Para 6.2 Intelligence
Users shall assess and evaluate information
superiority requirements. They shall determine the vulnerability of IT,
including NSS, supporting infrastructures, and the effectiveness of risk mitigation methods to reduce vulnerability to
an acceptable level.
Para 6.6 Information Assurance
PMs shall manage and engineer information systems
using the best processes and practices known to reduce security risks, including the risks to timely accreditation. Per DoDI 5200.40, they shall address information assurance
requirements throughout the life cycle of all DoD information systems....
Accordingly, for each information system development,
- Conduct a system risk assessment
based on system criticality, threat, and vulnerabilities;...
Para 6.7 Technology
Technology protection planning and development of
the PPP shall begin early in the acquisition life cycle. The following