Initial draft for fedramp2.0.0-oscal1.0.4 release. Subject to change.
+Initial draft for fedramp2.0.0-oscal1.0.4 release. Subject to change.
The organization that prepared this content.
This party entry must be present in a FedRAMP SSP.
-The uuid may be different; however, the uuid must be associated with the - "fedramp-pmo" role in the responsible-party assemblies.
+The uuid may be different; however, the uuid must be associated with the "fedramp-pmo" role in the responsible-party assemblies.
This EXPERIMENTAL file exteneds OSCAL to meet FedRAMP requirements.
-It provides the extensions, defined identifiers, and acceptable values in a machine-readable format necssary to meet FedRAMP Authorization Package requirements.
+This EXPERIMENTAL file extends OSCAL to meet FedRAMP requirements.
+It provides the extensions, defined identifiers, and acceptable values in a machine-readable format necessary to meet FedRAMP Authorization Package requirements.
This document only.
This document only.
+Select documents.
Select documents.
+Entire stack.
Entire stack.
+This appears in FedRAMP profiles and resolved profile catalogs.
@@ -104,52 +107,54 @@For control objectives, it signals to the assessor which control objectives must appear in the assessment results, which aligns with the FedRAMP test case workbook.
On the revision element in the revision history, the party-uuid extension must match the UUID of an existing party in the metadata.
On the revision element in the revision history, the party-uuid extension must match the UUID of an existing party in the metadata.
+Core controls must be assessed every year, and are often subject to additional scrutiny by assessors and adjudication reviewers.
FedRAMP requires all Low systems to be at Level 1
FedRAMP requires all Low systems to be at Level 1
+Values are as required by FedRMAP for packages based on NIST 800-53, Revision 4.
+Values are as required by FedRAMP for packages based on NIST 800-53, Revision 4.
Authoritative source: OPM Position Designation (Page 18).
When an prop is defined as an extension, a separate constraint assembly is needed to specify datatype and allowed values on the @value
flag.
When an prop is defined as an extension, a separate constraint assembly is needed to specify data type and allowed values on the @value
flag.
This is for legacy SSP convertion to OSCAL. The preferred approach is to specificy the leveraged system as a component
and reference it in the control using by-component
.
This is for legacy SSP conversion to OSCAL. The preferred approach is to specify the leveraged system as a component
and reference it in the control using by-component
.
When an prop is defined as an extension, a separate constraint assembly is needed to specify datatype and allowed values on the @value
flag.
When an prop is defined as an extension, a separate constraint assembly is needed to specify data type and allowed values on the @value
flag.
As with all URIs in OSCAL, this may contain a URI fragment, which identifies the local resource containing the relevant profile.
Impacted control is required in the POA&M and optional in the SAR.
-It is allowed in the SAR in anticipation of duplicatng open risks from the SAR to the POA&M.
+It is allowed in the SAR in anticipation of duplicating open risks from the SAR to the POA&M.
In the SSP, if implemented-requirement
includes prop[@name='implementation-status']
with value='planned'
, a planned-completion-date
extension must be provided.
The port field is a FedRAMP extension - a property assigned to a component with a component type of 'interconnection'.
When this extension is present, it must include a @class
flag with a value of either 'local' or 'remote'.
The port field is a FedRAMP extension - a property assigned to a component with a component type of 'interconnection'.
@@ -1100,9 +1107,9 @@This requires an additional component type in the SAP's assessment-assets
, and in the SAR's result
, local-definitions
, assessment-assets
.
These are in addition to the NIST-defined allowed values for role identifiers, and apply to all OSCAL-based FedRAMP content.
These are in addition to the NIST-defined allowed values for role identifiers, and apply to all OSCAL-based FedRAMP content.
+These are in addition to the NIST-defined allowed values for role identifiers, and apply to OSCAL-based FedRAMP SAP and SAR content.
These are in addition to the NIST-defined allowed values for role identifiers, and apply to OSCAL-based FedRAMP SAP and SAR content.
+These are in addition to the NIST-defined allowed values for resource types.
These are in addition to the NIST-defined allowed values for resource types.
+These are in addition to the NIST-defined allowed values for resource types.
These are in addition to the NIST-defined allowed values for resource types.
+FedRAMP only allows information types defined in NIST SP 800-60v2r1.
FedRAMP only allows information types defined in NIST SP 800-60v2r1.
+Initial draft for fedramp2.0.0-oscal1.0.4 release. Subject to change.
The organization that prepared this content.
This party entry must be present in a FedRAMP SSP.
-The uuid may be different; however, the uuid must be associated with the - "fedramp-pmo" role in the responsible-party assemblies.
+The uuid may be different; however, the uuid must be associated with the "fedramp-pmo" role in the responsible-party assemblies.
This file provides the FedRAMP threat table from the MS Word-based FedRAMP SAR template in machine-readable format.
Alteration of data, files, or records.
Alteration of data, files, or records.
+An unauthorized user gains access to the audit trail and could cause audit records to be deleted or modified, or prevents future audit records from being recorded, thus masking a security relevant event.
An unauthorized user gains access to the audit trail and could cause audit records to be deleted or modified, or prevents future audit records from being recorded, thus masking a security relevant event.
+An intentional explosion.
An intentional explosion.
+Cut of fiber optic lines, trees falling on telephone lines.
Cut of fiber optic lines, trees falling on telephone lines.
+Eavesdropping can occur via electronic media directed against large scale - electronic facilities that do not process classified National Security - Information.
Eavesdropping can occur via electronic media directed against large scale electronic facilities that do not process classified National Security Information.
+Unauthorized user could gain access to the information systems by - random or systematic guessing of passwords, possibly supported by - password cracking utilities.
Unauthorized user could gain access to the information systems by random or systematic guessing of passwords, possibly supported by password cracking utilities.
+An attacker uses techniques that could result in the disclosure of sensitive - information by exploiting weaknesses in the design or configuration.
An attacker uses techniques that could result in the disclosure of sensitive information by exploiting weaknesses in the design or configuration.
+Human inattention, lack of knowledge, and failure to cross-check system - activities could contribute to errors becoming integrated and ingrained in - automated systems.
Human inattention, lack of knowledge, and failure to cross-check system activities could contribute to errors becoming integrated and ingrained in automated systems.
+An adversary uses techniques to attack a single target rendering it unable - to respond and could cause denial of service for users of the targeted - information systems.
An adversary uses techniques to attack a single target rendering it unable to respond and could cause denial of service for users of the targeted information systems.
+An adversary uses multiple compromised information systems to attack a - single target and could cause denial of service for users of the targeted - information systems.
An adversary uses multiple compromised information systems to attack a single target and could cause denial of service for users of the targeted information systems.
+Seismic activity can damage the information system or its facility. Refer - to the following document for earthquake probability maps - http://pubs.usgs.gov/of/2008/1128/pdf/OF08-1128_v1.1.pdf
Seismic activity can damage the information system or its facility. Refer to the following document for earthquake probability maps http://pubs.usgs.gov/of/2008/1128/pdf/OF08-1128_v1.1.pdf
+Disruption of electronic and wire transmissions could be caused by high - frequency (HF), very high frequency (VHF), and ultra-high frequency - (UHF) communications devices (jamming) or sun spots.
Disruption of electronic and wire transmissions could be caused by high frequency (HF), very high frequency (VHF), and ultra-high frequency (UHF) communications devices (jamming) or sun spots.
+The illegal covert act of copying, reproducing, recording, photographing - or intercepting to obtain sensitive information.
