Pentagon Issues Updated Mandate for IPv6 Implementation

Before wrapping up for the holiday season, the Pentagon issued a final mandate to military services and defense agencies instructing them to begin implementing modern internet addressing standards – and closely monitoring progress on that directive.

On Dec. 17, the Department of Defense (DoD) Office of the Chief Information Officer (CIO) released an updated document establishing policy and outlining procedures for deploying and using Internet Protocol Version 6 (IPv6) in DoD information systems.

In 2020, the Federal government mandated that all agencies and departments migrate from Internet Protocol version 4 (IPv4) to IPv6, which is considered more secure. Beginning in 2021, the DoD has been moving from legacy IPv4 to IPv6-only addresses. During this transition, IPv4 has been used, and many networks operated dual stack – running both IPv4 and IPv6 protocols simultaneously – as an interim solution toward an IPv6-only end state.

The updated policy explains that all new networked information systems that the military services and DoD components use should be IPv6-enabled before their operational use.

The document also details a phased implementation plan, specifying when IP-enabled assets on the DoD’s networks must transition to IPv6-only environments. It identifies DoD information systems that cannot be converted to IPv6 and mandates that all new and existing IP-enabled customer edge interfaces be configured with IPv6 addresses.

The updated policy also clarifies that the new implementation rules do not apply to national security systems, although these systems are still free to adopt IPv6 independently if they choose.

As part of the phased implementation plan, the DoD CIO will oversee the department’s IPv6 implementation progress, including the replacement or retirement of systems and applications that aren’t IPv6-capable.

The CIO will also review waiver requests for IPv6 requirements on a case-by-case basis and ensure that systems supporting enterprise security services are IPv6-capable and fully operable in IPv6-only environments.

The updated policy also tags the Defense Information Systems Agency (DISA) to maintain an IPv6 program management office to help manage and deconflict IPv6 priorities and plans. DISA will also be required to establish a knowledge base of IPv6 lessons learned from various pilot testing and limited deployments, as well as IPv6 training resources for network engineers and cybersecurity personnel.

DISA will also be responsible for updating IPv6 standards and implementation profiles in the DoD IT Standards Registry