Intelligence & Security

Program Protection Plan (PPP)

The Program Protection Plan (PPP) is the single source document used to coordinate and integrate all protection efforts.  It’s designed to deny access to Critical Program Information (CPI) to anyone not authorized, not having a need to know and prevent inadvertent disclosure of leading-edge technology to foreign interests. The PPP is approved by the Program Manager (PM) after an Initial Capabilities Document (ICD) has been validated and is part of the Security Classification Guide (SCG). A draft is due for the Development RFP Release Decision and is approved at Milestone B. [1,2]

Guidance: Program Protection Plan Outline and Guidance – Jul 11

Developing the Program Protection Plan (PPP)

The following guidance describes the process used to prepare a PPP when one is required: [1]

Template: Program Protection Plan (PPP) v3.2 – Jul 11

  • Any program, product, technology demonstrator, or other item developed as part of a separate acquisition process and used as a component, subsystem, or modification of another program should publish a PPP.
  • The effectiveness of the PPP is highly dependent upon the quality and currency of the information available to the program office.
    • Coordination between the Program Management Office (PMO) and supporting Counterintelligence (CI) and security activities is critical to ensure that any changes in the system CPI, threat, or environmental conditions are communicated to the proper organizations.
    • Intelligence and CI organizations supporting the program protection effort should provide timely notification to the PM of any information on adverse foreign interests targeting their CPI without waiting for a periodic production request.

Program Protection Plan (PPP) Content

While there is no specific format for PPPs, they normally include the following: [1]

  • System and program description
  • All program and support points of contact
  • A list of program CPI
  • Counterintelligence Analysis of CPI
  • Vulnerabilities of CPI
  • All Research and Technology Protection countermeasures (e.g., anti-tamper techniques, system security engineering) and Militarily Critical Technology List citations for applicable CPI
  • All RTP associated costs, by Fiscal Year, to include PPP development and execution
  • Counterintelligence Support Plan
  • Security Classification Guide
  • Foreign disclosure, direct commercial sales, co-production, import, export license or other export authorization requirements, and/or Technology Assessment/Control Plan
  • Delegation of Disclosure Authority Letter (DDL), if appropriate
  • Program Security Instruction, if appropriate

Program Protection Plan (PPP) Regulations

A draft update is due for the Development RFP Release Decision and is approved at Milestone B. The PPP includes appropriate appendixes or links to required information. [2]


  • Detailed descriptions of program protection activities are provided in the Defense Acquisition Guidebook Chapter 13

AcqLinks and References:

Updated: 6/14/2021

Rank: G1

Leave a Reply