SA-14 — Criticality Analysis

Criticality analysis for acquired systems and services identifies which components are most critical to your mission and therefore require the most careful acquisition and supply chain protection.

Example 1: Before acquiring new systems, conduct a criticality analysis that evaluates how mission-critical each component is. A firewall protecting your CUI enclave is more critical than a printer in the break room — and the acquisition process for each should reflect that difference in criticality.

Example 2: Map acquired components to your mission functions and identify dependencies. If your email system goes down, which mission functions are affected and for how long? Use this analysis to prioritize which vendor relationships need the most oversight and which components need the fastest replacement options.