scope:

Purpose.

This pamphlet provides Program Managers (PM) with recommended protection planning activities for the integrated management of systems security risks. Risks to Air Force systems' advanced technology and mission-critical functionality can come from foreign intelligence services, design vulnerability, supply chain compromise, cyber or advanced persistent threats, or battlefield loss at any point in the system's life cycle. This pamphlet provides the procedures for the identification and protection of Critical Program Information (CPI) and critical components.

Technology and acquisition programs (including testing and sustainment activities) must be protected against hostile or criminal activities to keep technological advantages in and malicious or counterfeit content out.

In accordance with (IAW) DoDI 5200.39, DoDI O-5240.24, DoDI 3020.46, and DoDI 5200.44, program protection is focused on protecting CPI (leading edge research & technology and information about applications, processes, capabilities and end-items) and critical components. This is broken down as shown in Figure 1.1.