This regulation assigns responsibilities and prescribes policies for developing plans to protect critical program information, conducting supply-chain risk management, and performing damage assessment activities resulting from a compromise of unclassified program information. It provides a disciplined approach for managing the risks to advanced technology and mission-critical system functionality within Army capabilities from foreign collection, design vulnerability, supply chain exploitation, and battlefield loss.