CH 9–1. Purpose
The Defense Acquisition Guidebook (DAG), Chapter 9, provides guidance for the system security
engineering (SSE) discipline and Department of Defense (DoD) program protection for defense
acquisition programs. The program manager (PM) and the systems engineer (SE) should use DAG
Chapters 3 and 9 to effectively plan and execute program protection activities across the acquisition life
cycle.
CH 9–2. Background
Program protection provides the processes, methodologies, and techniques to enable program offices to
identify information, components, and technologies, as well as determine the most appropriate mix of
measures to protect the information, components, and technologies from known security threats and
attacks. These protection measures impact the development of the system being acquired, the operations
of the program office, and the means by which the items are acquired.
CH 9–2.1 Purpose of Program Protection
The purpose of program protection is to give PMs an effective way to understand, assess, and prioritize
the broad spectrum of security threats and attacks to the acquisition program, and to identify the right,
cost-effective mixture of measures to protect against such attacks. Since the scope of the acquisition
program can include all program and system information, organization and personnel, enabling networks,
and relevant systems (i.e., systems in acquisition, enabling systems, and support systems), PMs should
consider security threats and attacks to the following program elements that can be exposed to targeting:
Government program organization
Contractor organizations and environments
Software and hardware
System interfaces
Enabling and support equipment, systems, and facilities
Fielded systems.
To address threats and vulnerabilities associated with these program elements, program protection
focuses on (as shown in Figure 1):
Information (including program and system information)
Technology (critical program information (CPI))
Components (mission-critical functionality).
Figure 1: Key Program Protection Activities
