https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN45808-PPM_CIO-093-000-WEB-1.pdf
DEPARTMENT OF THE ARMY
CHIEF INFORMATION OFFICER
107 ARMY PENTAGON
WASHINGTON DC 20310-0107
CS-SEC-SC-093
SAIS-CS (25-1rrrr) 29 January 2026
MEMORANDUM FOR SEE DISTRIBUTION
SUBJECT: Department of the Army Small Unmanned Aircraft Systems Cybersecurity
Interim Guidance
1. References.
a. AR 25-2 (Army Cybersecurity).
b. Secretary of Defense memorandum (Unleashing U.S. Military Drone Dominance),
10 July 2025.
c. Executive Order 14307 (Unleashing American Drone Dominance), 6 June 2025.
d. NIST SP 800-37 (Risk Management Framework for Information Systems and
Organizations).
e. AR 70-1 (Army Operation of the Adaptive Acquisition Framework)
f. Army CIO Memorandum (Updated Amplifying Guidance for Army Authorizing
Officials), 14 April 2025.
2. Purpose. Provide interim cybersecurity guidance regarding the operation of small
unmanned aircraft systems (sUAS).
3. Applicability.
a. Per Army Regulation (AR) 25-2, the Army Chief Information Officer (CIO), on
behalf of the Secretary of the Army, establishes policy, resourcing, and oversight of the
Army Cybersecurity Program. This policy memorandum meets provisions outlined in
AR 25-2 (see reference 1a), where the Army CIO, if applicable, will issue policy
memoranda to amplify guidance for the policies in AR 25-2.
b. This policy applies to all Headquarters, Department of the Army (HQDA)
elements, Army Commands (ACOM), Army Service Component Commands (ASCC),
Direct Reporting Units (DRU), and the Reserve Component (Army National Guard/Army
National Guard of the United States, and the U.S. Army Reserve) regardless of the service
status.
SAIS-CS (25-1rrrr)
SUBJECT: Department of the Army Small Unmanned Aircraft Systems Cybersecurity
Interim Guidance
c. This policy does not apply to sUAS performing intelligence collection.
4. Background.
a. The Secretary of War (SecWar) has emphasized the importance of using group 1
and 2 UAS (henceforth referred to as sUAS in this memo), defined as UAS weighing 55
pounds or less, to increase the lethality of the warfighter. Rapid and mass procurement
of networked sUAS will require the Army to assume more cybersecurity risk. See
reference 1b.
b. To support the SecWar’s vision the Army must adjust its cybersecurity policies,
processes, and procedures to allow for rapid authorization of sUAS without exposing
the Army’s portion of the Department of War Information Network (DoWIN-A) to
unacceptable risk.
c. For the purposes of this memo, closed loop cyber networks are defined as the
connection between the sUAS, the device(s) that control/operate the sUAS, and any
remote viewing terminals/additional peripherals connected to the sUAS. So long as
none of the aforementioned devices/systems connect to the DoWIN, the sUAS is
considered to be operating in a closed loop cyber network/standalone.
5. Policy. Effective immediately—
a. Consistent with reference 1b, Commanders at the O-6 level and equivalents
(henceforth referred to as Commanders in this memo) that are authorized to procure,
test, and train with sUAS will follow the guidance set forth below.
b. sUAS procured by Commanders must not connect to the DoWIN or any other
Department of War (DoW) network before, during, or after operation unless the system
has both a valid authorization to operate (ATO) and authority to connect (ATC).
c. sUAS operating in a closed loop cyber network/standalone do not require an ATO
or an ATC so long as they do not connect to the DoWIN. Such systems must still meet
the requirements outlined in reference 1b.
d. All sUAS must have a valid ATO and ATC prior to connecting to the DoWIN.
(1) sUAS platforms on the Defense Innovation Unit (DIU)/Defense Contract
Management Agency (DCMA) Blue UAS Select list have a valid ATO through the Blue
UAS type accreditation and only require additional controls as identified by the system
owner and an ATC prior to connecting to the DoWIN. Additionally, the UAS
2
SAIS-CS (25-1rrrr)
SUBJECT: Department of the Army Small Unmanned Aircraft Systems Cybersecurity
Interim Guidance
Marketplace is finalizing accreditation, with full production and operational capability
expected by April 1, 2026.
(2) The assess and authorize process in eMASS is the only authorized process
for receiving an ATO and ATC on the DoWIN, and it is required for any platform that
does not have a valid existing ATO and/or ATC.
e. For components that are attached to an sUAS platform and require connectivity,
the component is assessed as part of the platform’s ATO and ATC.
f. sUAS with critical components from covered foreign entities may not connect to
Army networks. See references 1b and 1c.
6. Roles and responsibilities.
a. O-6 Commanders and equivalents will—
(1) Work with installation/theater spectrum manager to coordinate and deconflict
spectrum requirements when operating sUAS.
(2) Ensure data used, stored, or transmitted by sUAS is protected.
b. Spectrum Management Office will—
(1) Coordinate spectrum management for sUAS with Army Commands.
(2) Work with international partners to ensure compliance with spectrum
requirements for sUAS when operating outside of the United States.
c. System owners/operators will—
(1) Apply all applicable security controls and document in eMASS as outlined in
the sUAS’ ATO.
(2) Identify and apply additional security controls not covered in the sUAS’ ATO
as required for the ATO and ATC process.
7. Exception requests. Requests for exceptions to the requirements in this policy
should be documented and submitted to the CIO. Exception requests must include
justification (including cost and mission impacts). Each request will be adjudicated
based upon all factors including cybersecurity risk.
8. Points of contact.
3
SAIS-CS (25-1rrrr)
SUBJECT: Department of the Army Small Unmanned Aircraft Systems Cybersecurity
Interim Guidance
a. CIO Policy Inbox: usarmy.pentagon.hqda-cio.mbx.policy-inbox@army.mil.
b. Acting SAIS-CS Director: Mr. Nathan Colodney, Nathan.colodney2.civ@army.mil.
c. SAIS-CSP policy team: usarmy.pentagon.hqda-cio.mbx.sais-csp@army.mil.
LEONEL T. GARCIGA
Chief Information Officer
DISTRIBUTION:
Principal Officials of Headquarters, Department of the Army
Commander
U.S. Army Western Hemisphere Command
U.S. Army Forces Command
U.S. Army Transformation and Training Command
U.S. Army Materiel Command
U.S. Army Pacific
U.S. Army Europe and Africa
U.S. Army Central
U.S. Army North
U.S. Army South
U.S. Army Special Operations Command
U.S. Army Transportation Command
U.S. Army Space and Missile Defense Command/Army Strategic Command
U.S. Army Cyber Command
U.S. Army Medical Command
U.S. Army Intelligence and Security Command
U.S. Army Corps of Engineers
U.S. Army Audit Agency
U.S. Army Military District of Washington
U.S. Army Test and Evaluation Command
U.S. Army Human Resources Command
U.S. Army Corrections Command
U.S. Army Reserve Command
Superintendent, U.S. Military Academy
Director, U.S. Army Criminal Investigation Division
Director, U.S. Army Civilian Human Resources Agency
Executive Director, Military Postal Service Agency
(CONT)
4
SAIS-CS (25-1rrrr)
SUBJECT: Department of the Army Small Unmanned Aircraft Systems
Cybersecurity Interim Guidance
DISTRIBUTION: (CONT)
Director, U.S. Army Joint Counter-Small Unmanned Aircraft Systems Office
Superintendent, Arlington National Cemetery
Director, U.S. Army Acquisition Support Center
CF:
Commander, Eighth Army
5