You are here

Critical Program Information (CPI) Identification and Assessment Tool

Description:

TECHNOLOGY AREA(S): Info Systems 

OBJECTIVE: Develop an application that facilitates the identification of CPI and indexes horizontal protection efforts. The CPI tool should automatically identify key words surrounding the CPI and be formatted to search against networks for key-word related documents. The tool will be used to standardize CPI identification and assist programs and industry to identify files that should be afforded a higher level of protection. BLUF: There is no application available to provide a standardized, repeatable process for integrating steps to develop CPI. This effort will be used to develop a tool that incorporates CPI development processes into an easy to use application available for program protection and security personnel. This tool is expected to be available as a standalone application by the end of Phase II and developed with an open Application Programming Interface (API) for incorporation into laterally developing programs. 

DESCRIPTION: Although guidance exists on how to identify CPI, the guidance relates to required content and format rather than how program protection specialists complete the task of identifying what to protect, which is left up to individual specialists to interpret. In other instances, the guidance directs utilization of entities and activities external to the program, delaying progress. These inconsistences and delays result in (a) significant duplication of effort, and (b) conflicting guidance between horizontally protected programs. These inconsistent and improper protective measures often result in the adversary exploiting the warfighter’s technological advantage and stealing significant development efforts within DoD’s complex Research, Development, Testing and Evaluation efforts. This effort will develop and standardized a repeatable processes, toolsets, and techniques for development of CPI. This will result in an application comprised of: (1) a demonstrator of the CPI toolkit and processes in an automated system; (2) an operator manual for employing tools and processes; and (3) a training package consisting of presentations, and practical exercises to provide individuals direct experience employing CPI tools and processes. It will facilitate coordination and development for existing disciplines supporting RDT&E efforts such as cyber security, counterintelligence, operations security, anti-tamper, and public release of program information (including budget/R2 reporting, Distribution A statement determinations, etc). The toolkit will provide multiple products in a stair-step fashion to enable DOD to migrate it across the department and into industry partners. Successful transition of the guide, training package and automated system to the Under Secretary of Defense for Intelligence (USD(I)), Defense Security Services and/or the Office of the Under Secretary of Defense for Research & Engineering will facilitate protection planning and messaging in a proactive manner for any formal or proposed DOD RDT&E effort. 

PHASE I: Define and develop a concept for a CPI Identification and Assessment tool that can be readily accessible to the users, facilitate and drive CPI development, automatically create and store key words associated with the CPI and technology, and search and find documents containing CPI on a network. Phase I will capture the CPI development processes, map inputs, outputs and establishing rule sets resulting in a draft requirements document for automation efforts, as well as structure outlines for the reference guide and training package. Phase I, assuming the assessment supports concept feasibility; describe the approach and capability to build a prototype unit in Phase II. 

PHASE II: Develop reference guide and training package, create an automated CPI toolkit, and establish an integration solution to capture previous efforts within existing Acquisition Security Databases; automatically identify and link related efforts to ensure horizontal protective measures are met. The guide and training package can be transitioned and immediately migrated across the DOD while work on the automated system progresses. Based upon successful demonstration and third party test and evaluations, transition the pilot capabilities as a standalone executable program within months of the demonstration and a web-based version within 24 months. Web-versions and archival databases will be appropriately hardened against cyber attack and be consistent with current Risk Management Framework (RMF) requirements. PRIVATE SECTOR COMMERCIAL POTENTIAL: Private sector commercial potential includes using the CPI tools to articulate, find and protect intellectual property. It will also assist industry security professionals to better find, and subsequently protect, files deemed most important by their gov’t sponsors. 

REFERENCES: 

1: DoD Instruction (DoDI) 5200.39, "Critical Protection Information (CPI) Identification and Protection Within research Development, Test, and Evaluation (RDT&E)," May 28, 2015

2:  Shanahan, Raymond. (2015). Identification and Protection of Critical Program Information (CPI). https://www.acq.osd.mil/se/briefs/2015_10_27_NDIA18-Ident-CPI-Shanahan.pdf.

KEYWORDS: Critical Program Information Development, Horizontal Protection, CPI Discovery Method 

CONTACT(S): 

sbir@sco.mil 

US Flag An Official Website of the United States Government