The illegal covert act of copying, reproducing, recording, photographing or intercepting to obtain sensitive information.
+Fire can be caused by arson, electrical problems, lightning, chemical - agents, or other unrelated proximity fires.
Fire can be caused by arson, electrical problems, lightning, chemical agents, or other unrelated proximity fires.
+Water damage caused by flood hazards can be caused by proximity to - local flood plains. Flood maps and base flood elevation must be - considered.
Water damage caused by flood hazards can be caused by proximity to local flood plains. Flood maps and base flood elevation must be considered.
+Intentional deception regarding data or information about an information - system could compromise the confidentiality, integrity, or availability of - an information system.
Intentional deception regarding data or information about an information system could compromise the confidentiality, integrity, or availability of an information system.
+Hardware or equipment may fail due to a variety of reasons.
Hardware or equipment may fail due to a variety of reasons.
+An unauthorized modification to hardware that alters the proper - functioning of equipment in a manner that degrades the security - functionality the asset provides.
An unauthorized modification to hardware that alters the proper functioning of equipment in a manner that degrades the security functionality the asset provides.
+A category 1, 2, 3, 4, or 5 land falling hurricane could impact the facilities - that house the information systems.
A category 1, 2, 3, 4, or 5 land falling hurricane could impact the facilities that house the information systems.
+Software that damages a system such a virus, Trojan, or worm.
Software that damages a system such a virus, Trojan, or worm.
+Adversary attempts to acquire sensitive information such as usernames, - passwords, or SSNs, by pretending to be communications from a - legitimate/trustworthy source.
-Typical attacks occur via email, instant messaging, or comparable means; - commonly directing users to Web sites that appear to be legitimate sites, - while actually stealing the entered information.
Adversary attempts to acquire sensitive information such as usernames, passwords, or SSNs, by pretending to be communications from a legitimate/trustworthy source.
+Typical attacks occur via email, instant messaging, or comparable means; commonly directing users to Web sites that appear to be legitimate sites, while actually stealing the entered information.
+Power interruptions may be due to any number of reasons such as - electrical grid failures, generator failures, uninterruptable power supply - failures (e.g. spike, surge, brownout, or blackout).
Power interruptions may be due to any number of reasons such as electrical grid failures, generator failures, uninterruptable power supply failures (e.g. spike, surge, brownout, or blackout).
+An error in procedures could result in unintended consequences.
An error in procedures could result in unintended consequences.
+Violations of standard procedures.
Violations of standard procedures.
+An errant (buggy) process may create a situation that exhausts critical - resources preventing access to services.
An errant (buggy) process may create a situation that exhausts critical resources preventing access to services.
+Underhand interference with work.
Underhand interference with work.
+Searching through disposal containers (e.g. dumpsters) to acquire - unauthorized data.
Searching through disposal containers (e.g. dumpsters) to acquire unauthorized data.
+Naturally occurring forces of nature could disrupt the operation of an - information system by freezing, sleet, hail, heat, lightning, thunderstorms, - tornados, or snowfall.
Naturally occurring forces of nature could disrupt the operation of an information system by freezing, sleet, hail, heat, lightning, thunderstorms, tornadoes, or snowfall.
+An attacker manipulates people into performing actions or divulging - confidential information, as well as possible access to computer systems - or facilities.
An attacker manipulates people into performing actions or divulging confidential information, as well as possible access to computer systems or facilities.
+Unauthorized modification of software (e.g. files, programs, database - records) that alters the proper operational functions.
Unauthorized modification of software (e.g. files, programs, database records) that alters the proper operational functions.
+An individual performing a deliberate violent act could use a variety of - agents to damage the information system, its facility, and/or its operations.
An individual performing a deliberate violent act could use a variety of agents to damage the information system, its facility, and/or its operations.
+An adversary could steal elements of the hardware.
An adversary could steal elements of the hardware.
+An attacker exploits weaknesses in timing or state of functions to perform - actions that would otherwise be prevented (e.g. race conditions, - manipulation user state).
An attacker exploits weaknesses in timing or state of functions to perform actions that would otherwise be prevented (e.g. race conditions, manipulation user state).
+Transportation accidents include train derailments, river barge accidents, - trucking accidents, and airlines accidents. Local transportation accidents - typically occur when airports, sea ports, railroad tracks, and major - trucking routes occur in close proximity to systems facilities. Likelihood - of HAZMAT cargo must be determined when considering the probability - of local transportation accidents.
Transportation accidents include train derailments, river barge accidents, trucking accidents, and airlines accidents. Local transportation accidents typically occur when airports, sea ports, railroad tracks, and major trucking routes occur in close proximity to systems facilities. Likelihood of HAZMAT cargo must be determined when considering the probability of local transportation accidents.
+An unauthorized individual accesses a facility which may result in - comprises of confidentiality, integrity, or availability.
An unauthorized individual accesses a facility which may result in comprises of confidentiality, integrity, or availability.
+An unauthorized user accesses a system or data.
An unauthorized user accesses a system or data.
+A crack, perforation, or vent in the earth’s crust followed by molten lava, - steam, gases, and ash forcefully ejected into the atmosphere. For a list of - volcanoes in the U.S. see: - http://volcanoes.usgs.gov/about/volcanoes/volcanolist.php .
A crack, perforation, or vent in the earth’s crust followed by molten lava, steam, gases, and ash forcefully ejected into the atmosphere. For a list of volcanoes in the U.S. see: http://volcanoes.usgs.gov/about/volcanoes/volcanolist.php .
+Initial draft for fedramp2.0.0-oscal1.0.4 release. Subject to change.
Initial draft for fedramp2.0.0-oscal1.0.4 release.
This party entry must be present in a FedRAMP SSP.
-The uuid may be different; however, the uuid must be associated with the - "fedramp-pmo" role in the responsible-party assemblies.
+The uuid may be different; however, the uuid must be associated with the "fedramp-pmo" role in the responsible-party assemblies.
FedRAMP only accepts the information types defined in NIST SP 800-60, Volume 2, - Revision 1.
-This DRAFT file provides each of those types and supporting information in - machine-readable format.
-If NIST releases another revision to SP 800-60, Volume 2, FedRAMP will evaluate the - change and adjust this file accordingly.
+FedRAMP only accepts the information types defined in NIST SP 800-60, Volume 2, Revision 1.
+This DRAFT file provides each of those types and supporting information in machine-readable format.
+If NIST releases another revision to SP 800-60, Volume 2, FedRAMP will evaluate the change and adjust this file accordingly.
Corrective Action involves the enforcement functions necessary to remedy programs - that have been found non-compliant with a given law, regulation, or policy.
+Corrective Action involves the enforcement functions necessary to remedy programs that have been found non-compliant with a given law, regulation, or policy.
The confidentiality impact level is the effect of unauthorized disclosure of - corrective action information on the ability of responsible agencies to remedy - internal or external programs that have been found non-compliant with a given law, - regulation, or policy. Unauthorized disclosure of most corrective action information - should have only a limited adverse effect on agency operations, assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: Where - more sensitive information is involved, it will probably be personal information - subject to the Privacy Act of 1974 or information that is proprietary to a - corporation or other organization. Such information will often be assigned a - moderate confidentiality impact level. The Privacy Act Information provisional - impact levels are documented in the Personal Identity and Authentication information - type. Additionally, there are legislative mandates prohibiting unauthorized - disclosure of trade secrets. Trade secrets will generally be assigned a moderate - confidentiality impact level.
