, 2024
The IRS Is Not Meeting Key Federal Requirements in its Transition to Internet Protocol Version 6, Sep, 2024
United States Environmental Protection Agency (EPA)
Information Directive CIO 2124.2 Internet Protocol Version 6 (IPv6) Compliance Policy, Sep, 2022
United States International Development Finance Corporation (DFC)
Office of Information Technology (OIT)
DFC Internet Protocol Policy IPv6, Feb, 2023
United States International Trade Commission (USITC)
INTERNET PROTOCOL VERSION 6 (IPV6) POLICY, 2021
United States Office of Government Ethics (OGE)
Internet Protocol Version 6 (IPv6) Implementation Plan, Sep, 2021
Internet Protocol Version 6 (IPv6) Policy, May, 2021
United States Occupational Safety & Health Review Commission (OSHRC)
OSHRC Policy for IPv6 (M-21-07), Jun, 2021
United States Postal Regulatory Commission (PRC)
Postal Regulatory Commission’s Transition to Internet Protocol version 6 (IPv6), Oct, 2021
Part 2: US Department of Defense (DoD) organizations documents
Defense Advanced Research Projects Agency (DARPA) (as sponsor of University of Pennsylvania)
A FRESH LOOK AT INTERNET PROTOCOL VERSION 6 (IPv6) FOR DEPARTMENT OF DEFENSE (DoD) NETWORKS, Aug, 2010
DoD Policy and Guidance
Defense Acquisition University (DAU)
Defense Acquisition Guidebook, Chapter 6 Information Technology and Business Systems, Section 3 Business Practice, Subsection 9 Enterprise Services, Subsubsection 3 Internet Protocol version 6 (IPv6)
Assistant Secretary of Defense (Networks and Information Integration) [which became the DoD Chief Information Officer in Nov, 2014]
Internet Protocol Version 6 (IPv6), Jun, 2003
Internet Protocol Version 6 (IPv6) Interim Transition Guidance, Sep, 2003
Internet Protocol Version 6 (IPv6) Policy Update, Aug, 2005
Transition Planning for Internet Protocol Version 6 (IPv6), Aug, 2005
THE DEPARTMENT OF DEFENSE INTERNET PROTOCOL VERSION 6 (IPV6) TRANSITION PLAN Version 2, Jun, 2006
DoD Internet Protocol Version 6 (IPv6) Implementation, Feb, 2008
DoD Internet Protocol Version 6 (IPv6) Definitions, Jun, 2008
Guidance and Policy for Implementation of OMB IPv6 FYs 2012 and 2014 Requirements, Mar, 2011
DoD IPv6 Standard Profiles For IPv6 Capable Products Version 6.0, Jul, 2011
DoD Chief Information Officer
DoD Information Enterprise Architecture (IEA) Version 2.0, Aug, 2012
DoD Policy Recommendations for the Internet of Things (IoT), Dec 2016
DoD Chief Information Officer (DoD CIO), Sep, 2017
DoD Internet Protocol Version 6 Implementation Direction and Guidance, Feb, 2019
DoD Zero Trust Strategy, Oct, 2022
DoD Instruction 8440.02 Implementation of Internet Protocol version 6, Dec, 2024
Deputy Secretary of Defense
(Note: Army, Navy, and Air Force IPv6 policy and guidance documents may also be found on their respective restricted-access websites mentioned in IPv6 and IoT Points of Contact in the FAQ section.)
Defense Information Systems Agency (DISA)
Unified Capabilities Requirements 2013 (UCR 2013) Change 2, Sep, 2017 (scroll down to Section 5 IPv6)
DISA/Information Assurance Support Environment
Security Requirements Guide (SRG)/Security Technical Implementation Guides (STIGs) -- public access
SRG/STIGs -- restricted access (authentication required)
DISA/IPv6 virtual Program Management Office (PMO), presented at AFCEA TechNet Cyber, Dec, 2020
Office of Inspector General
DoD Needs to Reinitiate Migration to Internet Protocol Version 6 (IPv6) (Redacted), DODIG-2015-044, Dec, 2014
(Note: Instructions to obtain a copy of the unredacted document are available here.)
