(4). POLICY. It is DoD policy to: (4.1). Identify and ensure the availability, integrity, survivability and adequacy of those assets, (domestic and foreign) whose capabilities are deemed critical to DoD Force Readiness and operations in peace, crisis, and war by providing for their protection from all hazards; mitigating the effect of their loss or disruption; and/or planning for timely restoral or recovery. The level of assurance appropriate for each asset is a risk management decision of the owning or controlling DoD Component, made in coordination with those dependent on the asset, and based on its criticality, the threat, and resources available. (4.2) Recognize that critical DoD equipment, facilities, and services are dependent upon non- DoD assets - the international and national infrastructures, other facilities and services of the private sector, and those of other Government Departments and Agencies; and that non-DoD assets essential to the functioning of DoD Critical Assets are also Critical Assets of concern to the Department of Defense. Critical Assets include information systems and computer-based systems and networks that can be distributive in nature. (4.3) Recognize that in peacetime responsibility for protecting non-DoD Critical Assets and designing their security rests primarily with the civil sector owners and with local, State, and Federal law enforcement authorities and that responsibility for protecting non-U.S. Critical Assets rests with the appropriate national authority. However, the Department of Defense must participate with the civil sector, emergency preparedness and law enforcement authorities in planning for Critical Asset assurance during an emergency, and must be prepared, in concert with the appropriate authorities and within defense priorities, to assist in their protection during emergencies, including natural disaster, physical or technical attack, and technological or other emergency that seriously degrades or threatens DoD operations. See: DoD Directives 3025.1, 3025.12, and 3025.15, references (f) through (h). (4.4) Provide an integrated asset and infrastructure vulnerability assessment and assurance program for the protection and assurance of DoD and non-DoD Critical Assets worldwide through the CAAP. The CAAP must provide a comprehensive and integrated decision support environment to represent the relationship between Critical Assets and force readiness and operations in peace, crisis or war that can be used to assess the dependencies, vulnerabilities and effects of the disruption or loss of Critical Assets or supporting infrastructures on their plans and operations. The CAAP must also provide the capability for Critical Asset assurance analysis, planning, prioritization, resource programming and response necessary to mitigate the disruption or loss of Critical Assets. It must also ensure that the collection, retention, and dissemination of CAAP information are in compliance with applicable U.S. law, statutes, directives, and policies as delineated by the established intelligence oversight program. See: DoD Directive 5240.1 and DoD 5240.l-R (references (i) and (j) )". (DoD, CAAP, January 20, 1998)