+The confidentiality impact level is the effect of unauthorized disclosure of corrective action information on the ability of responsible agencies to remedy internal or external programs that have been found non-compliant with a given law, regulation, or policy. Unauthorized disclosure of most corrective action information should have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974 or information that is proprietary to a corporation or other organization. Such information will often be assigned a moderate confidentiality impact level. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Additionally, there are legislative mandates prohibiting unauthorized disclosure of trade secrets. + Trade secrets will generally be assigned a moderate confidentiality impact level.
The provisional confidentiality impact level recommended for corrective action - information is low.
+The provisional confidentiality impact level recommended for corrective action information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - corrective action information. The availability impact is also dependent on whether - the data is time-critical. In most cases, disruption of access to corrective action - information can be expected to have only a limited adverse effect on agency - operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the corrective action information. The availability impact is also dependent on whether the data is time-critical. In most cases, disruption of access to corrective action information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for corrective action - information is low.
+The provisional availability impact level recommended for corrective action information is low.
The consequences of undetected unauthorized modification or destruction of corrective - action information can conceivably compromise the effectiveness of compliance - enforcement actions (e.g., by providing violators with a basis for claiming - investigative or enforcement irregularities, thus supporting legal challenges to - proposed corrective actions). The integrity impact level is based on the specific - mission and the data supporting that mission, not on the time required to detect the - modification or destruction of information. Unauthorized modification or destruction - of most corrective action information should have only a limited adverse effect on - agency operations, assets, or individuals.
+The consequences of undetected unauthorized modification or destruction of corrective action information can conceivably compromise the effectiveness of compliance enforcement actions (e.g., by providing violators with a basis for claiming investigative or enforcement irregularities, thus supporting legal challenges to proposed corrective actions). The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of most corrective action information should have only a limited adverse effect on agency operations, assets, or individuals.
The provisional integrity impact level recommended for corrective action information - is low.
+The provisional integrity impact level recommended for corrective action information is low.
Program Evaluation involves the analysis of internal and external program - effectiveness and the determination of corrective actions as appropriate. The impact - levels should be commensurate with the impact levels of the program that is being - evaluated. For example, if the program contains very sensitive financial data with - moderate impact levels for confidentiality and integrity, the program evaluation - impact levels for confidentiality and integrity should also be moderate.
+Program Evaluation involves the analysis of internal and external program effectiveness and the determination of corrective actions as appropriate. The impact levels should be commensurate with the impact levels of the program that is being evaluated. For example, if the program contains very sensitive financial data with moderate impact levels for confidentiality and integrity, the program evaluation impact levels for confidentiality and integrity should also be moderate.
The confidentiality impact level is the effect of unauthorized disclosure of program - evaluation information on the abilities of responsible agencies to analyze internal - and external program effectiveness and to determine appropriate corrective actions. - The confidentiality impact of program evaluation information is largely - event-driven. Once the evaluation has been reported, most program evaluation - information is in the public domain. However, premature unauthorized disclosure of - program evaluation information can alert personnel associated with programs under - evaluation to the focus and preliminary findings of investigative and evaluation - activities.
-Special Factors Affecting Confidentiality Impact Determination: Where a major - programs or human safety is at stake, actions taken based on unauthorized disclosure - of program evaluation information can pose a threat to human life or a loss of major - assets. In such cases, the confidentiality impact is high. Unauthorized disclosure - of most program evaluation information often has the potential to seriously affect - agency operations. Also, some program evaluation information, particularly in the - case of current investigations, includes personal information subject to the Privacy - Act of 1974 and/or information that is proprietary to a corporation or other - organization. The Privacy Act Information provisional impact levels are documented - in the Personal Identity and Authentication information type. Additionally, there - are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade - secrets will generally be assigned a moderate confidentiality impact level. If the - program evaluation information is moved to the public domain, the confidentiality - impact level becomes Not Applicable (NA).
+The confidentiality impact level is the effect of unauthorized disclosure of program evaluation information on the abilities of responsible agencies to analyze internal and external program effectiveness and to determine appropriate corrective actions. The confidentiality impact of program evaluation information is largely event-driven. Once the evaluation has been reported, most program evaluation information is in the public domain. However, premature unauthorized disclosure of program evaluation information can alert personnel associated with programs under evaluation to the focus and preliminary findings of investigative and evaluation activities.
+Special Factors Affecting Confidentiality Impact Determination: Where a major programs or human safety is at stake, actions taken based on unauthorized disclosure of program evaluation information can pose a threat to human life or a loss of major assets. In such cases, the confidentiality impact is high. Unauthorized disclosure of most program evaluation information often has the potential to seriously affect agency operations. Also, some program evaluation information, particularly in the case of current investigations, includes personal information subject to the Privacy Act of 1974 and/or information that is proprietary to a corporation or other organization. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Additionally, there are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade secrets will generally be assigned a moderate confidentiality impact level. + If the program evaluation information is moved to the public domain, the confidentiality impact level becomes Not Applicable (NA).
Because there are many cases in which unauthorized disclosure of program evaluation - information will have only a limited adverse effect on agency operations, assets, or - individuals, the provisional confidentiality impact level recommended for program - evaluation information is low.
+Because there are many cases in which unauthorized disclosure of program evaluation information will have only a limited adverse effect on agency operations, assets, or individuals, the provisional confidentiality impact level recommended for program evaluation information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - program evaluation information. Although there are time-sensitive exceptions, most - program evaluation processes are tolerant of reasonable delays. In most cases, - disruption of access to program evaluation information can be expected to have only - a limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the program evaluation information. Although there are time-sensitive exceptions, most program evaluation processes are tolerant of reasonable delays. In most cases, disruption of access to program evaluation information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for program evaluation - information is low.
+The provisional availability impact level recommended for program evaluation information is low.
The consequences of undetected unauthorized modification or destruction of program - evaluation information can compromise the effectiveness of an evaluation program - (e.g., by providing false information intended to mislead investigators or - evaluators or to give program personnel a basis for claiming investigative or - evaluative irregularities). The integrity impact level is based on the specific - mission and the data supporting that mission, not on the time required to detect the - modification or destruction of information. Although there are time-sensitive - exceptions, unauthorized modification or destruction of most program evaluation - information should have only a limited adverse effect on agency operations, assets, - or individuals.
+The consequences of undetected unauthorized modification or destruction of program evaluation information can compromise the effectiveness of an evaluation program (e.g., by providing false information intended to mislead investigators or evaluators or to give program personnel a basis for claiming investigative or evaluative irregularities). The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Although there are time-sensitive exceptions, unauthorized modification or destruction of most program evaluation information should have only a limited adverse effect on agency operations, assets, or individuals.
The provisional integrity impact level recommended for program evaluation information - is low.
+The provisional integrity impact level recommended for program evaluation information is low.
Program Monitoring involves the data-gathering activities required to determine the - effectiveness of internal and external programs and the extent to which they comply - with related laws, regulations, and policies. The impact levels should be - commensurate with the impact levels of the programs that are being monitored. For - example, if a program contains very sensitive financial data with moderate impact - levels for confidentiality and integrity, the program monitoring impact levels for - confidentiality and integrity should also be moderate.
+Program Monitoring involves the data-gathering activities required to determine the effectiveness of internal and external programs and the extent to which they comply with related laws, regulations, and policies. The impact levels should be commensurate with the impact levels of the programs that are being monitored. For example, if a program contains very sensitive financial data with moderate impact levels for confidentiality and integrity, the program monitoring impact levels for confidentiality and integrity should also be moderate.