(Also, see the report "DoD Needs to Improve Transition Planning", GAO-20-402, Jun, 2020, under the Government Accountability Office in Part 1 above.)
Audit of the DoD’s Compliance with Security Requirements When Using Commercial Cloud Services, DODIG-2023-052, Feb, 2023
Department of the Air Force
Air University
The Rise of IPv6: The Benefits and Costs of Transforming Military Cyberspace, Air & Space Power Journal, Mar-Apr 2015
Assistant Secretary of the Air Force (Acquisition) (SAF/AQ)
Air Force Guidance Memorandum to AFI 63-101/20-101, Integrated Life Cycle Management, Sep, 2016, Sect 7.4
Department of the Army (DA)
Army Regulation 25-1 Army Information Management Army Information Technology, Section 4-17b2, Jul 2019
Army Regulations 25-13 Army Telecommunications and Unified Capabilities, Sections 2-6 and 4-6, May 2017
Chief Information Officer Guidance for the Army’s Transition to Internet Protocol Version 6, May, 2024
Engineer Research and Development Center (ERDC)
Director, High Performance Computing Modernization Program (HPCMP)
Internet Protocol version 6 (IPv6), Aug, 2003
Department of the Navy (DN)
Naval Postgraduate School
United States Marine Corps (USMC)
Headquarters, U. S. Marine Corps, Command, Control, Communications, and Computers, Plans and
Policy Division
UNITED STATES MARINE CORPS INTERNET PROTOCOL VERSION 6 (IPV6) POLICY, Jan, 2004
UNITED STATES MARINE CORPS INTERNET PROTOCOL VERSION 6 (IPV6) TRANSITION PLAN Release 1.0, Jul, 2004
MARINE CORPS TRANSITION TO INTERNET PROTOCOL VERSION 6, Jun, 2022
United States Naval War College (NWC)
IPv6 Implementation at the Naval War College, Nov, 2020
United States Nuclear Regulatory Commission (NRC)
Plans to Complete Transition to Internet Protocol Version 6, May, 2021
Part 3: US Non-government and State and Local government organizations documents
Amazon Web Services, Inc. (AWS)
Ten Security Golden Rules for Industrial IoT Solutions, Sept, 2021
Armed Forces Communications and Electronics Association (AFCEA)
AFCEA International Cyber Committee
The Security Implications of the Internet of Things, Feb, 2015
California State
Senate Bill 327 Information privacy: connected devices (SB-327), Sep, 2018
Carnegie Mellon University
Software Engineering Institute
Industry Best Practices for Zero Trust Architecture, Dec, 2022
Center for Strategic and International Studies (CSIS)
Leveraging the Internet of Things for a More Efficient and Effective Military, Sep, 2015
Infoblox, Inc.
IPv6 Best Practices, Mar, 2017
Internet Society (ISOC))
Policy Brief: Adoption of IPv6, Apr, 2016
Massachusetts State
Office of the State Auditor
Audit of the Administration of the Internet of Things, Sept, 2018
New York City (NYC)
IoT Strategy: The New York City Internet of Things Strategy, Mar, 2021
Rand Corporation
The Internet of Bodies: Opportunities, Risk, and Governance, Apr, 2020
StateTech Magazine
IPv6 Upgrade, Sep, 2007
Washington State
Policy 300 – Statewide Migration to IPv6, Nov, 2017
The purpose of this form is to validate those sites with presence on the Defense Research and Engineering Network (DREN) and/or Secret Defense Research and Engineering Network (SDREN) are properly aligned with an accredited Tier 2 Cybersecurity Service Provider (CSSP) in accordance with DODI 8530.01, March 7, 2016, Incorporating Change 1, July 25, 2017. The required Cybersecurity activities include, but are not limited to: (1) Vulnerability and Analysis, (2) Vulnerability Management, (3) Malware Protection, (4) Information Security Continuous Monitoring (ISCM), (5) Cyber Incident Handling, (6) DODIN User Activity Monitoring (UAM) for DoD Insider Threat Program, and (7) Warning Intelligence.
