Critical Program Information (CPI)

Step 1: Identity: identify critical program information that requires protection to prevent reverse engineering
Step 2: Assess Risk: Determine the risk for each CPI and assess its impact – Risk Assessment
Step 3: Protect: Continually assess if the CPI is protected and new vulnerabilities haven’t arrised – Anti-Tamper ; cybersecurity

Critical Program Information (CPI) is the U.S. capability element that contributes to the warfighters’ technical advantage, which if compromised, undermines U.S. military preeminence. U.S. capability elements may include but are not limited to, software algorithms and specific hardware residing on the system, training equipment, and/or maintenance support equipment. [2]

Critical Program Information (CPI) Compromise May: [1]

Reduce U.S. technological superiority and shorten the combat-effective life of the system as the adversary develops and fields comparable capabilities and/or countermeasures;
Require research, development, and acquisition resources to counter the impact of compromise and regain or maintain the advantage;
Protection measures should be put in place to deter, delay, detect, and respond to attempts to compromise CPI.

Critical Program Information (CPI) Analysis

CPI analysis is the means by which programs identify, protect, and monitor CPI. This analysis should be conducted early and throughout the life cycle of the program. Additionally, because CPI is critical to U.S. technological superiority, its value extends beyond any one program. As a result, CPI analysis should consider the broader impact of CPI identification and protection on national security. [1]

DoD Instruction 5200.39: CPI Identification and Protection Within RDT&E – 15 Oct 2018

CPI includes information about applications, capabilities, processes, and end-items; Includes elements or components critical to a military system or network mission effectiveness; Includes technology that would reduce the US technological advantage if it came under foreign control. [2]