The confidentiality impact level is the effect of unauthorized disclosure of program - monitoring information on the ability of responsible agencies to perform - data-gathering activities required to determine the effectiveness of internal and - external programs and the extent to which they comply with related laws, - regulations, and policies. Special Factors Affecting Confidentiality Impact - Determination: There are legislative mandates prohibiting unauthorized disclosure of - trade secrets. Trade secrets will generally be assigned a moderate confidentiality - impact level. Note that national security information and national security systems - are outside the scope of this guideline. Otherwise, where the data being collected - belongs to one of the information types described in this guideline, the - confidentiality impact assigned the data and system is that of the highest impact - information type collected. Unauthorized disclosure of program monitoring - information can alert personnel associated with programs being monitored to the - focus and implications of monitoring activities. Where a major programs or human - safety is at stake, actions taken based on unauthorized disclosure of program - monitoring information can pose a threat to human life or a loss of major assets. In - such cases, the confidentiality impact is high. If the program monitoring - information is moved to the public domain, the confidentiality impact level becomes - Not Applicable (NA).
+The confidentiality impact level is the effect of unauthorized disclosure of program monitoring information on the ability of responsible agencies to perform data-gathering activities required to determine the effectiveness of internal and external programs and the extent to which they comply with related laws, regulations, and policies. Special Factors Affecting Confidentiality Impact Determination: There are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade secrets will generally be assigned a moderate confidentiality impact level. Note that national security information and national security systems are outside the scope of this guideline. Otherwise, where the data being collected belongs to one of the information types described in this guideline, the confidentiality impact assigned the data and system is that of the highest impact information type collected. Unauthorized disclosure of program monitoring information can alert personnel + associated with programs being monitored to the focus and implications of monitoring activities. Where a major programs or human safety is at stake, actions taken based on unauthorized disclosure of program monitoring information can pose a threat to human life or a loss of major assets. In such cases, the confidentiality impact is high. If the program monitoring information is moved to the public domain, the confidentiality impact level becomes Not Applicable (NA).
Although there are many circumstances in which serious adverse effects on agency - operations, agency assets, or individuals can result to justify a moderate base - confidentiality impact level for program monitoring information, in most Federal - environments, unauthorized disclosure will have only a limited adverse effect on - agency operations, assets, or individuals. Consequently, for most systems, a low - provisional confidentiality impact level is recommended for program monitoring - information.
+Although there are many circumstances in which serious adverse effects on agency operations, agency assets, or individuals can result to justify a moderate base confidentiality impact level for program monitoring information, in most Federal environments, unauthorized disclosure will have only a limited adverse effect on agency operations, assets, or individuals. Consequently, for most systems, a low provisional confidentiality impact level is recommended for program monitoring information.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - program monitoring information. Although there may be time-sensitive program - monitoring situations, more typically, disruption of access to program monitoring - information will have only a limited adverse effect on agency operations, agency - assets, or individuals. Special Factors Affecting Availability Impact Determination: - There are a limited number of compliance monitoring operations for which temporary - loss of availability is likely to significantly degrade mission capability, place - the agency at a significant disadvantage, result in loss of major assets, or pose a - threat to human life. This can result in assignment of a moderate impact level to - such information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the program monitoring information. Although there may be time-sensitive program monitoring situations, more typically, disruption of access to program monitoring information will have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: There are a limited number of compliance monitoring operations for which temporary loss of availability is likely to significantly degrade mission capability, place the agency at a significant disadvantage, result in loss of major assets, or pose a threat to human life. This can result in assignment of a moderate impact level to such information.
The provisional availability impact level recommended for program monitoring - information is low.
+The provisional availability impact level recommended for program monitoring information is low.
The consequences of unauthorized modification or destruction of program monitoring - information can compromise the effectiveness of the monitoring program. Although - there may be time-sensitive program monitoring situations, the integrity impact - level is based on the specific mission and the data supporting that mission, not on - the time required to detect the modification or destruction of information. The - damage likely to be caused by unauthorized modification or destruction of program - monitoring information may have consequent serious adverse effects on agency - operations or public confidence in the agency.
+The consequences of unauthorized modification or destruction of program monitoring information can compromise the effectiveness of the monitoring program. Although there may be time-sensitive program monitoring situations, the integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The damage likely to be caused by unauthorized modification or destruction of program monitoring information may have consequent serious adverse effects on agency operations or public confidence in the agency.
There are some regulatory environments in which a high or moderate impact level is - appropriate. For most compliance monitoring information, the recommended provisional - integrity impact level is low.
-Special Factors Affecting Integrity Impact Determination: The consequences can be - particularly serious if the destruction or modification of monitoring information - invalidates evaluation results concerning major programs or concerning threats to - human safety. The integrity impact resulting from unauthorized modification or - deletion of program monitoring information depends in part on the nature of the laws - or policies with which compliance is being determined and in part on the criticality - of the processes being monitored. For example, in the case of safety regulations - affecting manned space flight, the integrity impact level may be high.
+There are some regulatory environments in which a high or moderate impact level is appropriate. For most compliance monitoring information, the recommended provisional integrity impact level is low.
+Special Factors Affecting Integrity Impact Determination: The consequences can be particularly serious if the destruction or modification of monitoring information invalidates evaluation results concerning major programs or concerning threats to human safety. The integrity impact resulting from unauthorized modification or deletion of program monitoring information depends in part on the nature of the laws or policies with which compliance is being determined and in part on the criticality of the processes being monitored. For example, in the case of safety regulations affecting manned space flight, the integrity impact level may be high.
Policy and Guidance Development involves the creation and dissemination of guidelines - to assist in the interpretation and implementation of regulations. In most cases, - the effect on public welfare of a loss of policy and guidance development mission - capability can be expected to be delayed rather than immediate. As a result, the - potential for consequent loss of human life or of major national assets is - relatively low, since these most catastrophic consequences of impairment to mission - capability can, in most cases, be corrected before they are fully realized.
+Policy and Guidance Development involves the creation and dissemination of guidelines to assist in the interpretation and implementation of regulations. In most cases, the effect on public welfare of a loss of policy and guidance development mission capability can be expected to be delayed rather than immediate. As a result, the potential for consequent loss of human life or of major national assets is relatively low, since these most catastrophic consequences of impairment to mission capability can, in most cases, be corrected before they are fully realized.
The confidentiality impact level is the effect of unauthorized disclosure of policy - and guidance information on the ability of responsible agencies to create and - disseminate guidelines to assist in the interpretation and implementation of - regulations. The confidentiality impact of policy and guidance information is - largely event-driven. Once a policy or guidance statement has been promulgated, most - policy and guidance information is in the public domain. However, premature - unauthorized disclosure of candidate policy and guidance material can result in - disruption of (and inappropriate influence of special interests on) the policy - development process. Special Factors Affecting Confidentiality Impact Determination: - The effects of loss of confidentiality of guidelines during the formative stage can - result in attempts by affected entities and other interested parties to influence - and/or impede the policy and guideline development process. Premature public release - of formative policies and guidelines before internal coordination and review can - result in unnecessary damage to public confidence in the agency. This is - particularly likely where the release includes unedited internal commentary and - discussion. Delays can impair an agency’s mission, but loss of public confidence can - do serious and persistent harm to an agency’s ability to effectively perform its - mission. In such cases, the provisional confidentiality impact level recommended for - policy and guidance development information is moderate. When the policy and - guidance information is in the public domain, the confidentiality impact level - becomes Not Applicable (NA).