HPC CSSP Validation Form (Updated 18 July 2022) [PDF - Reader Enabled Version]
The ASD-C3I announced the Department of Defense (DoD) Ports and Protocol Program (PNP) with the release of the 28 January 2003 memorandum entitled DoD Ports, Protocols, and Services Increasing Security at the Internet/DISN Boundary. This program represents a fundamental change in the DoD Computer Network Defense (CND) philosophy, replacing the current CND philosophy of "Deny by exception" with "Permit by exception". While the memorandum identifies only NIPRNET, DREN has maintained a comparable security posture and intends to maintain a security posture which will be comparable with the NIPRNET security posture, while continuing to support the Science and Technology community.
Program Plan
The High Performance Computing Modernization Program (HPCMP) has designated a point of contact (POC) to the Joint Task Force - Computer Network Operations (JTF-CNO). The POC is responsible for consolidating a list of automated information systems (AIS) required to support the Research and Development, Test and Evaluation, Modeling and Simulation and other Science and Technology Communities, including the protocols and/or ports utilized, as well as the technical necessity. This information will be uploaded into a DoD PNP Registration System. This information is provided to the DISN Security and Accreditation Working Group (DSAWG). The DSAWG will either approve or disapprove a system and its associated protocols and/or ports. If a request was not submitted, or the HPCMP POC disapproves, or the DSAWG disapproves the request and is not further adjudicated at a higher level, the JTF-CNO will direct HPCMP to deny any inbound packets over that port and/or protocol at the Internet Network Access Points (NAPs).
Program Execution
The timeline for the initiative began with the USSTRATCOM memorandum entitled Increasing Security at the Internet-Niprnet Boundary (Ports and Protocol Program) released February 13, 2003.
The DSAWG will evaluate requests prior to the implementation of any port/protocol blocks. The JTF-CNO will query the PnP Registration System for any requests that were submitted relevant to upcoming port ranges or protocol blocks. A port/protocol will be blocked if
- No requests for a port/protocol was submitted to the DoD PNP Registration System.
- HPCMP POC disapproves port/protocol due to conflict with existing port Blocking action.
- A request was submitted but was denied by the DSAWG.
Should the DSAWG approve a request then the associated ports/protocol will remain open for 12 months and will be reevaluated after that time. Component must ensure that the PNP registration system is maintained, to ensure that, should another combatant command, service, agency, or field activities request be disapproved at a later date, their mission critical ports/protocols are not closed.
Timeline
- 28 January 2003 - ASD-C3I release memorandum
- 12 February 2003 - ASD-C3I suspense to Components to provide JTF-CNO with PNP POCs
- 13 February 2003 - USSTRATCOM releases memorandum
- 13 March 2003 - Suspense or Component submitting PNP Waiver Requests to DoD PNP database
- 16 April 2003 - JTF-CNO directs blocking initial ports (1024 - 1000)
- Schedule bimonthly JTF-CNO directs additional port blocks based on success of initial blocks.
