Mission Assurance Category (MAC) is applicable to Department of Defense (DoD) information systems and reflects the importance of information relative to the achievement of DoD goals and objectives, particularly the warfighters’ combat mission. Mission assurance categories are primarily used to determine the requirements for availability and integrity.
Definition: Mission Assurance is a term primarily used to determine the requirements for availability and integrity.
Baseline Information Assurance (IA) controls are formed by combining the appropriate MAC and Confidentiality Levels (Classified, Sensitive or Public) as specified in the formal requirements documentation; (Initial Capabilities Document (ICD), Capability Development Document (CDD), and Capabilities Production Document (CPD)). IA Controls addressing confidentiality requirements are based on the sensitivity or classification of the information. The MAC and IA Controls are detailed in the DoD Instruction 8500.2 “Information Assurance (IA) Implementation”.
Determine Mission Assurance Category (MAC)
The Risk Management Framework is the method used for determining the potential impact due to the loss of integrity and availability and assigning the appropriate mission Assurance category.
Mission Assurance Categories (MAC)
The Department of Defense has three (3) defined mission assurance categories: [1]
- Mission Assurance Category I (MAC I): Systems handling information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness. The consequences of loss of integrity or availability of a MAC I system are unacceptable and could include the immediate and sustained loss of mission effectiveness. Mission Assurance Category I systems require the most stringent protection measures.
- Mission Assurance Category II (MAC II): Systems handling information that is important to the support of deployed and contingency forces. The consequences of loss of integrity are unacceptable. Loss of availability is difficult to deal with and can only be tolerated for a short time. The consequences could include delay or degradation in providing important support services or commodities that may seriously impact mission effectiveness or operational readiness. Mission Assurance Category II systems require additional safeguards beyond best practices to ensure assurance.
- Mission Assurance Category III (MAC III): Systems handling information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed or contingency forces in the short term. The consequences of loss of integrity or availability can be tolerated or overcome without significant impacts on mission effectiveness or operational readiness. The consequences could include the delay or degradation of services or commodities enabling routine activities. Mission Assurance Category III systems require protective measures, techniques, or procedures generally commensurate with commercial best practices.
Mission Assurance Category (MAC) Definitions
Mission Assurance Categories | |||
MAC | Definition | Integrity | Availability |
I | These systems handle information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness. | High | High |
II | These systems handle information that is important to the support of deployed and contingency forces. | High | Medium |
III | These systems handle information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed or contingency forces in the short term. | Basic | Basic |
AcqLinks and References:
- [1] Defense Acquisition Guidebook (DAG) – Chapter 7
- DoD Directive 8500.02 “Information Assurance (IA) Implementation” – 6 Feb 2003
Updated: 7/9/2021
Rank: G2