+The confidentiality impact level is the effect of unauthorized disclosure of policy and guidance information on the ability of responsible agencies to create and disseminate guidelines to assist in the interpretation and implementation of regulations. The confidentiality impact of policy and guidance information is largely event-driven. Once a policy or guidance statement has been promulgated, most policy and guidance information is in the public domain. However, premature unauthorized disclosure of candidate policy and guidance material can result in disruption of (and inappropriate influence of special interests on) the policy development process. Special Factors Affecting Confidentiality Impact Determination: The effects of loss of confidentiality of guidelines during the formative stage can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guideline development process. Premature public release of formative + policies and guidelines before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. Delays can impair an agency’s mission, but loss of public confidence can do serious and persistent harm to an agency’s ability to effectively perform its mission. In such cases, the provisional confidentiality impact level recommended for policy and guidance development information is moderate. When the policy and guidance information is in the public domain, the confidentiality impact level becomes Not Applicable (NA).
Although there are cases in which unauthorized and premature disclosure of policy and - guidance information can result in serious consequences for an agency, most of this - information is intended to be available to the general public. Consequently, the - provisional confidentiality impact level recommended for policy and guidance - development information is low.
+Although there are cases in which unauthorized and premature disclosure of policy and guidance information can result in serious consequences for an agency, most of this information is intended to be available to the general public. Consequently, the provisional confidentiality impact level recommended for policy and guidance development information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - policy and guidance development information. Though some policy and guidance - information is time-critical, the policy and guidance development process is usually - tolerant of delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the policy and guidance development information. Though some policy and guidance information is time-critical, the policy and guidance development process is usually tolerant of delays.
The provisional availability impact level recommended for policy and guidance - development information is low.
+The provisional availability impact level recommended for policy and guidance development information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Special Factors Affecting Integrity Impact Determination: Some policy - and guidance information is time-critical. Unauthorized modification or destruction - of information affecting external communications that contain policy and guidance - development information (e.g., web pages, electronic mail) may adversely affect - operations or public confidence in the agency, but the damage to the mission would - usually be limited. Public confidence consequences can be expected to be much more - serious in cases of agencies that have national defense, intelligence, or - information security missions. In such cases, the impact may be at least - moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Some policy and guidance information is time-critical. Unauthorized modification or destruction of information affecting external communications that contain policy and guidance development information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences can be expected to be much more serious in cases of agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.
The provisional integrity level recommended for policy and guidance development - information is low.
+The provisional integrity level recommended for policy and guidance development information is low.
Public Comment Tracking involves the activities of soliciting, maintaining, and - responding to public comments regarding proposed regulations.
+Public Comment Tracking involves the activities of soliciting, maintaining, and responding to public comments regarding proposed regulations.
The confidentiality impact level is the effect of unauthorized disclosure of public - comment tracking information on the ability of responsible agencies to solicit, - maintain, and respond to public comments regarding proposed regulations. The effects - of loss of confidentiality of information associated with the public comment process - are unlikely to pose the threat of serious harm to agency assets, personnel or - operations. In a few cases, the rationale for public comments can include - information that is sensitive in terms of proprietary information sensitive Federal - government information, or even national security information. However, such cases - are exceptional and the information in question would be expected to be - representative of information types covered elsewhere in this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of public comment tracking information on the ability of responsible agencies to solicit, maintain, and respond to public comments regarding proposed regulations. The effects of loss of confidentiality of information associated with the public comment process are unlikely to pose the threat of serious harm to agency assets, personnel or operations. In a few cases, the rationale for public comments can include information that is sensitive in terms of proprietary information sensitive Federal government information, or even national security information. However, such cases are exceptional and the information in question would be expected to be representative of information types covered elsewhere in this guideline.
The provisional confidentiality impact level recommended for public comment tracking - information is low.
+The provisional confidentiality impact level recommended for public comment tracking information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - public comment tracking information. The effects of disruption of access to public - comment tracking information or information systems can delay development of - standards, guidelines, or regulations. The public comment tracking process is - usually tolerant of delays. Permanent loss of comment information may disrupt some - government operations by showing a lack of due diligence in response to - comments.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the public comment tracking information. The effects of disruption of access to public comment tracking information or information systems can delay development of standards, guidelines, or regulations. The public comment tracking process is usually tolerant of delays. Permanent loss of comment information may disrupt some government operations by showing a lack of due diligence in response to comments.
The provisional availability impact level recommended for public comment tracking - information is low.
+The provisional availability impact level recommended for public comment tracking information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - external communications that contain public comment tracking information (e.g., web - pages, electronic mail) may adversely affect operations or public confidence in the - agency, but the damage to the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications that contain public comment tracking information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for public comment tracking - information is low.
+The provisional integrity impact level recommended for public comment tracking information is low.
Regulatory Creation involves the activities of researching and drafting proposed and - final regulations.
+Regulatory Creation involves the activities of researching and drafting proposed and final regulations.
The level of confidentiality impact level is the effect of unauthorized disclosure of - regulatory creation information on the ability of responsible agencies to research - and draft proposed and final regulations. The effects of loss of confidentiality of - early drafts of regulations can result in attempts by affected entities and other - affected parties to influence and/or impede the regulation development process. - Special Factors Affecting Confidentiality Impact Determination: Premature public - release of draft regulations before internal coordination and review has been - conducted can result in unnecessary criticism of the proposed regulation and even - damage public confidence in the agency. In such cases, the provisional - confidentiality impact level recommended for regulatory creation information is - moderate. These consequences are particularly likely where the release includes - unedited internal commentary and discussion. Delays can impair an agency’s mission, - but loss of public confidence can do serious and persistent harm to an agency’s - ability to effectively perform its mission. If the regulatory information is moved - to the public domain, the confidentiality impact level becomes Not Applicable - (NA).
+The level of confidentiality impact level is the effect of unauthorized disclosure of regulatory creation information on the ability of responsible agencies to research and draft proposed and final regulations. The effects of loss of confidentiality of early drafts of regulations can result in attempts by affected entities and other affected parties to influence and/or impede the regulation development process. Special Factors Affecting Confidentiality Impact Determination: Premature public release of draft regulations before internal coordination and review has been conducted can result in unnecessary criticism of the proposed regulation and even damage public confidence in the agency. In such cases, the provisional confidentiality impact level recommended for regulatory creation information is moderate. These consequences are particularly likely where the release includes unedited internal commentary and discussion. Delays can impair an agency’s mission, but loss of + public confidence can do serious and persistent harm to an agency’s ability to effectively perform its mission. If the regulatory information is moved to the public domain, the confidentiality impact level becomes Not Applicable (NA).
Because most regulatory information is intended for release to the public, the - provisional confidentiality impact level recommended for regulatory creation - information is low.
+Because most regulatory information is intended for release to the public, the provisional confidentiality impact level recommended for regulatory creation information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - regulatory creation information. The regulatory creation process is usually tolerant - of delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the regulatory creation information. The regulatory creation process is usually tolerant of delays.
The provisional availability impact level recommended for regulatory creation - information is low.
+The provisional availability impact level recommended for regulatory creation information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Special Factors Affecting Integrity Impact Determination: Unauthorized - modification or destruction of information affecting external communications that - contain regulatory information (e.g., web pages, electronic mail) may adversely - affect operations or public confidence in the agency. The consequences of a - reduction in public confidence will be more serious for agencies that have national - defense, intelligence, or information security missions. In such cases, the impact - level may be at least moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain regulatory information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency. The consequences of a reduction in public confidence will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact level may be at least moderate.
The provisional integrity impact level recommended for regulatory creation - information is low.