References
DoD Ports, Protocols and Services Security Technical Guidance
Firewall Guidance
- Listing of well-known port numbers and associated services
- Listing of well-known Transport Layer protocols
- DOD Instruction 8510.01 DoD Information Assurance Certification and Accreditation Process (DIACAP)
- DoD Directive 8500.1 Information Assurance
- DoD Instruction 8500.2 Information Assurance Implementation
- US-CERT: Control Systems Security Program
Ports and Protocols Registration Contact Information
DREN Operations
Commercial Phone: 703-812-4400
E-Mail: dren-ops [at] hpc.mil
Ports, Protocols and IP Address Exception Requests:
DREN Port and Protocol Exception Request Form (updated 01/05/2017)
Submit Exception Request to dren-ops [at] hpc.mil
Registration and adjudication questions:
DREN Operations
Commercial Phone: 703-812-4400
E-Mail: dren-ops [at] hpc.mil
HPCMP Security Action Officer
Commercial Phone: 703-812-4400
“Anything-as-a-Service (Xaas)”, also called “Everything-as-a-Service (also XaaS)”, can refer to any service, function or resource accessed over a network where the access methods used remain the same whether that network is a local network, wide area network, or the Internet. The article “Everything as a Service – Does it Really Work?” provides additional background information.
Consider the meaning of the term "as-a-Service" (aaS). While a few of the aaS examples listed below have been developed by a Standards Development Organization (SDO), the majority of them have multiple implementations, each developed by a separate Software Development Organization (SWDO). An SWDO is like an SDO in many organizational aspects, but its purpose is quite different. An SWDO is an organization formed by one or more interested individuals, non-commercial organizations and commercial companies. One purpose of an SWDO is to develop, publish, maintain and possibly even promote use of software (or devices and related software) within a defined scope of responsibility, and (for some SWDOs) another purpose is to function as an SDO for such software. An SWDO may even have additional purposes that are not limited to software development, such as hardware development. The scope of an SWDO may be self-defined or their scope may be defined by a higher-level organization.
Other than “Network-as-a-Service (NaaS)”, many XaaS offerings are beyond the scope of the Software-Defined Networking (SDN) knowledge base. It is worth noting that as is the case for SDN, such offerings are built with virtualization technology. It is also worth noting that use of the phrase "as-a-Service" has been coming for a long time (see this article), and may even have gotten out of hand long ago, as the article Is PaaS Passe yet? observed over fifteen years ago!! It is even being used to describe services provided by banking and construction companies, as shown by this article.
A partial list of services provided by computing hardware, computing software and computing services companies includes:
- Analytics-as-a-Service (AaaS),
- Application-Programming-Interface-(API)-as-a Service (APIaaS),
- Application-Delivery-as-a-Service (ADaaS, see Software-as-a-Service),
- Application-Platform-as-a-Service (APaaS),
- Artificial-Intelligence-as-a-Service (AIaaS),
- Authentication-as-a-Service (also AaaS),
- Backend-as-a-Service (BaaS),
- Backup-as-a-Service (also BaaS),
- Big-Data-as-a-Service (BDaaS),
- Blockchain-as-a-Service (also BaaS),
- Business-Process-as-a-Service (BPaaS),
- Cloud-as-a-Service (CaaS),
- Cloud-Network-as-a-Service (CNaaS),
- Communications-as-a-Service (CaaS),
- Communications-Platform-as-a-Service (CPaas),
