DL1.1.21. Program Protection Survey. A survey, conducted during each
acquisition phase, to assess the effectiveness of the countermeasures
prescribed in the program protection plan at a specific point in time.
DL1.1.22. Program Protection Threats. The program protection threats
include life-cycle protection threats, foreign intelligence collection
efforts, and unauthorized disclosure of essential program information,
technologies, and systems during the acquisition process.
DL1.1.23. Risk Manaegment. The comparison and analysis of the
relative threat (intent and capability to collect the information); the
vulnerability of the asset; the cost and administrative burden of possible
countermeasures; and the value of the asset used to determine the appropriate
level of protection to control and reduce the risk of compromise or disclosure
to acceptable levels. Risk management allows the acceptance of risk in the
security process based upon a cost-benefit analysis.
DL1.1.24. Sensitive Information. Any information, the loss,
misuse, or unauthorized access to which would or could adversely affect the
organizational and/or national interest but which does not meet classification
criteria specified in DOD 5200.1-R (reference
DL1.1.25. Special Access Program. Any program imposing need-to-know
or access controls beyond those normally provided for access to Confidential,
Secret, or Top Secret information. Examples of such controls include,
but are not limited to, special clearance, adjudication, or investigative
requirements; special designation of officials authorized to determine need to
know; or special lists of persons determined to have a need-to-know.
DL1.1.26. System Decomposition. The separation of the major
mission functions and capabilities of the system and then identifying those
components or technologies that give the system this ability.
DLI.1.27. System Security Engineering (SSE). An element of system
engineering that applies scientific and engineering principles to identify and
reduce system susceptibility to damage, compromise, or destruction; the
identification, evaluation, and elimination or containment of system
vulnerabilities to known or postulated security threats in the operational
DL1.1.28. System Security Management Plan. A formal document that
fully describes the planned security tasks required to meet system security
engineering requirements, including organizational responsibilities, methods
of accomplishment, milestones, depth of effort, and integration with other
program engineering, design and management activities, and related
DL1.1.29. System Threat. The threat to be countered by the
defense system being acquired.
DL1.1.30. System Threat Assessment Report (STAR). The basic
authoritative threat assessment, tailored for and focused on, a particular
(i.e., single) U.S. major defense system. It describes the threat to be
countered in the projected threat environment. The threat information should
reference DIA-validated documents.