+The provisional integrity impact level recommended for regulatory creation information is low.
Rule Publication includes all activities associated with the publication of a - proposed or final rule in the Federal Register and Code of Federal Regulations.
+Rule Publication includes all activities associated with the publication of a proposed or final rule in the Federal Register and Code of Federal Regulations.
The confidentiality impact level is the effect of unauthorized disclosure of rule - publication information on the ability of responsible agencies to publish proposed - or final rules in the Federal Register and Code of Federal Regulations. The - published rules are, by definition, public information. The effects of loss of - confidentiality of information associated with the rule publication process are - unlikely to pose the threat of serious harm to agency assets, personnel or - operations.
+The confidentiality impact level is the effect of unauthorized disclosure of rule publication information on the ability of responsible agencies to publish proposed or final rules in the Federal Register and Code of Federal Regulations. The published rules are, by definition, public information. The effects of loss of confidentiality of information associated with the rule publication process are unlikely to pose the threat of serious harm to agency assets, personnel or operations.
In general, the provisional confidentiality impact level recommended for rule - publication information is low.
+In general, the provisional confidentiality impact level recommended for rule publication information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the rule - publication information. Rule publication processes are usually tolerant of - delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the rule publication information. Rule publication processes are usually tolerant of delays.
The provisional availability impact level recommended for rule publication - information is low.
+The provisional availability impact level recommended for rule publication information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In the worst cases, errata can be published. Unauthorized modification - or destruction of information may result in unnecessary expenditures, some - confusion, and limited damage to public confidence in the agency.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In the worst cases, errata can be published. Unauthorized modification or destruction of information may result in unnecessary expenditures, some confusion, and limited damage to public confidence in the agency.
The provisional integrity impact level recommended for rule publication information - is low.
+The provisional integrity impact level recommended for rule publication information is low.
Budget Formulation involves all activities undertaken to determine priorities for - future spending and to develop an itemized forecast of future funding and - expenditures during a targeted period of time. This includes the collection and use - of performance information to assess the effectiveness of programs and develop - budget priorities.
+Budget Formulation involves all activities undertaken to determine priorities for future spending and to develop an itemized forecast of future funding and expenditures during a targeted period of time. This includes the collection and use of performance information to assess the effectiveness of programs and develop budget priorities.
The confidentiality impact level is the effect of unauthorized disclosure of budget - formulation information on the ability of responsible agencies to determine - priorities for future spending and to develop an itemized forecast of future funding - and expenditures during a targeted period of time. Most budget information is - supposed to be available to the public. Special Factors Affecting Confidentiality - Impact Determination: Some budget information of is classified national security - information and is outside the scope of this guideline. The effects of loss of - confidentiality of budget information or of early drafts of budgets can result in - attempts by competing interests to influence and/or impede the regulation - development process. The consequences to agency programs and even of the ability of - an agency to perform its mission can be very serious. Premature public release of - draft budgets before internal coordination and review has been conducted can result - in unnecessary criticism of the proposed regulation and even damage public - confidence in the agency. These consequences are particularly likely where the - release includes unedited internal commentary and discussion. Delays that result - from confidentiality compromise can imperil specific agency programs, but loss of - public confidence can do persistent harm to an agency’s ability to effectively - perform its mission. In such cases, the confidentiality impact level for budget - formulation information is moderate. If the budget formulation information is moved - to the public domain, the confidentiality impact level becomes Not Applicable - (NA).
+The confidentiality impact level is the effect of unauthorized disclosure of budget formulation information on the ability of responsible agencies to determine priorities for future spending and to develop an itemized forecast of future funding and expenditures during a targeted period of time. Most budget information is supposed to be available to the public. Special Factors Affecting Confidentiality Impact Determination: Some budget information of is classified national security information and is outside the scope of this guideline. The effects of loss of confidentiality of budget information or of early drafts of budgets can result in attempts by competing interests to influence and/or impede the regulation development process. The consequences to agency programs and even of the ability of an agency to perform its mission can be very serious. Premature public release of draft budgets before internal coordination and review has been conducted can result in unnecessary + criticism of the proposed regulation and even damage public confidence in the agency. These consequences are particularly likely where the release includes unedited internal commentary and discussion. Delays that result from confidentiality compromise can imperil specific agency programs, but loss of public confidence can do persistent harm to an agency’s ability to effectively perform its mission. In such cases, the confidentiality impact level for budget formulation information is moderate. If the budget formulation information is moved to the public domain, the confidentiality impact level becomes Not Applicable (NA).
In spite of the serious harm that can be suffered by an agency due to unauthorized - and premature disclosure of draft budget information (and associated commentary), - the provisional confidentiality impact level recommended for budget formulation - information is low.
+In spite of the serious harm that can be suffered by an agency due to unauthorized and premature disclosure of draft budget information (and associated commentary), the provisional confidentiality impact level recommended for budget formulation information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - budget formulation information. Although some budget formulation information is - time-critical, the budget formulation processes are usually tolerant of delays. - Excessive recovery delays may result in loss of funding.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the budget formulation information. Although some budget formulation information is time-critical, the budget formulation processes are usually tolerant of delays. Excessive recovery delays may result in loss of funding.
The provisional availability impact level recommended for budget formulation - information is low.
+The provisional availability impact level recommended for budget formulation information is low.
not on the time required to detect the modification or destruction of information. - Special Factors Affecting Integrity Impact Determination: Some budget formulation - information is time-critical. Also, unauthorized modification or destruction of - information affecting external communications that contain budget information (e.g., - web pages, electronic mail) may adversely affect operations or public confidence in - the agency, but the damage to the mission would usually be limited. Public - confidence consequences will be more serious for agencies that have national - defense, intelligence, or information security missions. In such cases, the impact - may be at least moderate.
+not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Some budget formulation information is time-critical. Also, unauthorized modification or destruction of information affecting external communications that contain budget information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.
The provisional integrity impact level recommended for budget formulation information - is low.
+The provisional integrity impact level recommended for budget formulation information is low.
Capital Planning involves the processes for ensuring that appropriate investments are - selected for capital expenditures.
+Capital Planning involves the processes for ensuring that appropriate investments are selected for capital expenditures.
The confidentiality impact level is the effect of unauthorized disclosure of capital - planning information on the ability of responsible agencies to ensure that - appropriate investments are selected for capital expenditures. The effects of loss - of confidentiality of capital investment plans during the formative stage can result - in attempts by affected entities and other interested parties to influence and/or - impede the policy and guideline development process. Premature public release of - draft plans before internal coordination and review can result in unnecessary damage - to public confidence in the agency. This is particularly likely where the release - includes unedited internal commentary and discussion. The diversion of investment - funds that can result from compromise of draft plans can pervert investment - priorities in a manner that is prejudicial to public interest. However, the - consequence of loss of confidentiality of most capital planning information is - likely to do only limited harm to government assets, personnel, or missions. Special - Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of - some of the background information that supports development of capital investment - plans can reveal sensitive vulnerabilities, capabilities, or methods of - anti-terrorism, law enforcement, or national security activities. Depending on the - information in question, the confidentiality impact can be moderate, high, or - involve national security information (outside the scope of this guideline). Also, - some capital investment plans of some Federal agencies contain national security - information.