- Compliance-as-a-Service (also CaaS),
- Connectivity-as-a-Service (also Caas),
- Containers-as-a-Service (also CaaS),
- Content-as-a-Service (also CaaS),
- Data-as-a-Service (DaaS),
- Database-as-a-Service (DBaaS),
- Data-Center-as-a-Service (DCaaS),
- Data-Center-Management-as-a-Service (DMaaS),
- Data-Lake-as-a-Service (DLaas),
- data-Platform-as-a-Service (dPaaS, see Big-Data-as-a-Service)
- Data-Protection-as-a-Service (also DPaaS)
- Data-Warehouse-as-a-Service (DWaaS),
- Desktop-as-a-Service (DaaS),
- Device-as-a-Service (also DaaS),
- Disaster-Recovery-as-a-Service (DRaaS),
- Domain-Name-Service-as-a-Service (DNSaaS or DNS-as-a-Service),
- Early-Warning-as-a-Service (EWaaS),
- Edge-as-a-Service (Eaas)
- Email-as-a-Service (also called EaaS),
- Environment-as-a-Service (also called EaaS),
- Firewall-as-a-Service (also called FaaS),
- FortiGate-as-a-Service,
- Framework-as-a-Service (also called FaaS, which became Platform-as-a-Service [PaaS]. See PaaS),
- Function-as-a-Service (FaaS),
- Hadoop-as-a-Service (HaaS, see Big-Data-as-a-Service),
- Hardware-as-a-Service (also HaaS),
- Identity-and-Access-Management-as-a-Service (IAMaaS),
- Identity-as-a-Service (IDaaS, also known as IaaS, see Identity-and-Access-Management-as-a-Service),
- Incident-Management-as-a-Service (IMaas),
- Information-Technology-as-a-Service (ITaaS),
- Information-Technology-(IT)-Service-Management-as-a-Service (ITSMaaS),
- Information-Technology-Monitoring-as-a-Service (ITMaaS, see Monitoring-as-a-Service),
- Infrastructure-as-a-Service (IaaS),
- Infrastructure-Management-as-a-Service (IMaaS), also called Remote-Infrastructure-Management (RIM),
- Integration-Platform-as-a-Service (iPaaS),
- IoT-as-a-Service (IoTaaS),
- Knowledge-as-a-Service (KaaS),
- Machine-Learning-as-a-Service (MLaaS),
- Managed-Cloud-as-a-Service (MCAAS)
- Managed-Content-as-a-Service (see Content-as-a-Service),
- Market Research-as-a-Service (MRAS),
- Metal-as-a-Service (MaaS),
- Middleware-as-a-Service (MWaaS),
- Mobile-Backend-as-a-Service (MBaaS), see Backend-as-a-Service),
- Mobility-as-a-Service (MaaS),
- Monitoring-as-a-Service (also MaaS),
- Network-as-a-Service (NaaS), also called Networking-as-a-Service or Network-as-a-Subscription,
- PC-as-a-Service (see Device-as-a-Service),
- Personal-Computer-as-a-Service (PCaaS, see Device-as-a-Service),
- Platform-as-a-Service (PaaS),
- Quantum-as-a-Service (QaaS)
- Rapid-App-Platform-as-a-Service (APaaS, see Application-Platform-as-a-Service),
- Recovery-as-a-Service (RaaS, see Disaster-Recovery-as-a-Service),
- Robot-as-a-Service (also RaaS),
- Robotics-as-a-Service (see Robot-as-a-Service),
- Search-as-a-Service (SaaS),
- Security-as-a-Service (also SaaS),
- Security-Monitoring-as-a-Service (SMaaS, see Security-as-a-Service),
- Software-as-a-Service (also SaaS),
- Storage-as-a-Service (STaaS, also SaaS, a type of Cloud Storage),
- Technology-as-a-Service (TaaS)
- Test-Data-as-a-Service (TDaaS),
- Testing-as-a-Service (TaaS), also called On-Demand Testing,
- Time-as-a-Service (TaaS),
- Training-as-a-Service (also TaaS),
- Unified-Communications-as-a-Service (UCaaS),
- Windows-as-a-Service (WaaS),
- Workplace-as-a-Service (also WaaS),
- Workspace-as-a-Service (also WaaS), and
- eXtended Detection and Response (XDR).
Several additional cloud services (listed below) are described separately on page 2 of this article beginning in section 2.2 Emerging cloud services:
- Beaconing-as-a-Service (also BaaS),
- Biometric Authentication-as-a-Service (BioAaaS),
- Business Integration-as-a-Service (BIaaS),
- Business Intelligence-as-a-Service (also BIaaS),
- Cashier-as-a-Service (also CaaS),
- Climate Analytics-as-a-Service (CAaaS).
