BY ORDER OF THE SECRETARY
OF THE AIR FORCE
AIR FORCE INSTRUCTION 10-2402
29 AUGUST 2017
Operations
CRITICAL ASSET RISK
MANAGEMENT PROGRAM
COMPLIANCE WITH THIS PUBLICATION IS MANDATORY
ACCESSIBILITY: Publications and forms are available on the e-Publishing website at
www.e-Publishing.af.mil for downloading and ordering
RELEASABILITY: There are no releasability restrictions on this publication
OPR: HQ USAF/A3OA
Certified by: AF/A3O
(Mr. Steven A. Ruehl)
Pages: 46
This Air Force Instruction (AFI) implements the DoDI 3020.45, Defense Critical Infrastructure
Program (DCIP) Management. It provides guidance and procedures to manage the
identification, prioritization, and assessment of Defense Critical Infrastructure (DCI) and assigns
responsibilities governing risk management including the acceptance, remediation, and/or
mitigation of DCI risks.
This instruction designates AF/A3OA as the Air Force’s (AF) single Office of Primary
Responsibility (OPR) for the Air Force Critical Asset Risk Management (CARM) Program and
authorizes it to establish and assign roles and responsibilities necessary for the execution of the
program, thereby fulfilling AF DCIP obligations laid out in DODI 3020.45. The AF CARM
Program’s primary focus is the identification, assessment, analysis, and management of risk of
loss to assets and supporting infrastructure deemed critical to execution of DoD and AF core
capabilities, functions, and missions. This Instruction is applicable to Headquarters Air Force
(HAF), Major Commands (MAJCOM), Field Operating Agencies (FOA), Direct Reporting Units
(DRU), Primary Support Units (PSU), Combatant Commands (CCMD), and Air National Guard
(ANG). This AFI may be supplemented at any level. Route an informational copy to AF/A3OA
after certification and approval. Refer recommended changes and questions about this
publication to the OPR using the AF Form 847, Recommendation for Change of Publication;
route AF Form 847 from the field through the appropriate functional chain of command. The
authorities to waive the requirements identified in this publication are identified with a tier (“T-0,
T-1, T-2, T-3”) number following the compliance statement. See AFI 33-360, Publications and
Forms Management, Table 1.1. for a description of the authorities associated with the tier
numbers. Submit requests for waivers through the chain of command to the appropriate tier