+The confidentiality impact level is the effect of unauthorized disclosure of capital planning information on the ability of responsible agencies to ensure that appropriate investments are selected for capital expenditures. The effects of loss of confidentiality of capital investment plans during the formative stage can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guideline development process. Premature public release of draft plans before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. The diversion of investment funds that can result from compromise of draft plans can pervert investment priorities in a manner that is prejudicial to public interest. However, the consequence of loss of confidentiality of most capital planning information is likely to do + only limited harm to government assets, personnel, or missions. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some of the background information that supports development of capital investment plans can reveal sensitive vulnerabilities, capabilities, or methods of anti-terrorism, law enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some capital investment plans of some Federal agencies contain national security information.
The confidentiality impact level is the effect of unauthorized disclosure of capital - planning information on the ability of responsible agencies to ensure that - appropriate investments are selected for capital expenditures. The effects of loss - of confidentiality of capital investment plans during the formative stage can result - in attempts by affected entities and other interested parties to influence and/or - impede the policy and guideline development process. Premature public release of - draft plans before internal coordination and review can result in unnecessary damage - to public confidence in the agency. This is particularly likely where the release - includes unedited internal commentary and discussion. The diversion of investment - funds that can result from compromise of draft plans can pervert investment - priorities in a manner that is prejudicial to public interest. However, the - consequence of loss of confidentiality of most capital planning information is - likely to do only limited harm to government assets, personnel, or missions. Special - Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of - some of the background information that supports development of capital investment - plans can reveal sensitive vulnerabilities, capabilities, or methods of - anti-terrorism, law enforcement, or national security activities. Depending on the - information in question, the confidentiality impact can be moderate, high, or - involve national security information (outside the scope of this guideline). Also, - some capital investment plans of some Federal agencies contain national security - information.
+The confidentiality impact level is the effect of unauthorized disclosure of capital planning information on the ability of responsible agencies to ensure that appropriate investments are selected for capital expenditures. The effects of loss of confidentiality of capital investment plans during the formative stage can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guideline development process. Premature public release of draft plans before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. The diversion of investment funds that can result from compromise of draft plans can pervert investment priorities in a manner that is prejudicial to public interest. However, the consequence of loss of confidentiality of most capital planning information is likely to do + only limited harm to government assets, personnel, or missions. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some of the background information that supports development of capital investment plans can reveal sensitive vulnerabilities, capabilities, or methods of anti-terrorism, law enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some capital investment plans of some Federal agencies contain national security information.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - capital planning information. The capital planning processes are usually tolerant of - delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the capital planning information. The capital planning processes are usually tolerant of delays.
The provisional availability impact level recommended for capital planning - information is low.
+The provisional availability impact level recommended for capital planning information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Special Factors Affecting Integrity Impact Determination: Unauthorized - modification or destruction of information affecting external communications that - contain capital planning information (e.g., web pages, electronic mail) may - adversely affect operations or public confidence in the agency, but the damage to - the mission would usually be limited. Public confidence consequences will be more - serious for agencies that have national defense, intelligence, or information - security missions. In such cases, the impact may be at least moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain capital planning information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.
The provisional integrity level recommended for capital planning information is - low.
+The provisional integrity level recommended for capital planning information is low.
Enterprise Architecture is an established process for describing the current state - and defining the target state and transition strategy for an organization’s people, - processes, and technology.
+Enterprise Architecture is an established process for describing the current state and defining the target state and transition strategy for an organization’s people, processes, and technology.
The confidentiality impact level is the effect of unauthorized disclosure of - enterprise architecture information on the ability of responsible agencies to - describe the current state and define the target state and transition strategy for - an organizations people, processes, and technology. The effects of loss of - confidentiality of preliminary draft enterprise architecture plans can result in - attempts by affected entities and other interested parties to influence and/or - impede the policy and guideline development process. Premature public release of - draft plans before internal coordination and review can result in unnecessary damage - to public confidence in the agency. This is particularly likely where the release - includes unedited internal commentary and discussion. However, the consequence of - loss of confidentiality of most enterprise architecture information is likely to do - only limited harm to government assets, personnel, or missions. Special Factors - Affecting Confidentiality Impact Determination: Unauthorized disclosure of some of - the background information that supports development of Federal enterprise - architecture can reveal sensitive vulnerabilities, capabilities, or methods of - anti-terrorism, law enforcement, or national security activities.13 Depending on the - information in question, the confidentiality impact can be moderate, high, or - involve national security information (outside the scope of this guideline). Also, - some enterprise architecture plans of some Federal agencies are themselves national - security information. Finally, important financial decisions and planning - information may be included in this category of information.
+The confidentiality impact level is the effect of unauthorized disclosure of enterprise architecture information on the ability of responsible agencies to describe the current state and define the target state and transition strategy for an organizations people, processes, and technology. The effects of loss of confidentiality of preliminary draft enterprise architecture plans can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guideline development process. Premature public release of draft plans before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. However, the consequence of loss of confidentiality of most enterprise architecture information is likely to do only limited harm to government assets, personnel, or missions. Special Factors Affecting + Confidentiality Impact Determination: Unauthorized disclosure of some of the background information that supports development of Federal enterprise architecture can reveal sensitive vulnerabilities, capabilities, or methods of anti-terrorism, law enforcement, or national security activities.13 Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some enterprise architecture plans of some Federal agencies are themselves national security information. Finally, important financial decisions and planning information may be included in this category of information.
The provisional confidentiality impact level recommended for enterprise architecture - information is low.
+The provisional confidentiality impact level recommended for enterprise architecture information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - enterprise architecture information. The enterprise architecture processes are - usually tolerant of delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the enterprise architecture information. The enterprise architecture processes are usually tolerant of delays.
The provisional availability impact level recommended for enterprise architecture - information is low.
+The provisional availability impact level recommended for enterprise architecture information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Special Factors Affecting Integrity Impact Determination: Unauthorized - modification or destruction of information affecting external communications that - contain enterprise architecture information (e.g., web pages, electronic mail) may - adversely affect operations or public confidence in the agency, but the damage to - the mission would usually be limited. Public confidence consequences will be more - serious for agencies that have national defense, intelligence, or information - security missions. In such cases, the impact may be at least moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain enterprise architecture information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.
In general, the provisional integrity level recommended for enterprise architecture - information is low.
+In general, the provisional integrity level recommended for enterprise architecture information is low.
Strategic Planning entails the determination of long-term goals and the - identification of the best approach for achieving those goals.
+Strategic Planning entails the determination of long-term goals and the identification of the best approach for achieving those goals.
The confidentiality impact level is the effect of the unauthorized disclosure of - strategic planning information on the ability of responsible agencies to determine - long-term goals and to identify the best approach for achieving those goals. - Premature public release of draft plans before internal coordination and review can - result in unnecessary damage to public confidence in the agency. This is - particularly likely where the release includes unedited internal commentary and - discussion. However, the consequence of loss of confidentiality of most strategic - planning information is likely to do only limited harm to government assets, - personnel, or missions. Special Factors Affecting Confidentiality Impact - Determination: Unauthorized disclosure of some of the background information that - supports development of some Federal strategic plans can reveal sensitive - vulnerabilities, capabilities, or methods of anti-terrorism, law enforcement, or - national security activities. Depending on the information in question, the - confidentiality impact can be moderate, high, or involve national security - information (outside the scope of this guideline). Also, some strategic plans are - themselves national security information.
+The confidentiality impact level is the effect of the unauthorized disclosure of strategic planning information on the ability of responsible agencies to determine long-term goals and to identify the best approach for achieving those goals. Premature public release of draft plans before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. However, the consequence of loss of confidentiality of most strategic planning information is likely to do only limited harm to government assets, personnel, or missions. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some of the background information that supports development of some Federal strategic plans can reveal sensitive vulnerabilities, capabilities, or methods of anti-terrorism, law enforcement, or national security activities. + Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some strategic plans are themselves national security information.