- Confidentiality-as-a-Service (also CaaS),
- Content Distribution-as-a-Service (CoDaaS),
- Cooperation-as-a-Service (also CaaS),
- Crimeware-as-a-Service (also CaaS),
- Data Integrity-as-a-Service (DIaaS),
- Data Mining-as-a-Service (DMAS, also DMaaS),
- DDoS-as-a-Service (DDoSaaS),
- Description-as-a-Service (DESCaaS),
- Digital Forensics-as-a-Service (DFaaS),
- Digital Intellectual Property Resources-as-a-Service (DIPaaS),
- Disaster Tolerance-as-a-Service (DTaaS),
- Education and learning-as-a-Service (ELaaS),
- Energy-as-a-Service (also EaaS),
- Exploits-as-a-Service (also EaaS),
- Failure-as-a-Service (also FaaS),
- Failure Scenario-as-a-Service (FSaaS),
- Fault Masking-as-a-Service (FAS, also FMaaS),
- Financial Modeling and Prediction-as-a-Service (FMPaaS),
- Forensics-as-a-Service (FRaaS),
- Gaming-as-a-Service (GaaS),
- Handwritten Character Recognition-as-a-Service (HCRaaS),
- HPC-as-a-Service (HPCaaS),
- Intrusion Detection-as-a-Service (also IDaaS),
- Laboratories-as-a-Service (LaaS),
- Manufacturing-as-a-Service (MFGaaS),
- Mobility Prediction-as-a-Service (MPaaS),
- Object-as-a-Service (ObaaS),
- Ontology-as-a-Service (OaaS),
- Policing-as-a-Service (PolaaS),
- Policy Management-as-a-Service (IPMaaS),
- Proximity-as-a-Service (ProxaaS),
- RAN-as-a-Service (RANaaS),
- Risk-Assessment-as-a-Service (RAaaS),
- Routing-as-a-Service (also RaaS),
- Secure Logging-as-a-Service (SecLaaS),
- Sensing and Actuation-as-a-Service (SAaaS),
- Sensing-as-a-Service (also SaaS),
- Smart City-as-a-Service (SCaaS),
- Social Context-as-a-Service (SoCaaS , also SCaaS),
- Software Development-as-a-Service (SDaaS),
- Supply Chain-as-a-Service (also SCaaS),
- Test-Bed-as-a-Service (TBaaS, also TaaS),
- Things-as-a-Service (ThiaaS),
- Threat-as-a-Service (ThraaS, also TaaS),
- Ticketing-as-a-Service (TicaaS, also TaaS),
- Trust-as-a-Service (TraaS, also TaaS),
- Variability-as-a-Service (VaaS), and
- Virtual cluster-as-a-Service (ViteraaS).
Return to the SDN FAQ page.
Implementation of the fourth generation Defense Research and Engineering Network (DREN), appropriately named “DREN 4”, was completed in June 2023. DREN 4 supports the High Performance Computing Modernization Program (HPCMP) networking mission to provide robust, high-capacity, low-latency connectivity between the HPCMP’s DoD Supercomputing Resource Centers (DSRCs) and user sites. DREN 4 also supports the DoD research, test and engineering missions.
DoD sites are connected to the DREN 4 backbone at bandwidths ranging from 1 Gigabit per second (Gbps) to 100 Gbps. DREN 4 is fully Internet Protocol version 6 (IPv6) enabled, with support for legacy Internet Protocol version 4 (IPv4). DREN 4 complies with all DoD Security Regulations, and provides secure transport for data between DoD sites connected to the DREN backbone as well as the Internet. DREN 4 also provides secure data transfer with NIPRNet and other Federal and academic research networks at multiple peering locations within the continental United States and Hawaii.
Secret DREN (SDREN) is a virtual private network overlay on the DREN backbone using SDREN Service Delivery Routers (SDR) and NSA Type 1 encryptors with a common key. SDREN sites are connected to DREN at a minimum bandwidth of 1 Gbps.
For more information, please review the DREN Service Agreement, the SDREN Connection Approval Process, and/or contact the DREN Operations Team at dren-ops [at] dren.mil.
