The Dec. 30, 2020 instruction signed by Defense Department acquisition chief Ellen Lord "establishes policy, assigns responsibilities, and prescribes procedures for the management of cybersecurity risk by program decision authorities and program managers (PMs) in the DOD acquisition processes."