Guidance for Video Teleconference Facility (VTF) Mission Assurance Category (MAC) & Confidentiality Level (CL)
Selecting the proper MAC & CL for your VTF is an important part of protecting the information that is vital to your mission. Your MAC and CL should be selected and documented based on Enclosure 4 of DoDI 8500.2, Information Assurance (IA) Implementation, pages 48-53:
http://www.dtic.mil/whs/directives/corres/pdf/850002p.pdf
MISSION ASSURANCE CATEGORY (MAC)
According to Department of Defense Directive 8500.01e, Information Assurance (IA), the mission assurance category (MAC) reflects the importance of information relative to the achievement of DoD goals and objectives, particularly the warfighters' combat mission.
Mission Assurance Category I (MAC I)
Systems handling information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness should be categorized as MAC I systems. In MAC I systems, the consequences of loss of integrity or availability are unacceptable and could include the immediate and sustained loss of mission effectiveness. MAC I systems require the most stringent protection measures. MAC I systems require high integrity and high availability. They Cannot go down without having a significant impact on your mission.
Mission Assurance Category II (MAC II)
Systems handling information that is important to the support of deployed and contingency forces can be categorized as MAC II systems. In MAC II systems, the consequences of loss of integrity are unacceptable. Loss of availability is difficult to deal with and can only be tolerated for a short time. The consequences could include delay or degradation in providing important support services or commodities that may seriously impact mission effectiveness or operational readiness. MAC II systems require additional safeguards beyond best practices to ensure adequate assurance. MAC II systems require high integrity and medium availability. They can go down for up to 24 hours without having a significant impact on your mission.
Mission Assurance Category III (MAC III)
Systems handling information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed or contingency forces in the short-term can be categorized as MAC III systems. For MAC III systems, the consequences of loss of integrity or availability can be tolerated or overcome without significant impacts on mission effectiveness or operational readiness. The consequences could include the delay or degradation of services or commodities enabling routine activities. MAC III systems require protective measures, techniques or procedures generally commensurate with commercial best practices. MAC III systems require basic integrity and basic availability. They can go down for up to 5 days without having a significant impact on your mission.
CONFIDENTIALITY LEVEL (CL)
According to Department of Defense Initiative (DoDI) 8500.2, Information Assurance (IA) Implementation, the confidentiality level is primarily used to establish acceptable access factors, such as requirements for individual security clearances or background investigations, access approvals, and need-to-know determinations; interconnection controls and approvals; and acceptable methods by which users may access the system (e.g., intranet, Internet, wireless).
Guidance for VTF that are MAC
DVS is a MAC II system. If your VTF is MAC I, you will need to ensure that compensating IA controls are in place for availability and integrity.
For more information, see the ATTACHMENT 1 TO ENCLOSURE 4, MISSION ASSURANCE CATEGORY I CONTROLS FOR INTEGRITY AND AVAILABILITY section of DoDI 8500.2: http://www.dtic.mil/whs/directives/corres/pdf/850002p.pdf
Alternate communication channels and hot failover are recommended for MAC I systems.