The priority focus under cyberspace protection conditions (CPCON) depends on the level of threat, from very low to very high risk. The key CPCON levels are:
- CPCON 1 (Very High risk): Priority focus is strictly on critical functions.
- CPCON 2 (High risk): Priority expands to critical and essential functions.
- CPCON 3 (Medium risk): Priority includes critical, essential, and support functions.
- CPCON 4 and CPCON 5 (Low to very low risk): Priority is on all functions without restriction.
Thus, when the cyberspace protection condition is at the highest alert (CPCON 1), the priority focus is limited to critical functions only to protect the most important assets and operations.
Other cybersecurity frameworks may define protection priority conditions differently, such as compliance, business continuity, impact minimization, and risk mitigation, each focusing on regulatory adherence, maintaining critical business functions, limiting attack damage, or reducing overall risk respectively.
Summary Table for CPCON Priority Focus
CPCON Level| Risk Level| Priority Focus
---|---|---
CPCON 1| Very High| Critical Functions Only
CPCON 2| High| Critical and Essential Functions
CPCON 3| Medium| Critical, Essential & Support Functions
CPCON 4| Low| All Functions
CPCON 5| Very Low| All Functions
This system helps organizations allocate resources effectively by focusing strictly on critical operations during severe threats and protecting all functions when the threat is minimal.
