<P> OPSEC is a five - step iterative process that assists an organization in identifying specific pieces of information requiring protection and employing measures to protect them . </P> <Ol> <Li> Identification of Critical information: Critical information is information about friendly intentions, capabilities and activities that allow an adversary to plan effectively to disrupt their operations . U.S. Army Regulation 530 - 1 has redefined Critical Information into four broad categories, using the acronym CALI - Capabilities, Activities, Limitations (including vulnerabilities), and Intentions . This step results in the creation of a Critical Information List (CIL). This allows the organization for focus resources on vital information, rather than attempting to protect all classified or sensitive unclassified information . Critical information may include, but is not limited to, military deployment schedules, internal organizational information, details of security measures, etc . </Li> <Li> Analysis of Threats: A Threat comes from an adversary--any individual or group that may attempt to disrupt or compromise a friendly activity . Threat is further divided into adversaries with intent and capability . The greater the combined intent and capability of the adversary, the greater the threat . This step uses multiple sources, such as intelligence activities, law enforcement, and open source information to identify likely adversaries to a planned operation and prioritize their degree of threat . </Li> <Li> Analysis of Vulnerabilities: Examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary's intelligence collection capabilities identified in the previous action . Threat can be thought of as the strength of the adversaries, while vulnerability can be thought of as the weakness of friendly organizations . </Li> <Li> Assessment of Risk: First, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability . Second, specific OPSEC measures are selected for execution based upon a risk assessment done by the commander and staff . Risk is calculated based on the probability of Critical Information release and the impact if such as release occurs . Probability is further subdivided into the level of threat and the level of vulnerability . The core premise of the subdivision is that the probability of compromise is greatest when the threat is very capable and dedicated, while friendly organizations are simultaneously exposed . </Li> <Li> Application of Appropriate OPSEC Measures: The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, includes the measures in specific OPSEC plans . Countermeasures must be continually monitored to ensure that they continue to protect current information against relevant threats . The U.S. Army Regulation 530 - 1 refers to "Measures" as the overarching term, with categories of "Action Control" (controlling one's own actions); "Countermeasures" (countering adversary intelligence collection); and "Counteranalysis" (creating difficulty for adversary analysts seeking to predict friendly intent) as tools to help an OPSEC professional protect Critical Information . </Li> </Ol> <Li> Identification of Critical information: Critical information is information about friendly intentions, capabilities and activities that allow an adversary to plan effectively to disrupt their operations . U.S. Army Regulation 530 - 1 has redefined Critical Information into four broad categories, using the acronym CALI - Capabilities, Activities, Limitations (including vulnerabilities), and Intentions . This step results in the creation of a Critical Information List (CIL). This allows the organization for focus resources on vital information, rather than attempting to protect all classified or sensitive unclassified information . Critical information may include, but is not limited to, military deployment schedules, internal organizational information, details of security measures, etc . </Li> <Li> Analysis of Threats: A Threat comes from an adversary--any individual or group that may attempt to disrupt or compromise a friendly activity . Threat is further divided into adversaries with intent and capability . The greater the combined intent and capability of the adversary, the greater the threat . This step uses multiple sources, such as intelligence activities, law enforcement, and open source information to identify likely adversaries to a planned operation and prioritize their degree of threat . </Li>

What does cali stand for in the army