Leonel Garciga, the U.S. Army’s chief information officer and a two-time Wash100 awardee, has signed and issued a memorandum establishing an interim approved products list, or APL, that the Army can use pending the creation of a validated servicewide APL.
Published on June 4, the memo applies to all Army systems and components that receive, process, store, display or transmit data throughout the entire system development lifecycle, including platforms that support research, development, test and evaluation and Army-controlled systems operated by a contractor or an entity on behalf of the military branch.
Garciga will be one of the keynote speakers at the 2025 Army Summit on June 18. Hear speakers as they discuss the service’s modernization imperatives, force structure optimization, national security missions and more at this Potomac Officers Club-hosted event.
The Army CIO is responsible for developing APL policy, while the deputy chief of staff, G-6, leads its implementation.
Policy for Interim Army APL
According to the memo, all Army organizations will comply with the interim policy until a validated Army-wide APL is developed.
Army authorizing officials, or AOs, should not require a full assessment of a product on an APL. The sole requirement is that the organization should ensure that the APL item is suitable for operational use and its employment is consistent with the operational environment’s security measures.
The memo states that validating a product’s security on an APL will be managed through a documented configuration control process published by Headquarters Department of the Army for standardization throughout the branch.
The Army requires security testing results to be recorded in the eMASS record representing the authorization boundary where the product will be used.
The AO must approve use and reauthorize the boundary if introducing a product from an APL changes the accepted risk of an authorization boundary.
