DoDI 8580.1, Information Assurance (IA) in the Defense Acquisition System, July 9, 2004, defines Mission Critical and Mission Essential:
E2.1.15. Mission Critical Information System. A system that meets the definitions of "information system" and "national security system" in reference (a), the loss of which would cause the stoppage of warfighter operations or direct mission support of warfighter operations. (Note: The designation of mission critical shall be made by a Component Head, a Combatant Commander, or their designee. A financial management IT system shall be considered a mission-critical IT system as defined by the USD(Comptroller). A "Mission-Critical Information Technology System" has the same meaning as a "Mission-Critical Information System.")
E2.1.16. Mission Essential Information System. A system that meets the definition of "information system" in reference (a), that the acquiring Component Head or designee determines is basic and necessary for the accomplishment of the organizational mission. (Note: The designation of mission essential shall be made by a Component Head, a Combatant Commander, or their designee. A financial management IT system shall be considered a mission-essential IT system as defined by the USD Comptroller). A "Mission-Essential Information Technology System" has the same meaning as a "Mission-Essential Information System.")
Note that Mission Assurance Category defined in DoDI 8580.1 do not correspond to "critical," "essential," and "support" mission categories.
E2.1.14. Mission Assurance Category (MAC). Applicable to DoD information systems, the mission assurance category reflects the importance of information relative to the achievement of DoD goals and objectives, particularly the warfighters' combat mission. Mission assurance categories are primarily used to determine the requirements for availability and integrity. The Department of Defense has three defined mission assurance categories:
E2.1.14.1. Mission Assurance Category I (MAC I). Systems handling information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness. The consequences of loss of integrity or availability of a MAC I system are unacceptable and could include the immediate and sustained loss of mission effectiveness. MAC I systems require the most stringent protection measures.
E2.1.14.2. Mission Assurance Category II (MAC II). Systems handling information that is important to the support of deployed and contingency forces. The consequences of loss of integrity are unacceptable. Loss of availability is difficult to deal with and can only be tolerated for a short time. The consequences could include delay or degradation in providing important support services or commodities that may seriously impact mission effectiveness or operational readiness. MAC II systems require additional safeguards beyond best practices to ensure adequate assurance.
E2.1.14.3. Mission Assurance Category III (MAC III). Systems handling information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed or contingency forces in the short-term. The consequences of loss of integrity or availability can be tolerated or overcome without significant impacts on mission effectiveness or operational readiness. The consequences could include the delay or degradation of services or commodities enabling routine activities. MAC III systems require protective measures, techniques, or procedures generally commensurate with commercial best practices.
DoDI 500.02, "Operation of the Defense Acquisition System," 7 January, 2015, defines Mission-Critical, Mission-Essential, and Mission-Support system:
Mission-Critical Information System. A system that meets the definitions of "information system" and "national security system" in the Clinger-Cohen Act
E2.1.16. Mission Essential Information System. A system that meets the definition of "information system" in reference (a), that the acquiring Component Head or designee determines is basic and necessary for the accomplishment of the organizational mission. (Note: The designation of mission essential shall be made by a Component Head, a Combatant Commander, or their designee. A financial management IT system shall be considered a mission-essential IT system as defined by the USD Comptroller). A "Mission-Essential Information Technology System" has the same meaning as a "Mission-Essential Information System.")
Note that Mission Assurance Category defined in DoDI 8580.1 do not correspond to "critical," "essential," and "support" mission categories.
E2.1.14. Mission Assurance Category (MAC). Applicable to DoD information systems, the mission assurance category reflects the importance of information relative to the achievement of DoD goals and objectives, particularly the warfighters' combat mission. Mission assurance categories are primarily used to determine the requirements for availability and integrity. The Department of Defense has three defined mission assurance categories:
E2.1.14.1. Mission Assurance Category I (MAC I). Systems handling information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness. The consequences of loss of integrity or availability of a MAC I system are unacceptable and could include the immediate and sustained loss of mission effectiveness. MAC I systems require the most stringent protection measures.
E2.1.14.2. Mission Assurance Category II (MAC II). Systems handling information that is important to the support of deployed and contingency forces. The consequences of loss of integrity are unacceptable. Loss of availability is difficult to deal with and can only be tolerated for a short time. The consequences could include delay or degradation in providing important support services or commodities that may seriously impact mission effectiveness or operational readiness. MAC II systems require additional safeguards beyond best practices to ensure adequate assurance.
E2.1.14.3. Mission Assurance Category III (MAC III). Systems handling information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed or contingency forces in the short-term. The consequences of loss of integrity or availability can be tolerated or overcome without significant impacts on mission effectiveness or operational readiness. The consequences could include the delay or degradation of services or commodities enabling routine activities. MAC III systems require protective measures, techniques, or procedures generally commensurate with commercial best practices.
DoDI 500.02, "Operation of the Defense Acquisition System," 7 January, 2015, defines Mission-Critical, Mission-Essential, and Mission-Support system:
Mission-Critical Information System. A system that meets the definitions of "information system" and "national security system" in the Clinger-Cohen Act
(Subtitle III of title 40 of U.S. Code (Reference (p))), the loss of which would cause the stoppage of warfighter operations or direct mission support of warfighter operations. (The designation of mission critical will be made by a DoD Component head, a Combatant Commander, or their designee. A financial management IT system will be considered a mission-critical IT system as defined by the Under Secretary of Defense (Comptroller) (USD(C)).)
A "Mission-Critical Information Technology System" has the same meaning as a "Mission-Critical Information System."
Mission-Essential Information System. A system that meets the definition of "information system" in 44 U.S.C. 3502 (Reference (aw)), that the acquiring DoD Component Head or designee determines is basic and necessary for the accomplishment of the organizational mission. (The designation of mission-essential will be made by a DoD Component head, a Combatant Commander, or their designee. A financial management IT system will be considered a mission-essential IT system as defined by the USD(C).) A "Mission-Essential Information Technology System" has the same meaning as a "Mission-Essential Information System."
Mission Support are information systems that do not fall into either Mission Critical or Mission Essential.
No comments:
Post a Comment