https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN40725-PPM_CIO-025-000-WEB-1.pdf
DEPARTMENT OF THE ARMY
CHIEF INFORMATION OFFICER
107 ARMY PENTAGON
WASHINGTON DC 20310-0107
UNCLASSIFIED
SAIS-CS (25-1rrrr)
CS-SEC-PV-025
MEMORANDUM FOR SEE DISTRIBUTION
SUBJECT: Delegation of Authority for Chief Information Security Officer Signature in
Privacy Impact Assessments
1. References.
a. E-Government Act of 2002, Public Law No. 107-347, Section 208 (2002),
44 U.S.C. § 3501.
b. DoDI 5400.16 (DoD PIA Guidance).
c. CIO memorandum (CS-SEC-PV-009: Delegation of Authority for Privacy Impact
Assessment Approval), 11 December 2023 (hereby rescinded).
d. AR 25-2 (Army Cybersecurity).
e. AR 25-22 (The Army Privacy and Civil Liberties Program).
f. AR 25-1 (Army Information Technology).
g. DA Pamphlet 25-1-1 (Army IT Implementation Instructions).
2. Background.
a. The E-Government Act of 2002, Section 208, requires a completed and approved
Privacy Impact Assessment (PIA). The Army Chief Information Officer (CIO) is the final
approval authority for PIAs per DoDI 5400.16.
b. The current process is inefficient, impacting operability at the system owner level.
To streamline the process for improved efficiency, the Deputy CIO is designated the
“reviewing official” per DoDI 5400.16 for PIAs when the CIO is unavailable for signature.
c. This memorandum supersedes reference 1c.
15 April 2024
UNCLASSIFIED
SAIS-CS (25-1rrrr)
SUBJECT: Delegation of Authority for Chief Information Security Officer Signature in
Privacy Impact Assessments
2
UNCLASSIFIED
3. Direction. As the Army CIO, I hereby delegate the Chief Information Security Officer
(CISO) signature for PIA to the Authorizing Official (AO) in accordance with DoDI 5400.16.
The AO will sign as the “designee” in Section 4, block f on DD Form 2930 for security
control compliance associated with systems requiring the use of Personal Identifiable
Information (PII).
a. This delegation to the CISO is effective immediately and will remain in effect until
revoked or superseded. Further delegation for designee signature in Section 4, block f
on DD Form 2930 is not permitted.
b. While the CISO signature is delegated as specified, all other signatures in the PIA
process remain undelegated. This delegation memo does not delegate the responsibility
of signature requirements on the DD Form 2930, Sections 4d, 4e, 4g, and 4h which are:
the Component Privacy Officer (CPO), Component Records Officer (CRO), Senior
Component Official for Privacy (SCOP), and Component CIO. These responsibilities will
remain at the Headquarters Department of the Army level.
4. Points of Contact.
a. For policy questions:
usarmy.belvoir.hqda-esa.mbx.rmda-foia-privacy-alert@army.mil.
b. ARMD Director: Ms. Joyce M. Luton, joyce.luton2.civ@army.mil.
c. ARMD Privacy and Civil Liberties Branch: Mr. Ngwarima M. Mutunhu,
ngwarima.m.mutunhu.civ@army.mil.
d. CIO Cybersecurity Directorate: Mr. Joe D. Bryant, Chief Oversight and
Compliance Division, joe.d.bryant4.civ@army.mil.
LEONEL T. GARCIGA
Chief Information Officer
DISTRIBUTION:
Principal Officials of Headquarters, Department of the Army
Commander
U.S. Army Forces Command
(CONT)
UNCLASSIFIED
SAIS-CS (25-1rrrr)
SUBJECT: Delegation of Authority for Chief Information Security Officer Signature in
Privacy Impact Assessments
3
UNCLASSIFIED
DISTRIBUTION: (CONT)
U.S. Army Training and Doctrine Command
U.S. Army Materiel Command
U.S. Army Futures Command
U.S. Army Pacific
U.S. Army Europe and Africa
U.S. Army Central
U.S. Army North
U.S. Army South
U.S. Army Special Operations Command
Military Surface Deployment and Distribution Command
U.S. Army Space and Missile Defense Command/Army Strategic Command
U.S. Army Cyber Command
U.S. Army Medical Command
U.S. Army Intelligence and Security Command
U.S. Army Corps of Engineers
U.S. Army Military District of Washington
U.S. Army Test and Evaluation Command
U.S. Army Human Resources Command
U.S. Army Corrections Command
U.S. Army Recruiting Command
Superintendent, U.S. Military Academy
Commandant, U.S. Army War College
Director, U.S. Army Civilian Human Resources Agency
Executive Director, Military Postal Service Agency
Director, U.S. Army Criminal Investigation Division
Director, Civilian Protection Center of Excellence
Director, U.S. Army Joint Counter-Small Unmanned Aircraft Systems Office
Superintendent, Arlington National Cemetery
Director, U.S. Army Acquisition Support Center
CF:
Principal Cyber Advisor
Director of Enterprise Management
Director, Office of Analytics Integration
Commander, Eighth Army