https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN45117-PPM_CIO-090-000-WEB-1.pdf
DEPARTMENT OF THE ARMY
CHIEF INFORMATION OFFICER
107 ARMY PENTAGON
WASHINGTON DC 20310-0107
CS-SEC-RI-090
SAIS-CS (25-1rrrr) 11 September 2025
MEMORANDUM FOR Army National Guard, Chief Information Officer (G-6),
111 South George Mason Drive, Arlington, VA 22204-1382
SUBJECT: Secret Internet Protocol Router Network Risk Management Framework
Army National Guard Installation Campus Area Networks
1. References.
a. AR 25-2 (Army Cybersecurity).
b. DoDI 8510.01 (Risk Management Framework for DoD Systems).
c. DA Pam 25-2-14 (Risk Management Framework for Army Information
Technology).
d. NIST SP 800-37 (Risk Management Framework for Information Systems and
Organizations).
Purpose. Suspend operations of the Secret Internet Protocol Router (SIPR)
Risk Management Framework (RMF) requirements for the Army National Guard
(ARNG) SIPR Installation Campus Area Networks (ICANs).
Applicability. This policy applies to the ARNG and governs the ARNG SIPR ICANs.
Per AR 25-2, the Army Chief Information Officer (CIO), on behalf of the Secretary of the
Army, establishes policy, resourcing, and oversight of Army cybersecurity. This policy
memorandum meets provisions outlined in AR 25-2, para 1 8, where the Army CIO, if
applicable, will issue policy memoranda to amplify guidance for the policies in AR 25-2.
Background.
The U.S. Army is developing the Global Secure Network (GSN) to provide secure
access to classified
to modernize communications and network infrastructure.
b. The GSN is scheduled to replace legacy SIPR Top Level Architecture (TLA)
stacks, enhancing security and streamlining operations.
SAIS-CS (25-1rrrr)
SUBJECT: Secret Internet Protocol Router Network Risk Management Framework
Army National Guard Installation Campus Area Networks
c. The GSN schedule for completion is the second quarter of Fiscal Year 2026
(FY26QTR2) and ARNG is priority for fielding. This capability will outpace
administrative work to perform individual ATOs of ARNG ICANs, which will inherit
Army DoD Enterprise ATO, and add additional $1.5M of cost.
5. Roles and Responsibilities.
a. The ARNG Authorizing Official (AO) is responsible for implementing RMF policy
for applicable ICANs.
b. The ARNG retains responsibility for operating SIPR ICANs at a risk level
determined acceptable by the Army CIO.
c. The ARNG will have active Cybersecurity Service Provider (CSSP) oversight by
ARNG RCC (Regional Cyber Center) under ARCYBER Direction.
6. Policy.
a. The ARNG is not required to complete normal Authority to Operate (ATO)
requirements for the SIPR ICANs due to the shift to GSN.
b. The Army CIO accepts the current risks subject to the ARNG adhering to
following requirements: ARNG will comply with standards established by the CIO to
serve as a bridge until GSN is established. Additionally, an enterprise ATO based on a
Unified Network eMASS record must be in place.
c. The ARNG will discontinue RMF efforts for ARNG State and Territory SIPR
ICANs effective immediately.
7. Points of contact.
a. CIO Policy Inbox: usarmy.pentagon.hqda-cio.mbx.policy-inbox@army.mil
b. HQDA CIO Cybersecurity Directorate, Oversight and Compliance Division:
usarmy.pentagon.hqda-cio-g-6.mbx.rmf-team@army.mil
c. SAIS-CSP Policy Team: usarmy.pentagon.hqda-cio.mbx.sais-csp@army.mil
LEONEL T. GARCIGA
Chief Information Officer
CF: (see next page)
2
SAIS-CS (25-1rrrr)
SUBJECT: Secret Internet Protocol Router Network Risk Management Framework
Army National Guard Installation Campus Area Networks
CF:
Director, Army National Guard
Deputy Chief , G-6
U.S. Army Cyber Command
3