Intelligence & Security

Program Protection Plan (PPP)

 

The Program Protection Plan (PPP) is the single source document used to coordinate and integrate all protection efforts.  It’s designed to deny access to Critical Program Information (CPI) to anyone not authorized, not having a need-to-know and prevent inadvertent disclosure of leading edge technology to foreign interests. The PPP is approved by the Program Manager (PM) after an Initial Capabilities Document (ICD) has been validated and is part of the Security Classification Guide (SCG). [1]

Program Protection Plan Outline and Guidance – July 2011

Template: Program Protection Plan (PPP)

 The following guidance describes the process used to prepare a PPP when one is required: [1]

  • Any program, product, technology demonstrator, or other item developed as part of a separate acquisition process, and used as a component, subsystem, or modification of another program, should publish a PPP.
  • Effectiveness of the PPP is highly dependent upon the quality and currency of information available to the program office.
    • Coordination between the Program Management Office (PMO) and supporting Counterintelligence (CI) and security activities is critical to ensure that any changes in the system CPI, threat, or environmental conditions are communicated to the proper organizations.
    • Intelligence and CI organizations supporting the program protection effort should provide timely notification to the PM of any information on adverse foreign interests targeting their CPI without waiting for a periodic production request.

While there is no specific format for PPPs, they normally include the following: [1]

  • System and program description
  • All program and support points of contact
  • A list of program CPI
  • Counterintelligence Analysis of CPI
  • Vulnerabilities of CPI
  • All Research and Technology Protection countermeasures (e.g., anti-tamper techniques, system security engineering) and Militarily Critical Technology List citations for applicable CPI
  • All RTP associated costs, by Fiscal Year, to include PPP development and execution
  • Counterintelligence Support Plan
  • Security Classification Guide
  • Foreign disclosure, direct commercial sales, co-production, import, export license or other export authorization requirements, and/or Technology Assessment/Control Plan
  • Delegation of Disclosure Authority Letter (DDL), if appropriate
  • Program Security Instruction, if appropriate

AcqTips:  

  • Detailed descriptions of program protection activities are provided in the Defense Acquisition Guidebook Chapter 13

AcqLinks and References:

Become an AcqNotes Member or Login to View Page Discussion