The provisional confidentiality impact level recommended for strategic planning - information is low.
+The provisional confidentiality impact level recommended for strategic planning information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - strategic planning information. Strategic planning processes are usually tolerant of - delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the strategic planning information. Strategic planning processes are usually tolerant of delays.
The provisional availability impact level recommended for strategic planning - information is low.
+The provisional availability impact level recommended for strategic planning information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Special Factors Affecting Integrity Impact Determination: Unauthorized - modification or destruction of information affecting external communications that - contain strategic planning information (e.g., web pages, electronic mail) may - adversely affect operations or public confidence in the agency, but the damage to - the mission would usually be limited. Public confidence consequences will be more - serious for agencies that have national defense, intelligence, or information - security missions. In such cases, the impact may be at least moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain strategic planning information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.
The provisional integrity impact level recommended for strategic planning information - is low.
+The provisional integrity impact level recommended for strategic planning information is low.
Budget Execution involves day-to-day requisitions and obligations for agency - expenditures, invoices, billing dispute resolution, reconciliation, service level - agreements, and distributions of shared expenses.
+Budget Execution involves day-to-day requisitions and obligations for agency expenditures, invoices, billing dispute resolution, reconciliation, service level agreements, and distributions of shared expenses.
The confidentiality impact level is the effect of unauthorized disclosure of budget - execution information on the ability of responsible agencies to manage day-to-day - requisitions and obligations for agency expenditures, invoices, billing dispute - resolution, reconciliation, service level agreements, and distributions of shared - expenses. The effects of loss of confidentiality of most budget execution - information are unlikely to pose the threat of serious harm to agency assets, - personnel or operations. Special Factors Affecting Confidentiality Impact - Determination: The effects of loss of confidentiality of budget execution - information can violate privacy regulations, reveal information proprietary to - private institutions, and reveal procurement-sensitive information. In aggregate, - budget execution information can reveal capabilities and methods that some agencies - (e.g., law enforcement, homeland security, national defense, intelligence) consider - extremely sensitive. In these cases, the potential harm that can result from - unauthorized disclosure ranges from moderate to high to national security-related. - In the last case, the information is outside the scope of this document. Public - release of sensitive budget execution information can result in unnecessary damage - to public confidence in the agency. This is particularly likely where the release - includes unedited internal commentary and discussion.
+The confidentiality impact level is the effect of unauthorized disclosure of budget execution information on the ability of responsible agencies to manage day-to-day requisitions and obligations for agency expenditures, invoices, billing dispute resolution, reconciliation, service level agreements, and distributions of shared expenses. The effects of loss of confidentiality of most budget execution information are unlikely to pose the threat of serious harm to agency assets, personnel or operations. Special Factors Affecting Confidentiality Impact Determination: The effects of loss of confidentiality of budget execution information can violate privacy regulations, reveal information proprietary to private institutions, and reveal procurement-sensitive information. In aggregate, budget execution information can reveal capabilities and methods that some agencies (e.g., law enforcement, homeland security, national defense, intelligence) consider extremely sensitive. In + these cases, the potential harm that can result from unauthorized disclosure ranges from moderate to high to national security-related. In the last case, the information is outside the scope of this document. Public release of sensitive budget execution information can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion.
The provisional confidentiality impact level recommended for most budget execution - information is low.
+The provisional confidentiality impact level recommended for most budget execution information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - budget execution information. The budget execution processes are usually tolerant of - delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the budget execution information. The budget execution processes are usually tolerant of delays.
The provisional availability impact level recommended for budget execution - information is low.
+The provisional availability impact level recommended for budget execution information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Where small dollar amounts are modified, the potential damage to an - agency’s mission is limited. Special Factors Affecting Integrity Impact - Determination: In the case of agreements or transactions involving large monetary - values, asset losses, and damage to agency operations, the potential for serious - loss of public confidence is high. The consequent integrity impact level is moderate - to high. If the budget execution information is time-critical or very sensitive, the - integrity impact level may be moderate or high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Where small dollar amounts are modified, the potential damage to an agency’s mission is limited. Special Factors Affecting Integrity Impact Determination: In the case of agreements or transactions involving large monetary values, asset losses, and damage to agency operations, the potential for serious loss of public confidence is high. The consequent integrity impact level is moderate to high. If the budget execution information is time-critical or very sensitive, the integrity impact level may be moderate or high.
The provisional integrity impact level recommended for most budget execution - information is low.
+The provisional integrity impact level recommended for most budget execution information is low.
Workforce Planning involves the processes for identifying the workforce competencies - required to meet the agency’s strategic goals and for developing the strategies to - meet these requirements.
+Workforce Planning involves the processes for identifying the workforce competencies required to meet the agency’s strategic goals and for developing the strategies to meet these requirements.
The confidentiality impact level is the effect of unauthorized disclosure of - workforce planning information on the ability of responsible agencies to identify - workforce competencies required to meet the agency’s strategic goals and for - developing the strategies to meet these requirements. Unauthorized disclosure of - most workforce planning information will have only a limited adverse effect on - agency operations, assets, or individuals. Special Factors Affecting Confidentiality - Impact Determination: Unauthorized disclosure of some background information that - supports development of Federal workforce plans can reveal sensitive - vulnerabilities, tables of organization, capabilities, or methods of anti-terrorism, - law enforcement, or national security activities. Depending on the information in - question, the confidentiality impact can be moderate, high, or involve national - security information (outside the scope of this guideline).
+The confidentiality impact level is the effect of unauthorized disclosure of workforce planning information on the ability of responsible agencies to identify workforce competencies required to meet the agency’s strategic goals and for developing the strategies to meet these requirements. Unauthorized disclosure of most workforce planning information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some background information that supports development of Federal workforce plans can reveal sensitive vulnerabilities, tables of organization, capabilities, or methods of anti-terrorism, law enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline).
The provisional confidentiality impact level recommended for workforce planning - information is low.
+The provisional confidentiality impact level recommended for workforce planning information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - workforce planning information. The workforce planning processes are generally - tolerant of reasonable delays. In most cases, disruption of access to workforce - planning information can be expected to have only a limited adverse effect on agency - operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the workforce planning information. The workforce planning processes are generally tolerant of reasonable delays. In most cases, disruption of access to workforce planning information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for workforce planning - information is low.
+The provisional availability impact level recommended for workforce planning information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Therefore, consequences of undetected unauthorized modification or - destruction of workforce planning information may compromise the effectiveness of - compliance enforcement actions (e.g., by providing violators with a basis for - claiming investigative or enforcement irregularities).
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Therefore, consequences of undetected unauthorized modification or destruction of workforce planning information may compromise the effectiveness of compliance enforcement actions (e.g., by providing violators with a basis for claiming investigative or enforcement irregularities).
The provisional integrity impact level recommended for workforce planning information - is low.
+The provisional integrity impact level recommended for workforce planning information is low.
Management Improvement includes all efforts to gauge the ongoing efficiency of - business processes and identify opportunities for reengineering or - restructuring.
+Management Improvement includes all efforts to gauge the ongoing efficiency of business processes and identify opportunities for re-engineering or restructuring.
The confidentiality impact level is the effect of unauthorized disclosure of - management improvement information on the ability of responsible agencies to gauge - the ongoing efficiency of business processes and identify opportunities for - reengineering or restructuring. Premature public release of draft plans before - internal coordination and review can result in unnecessary damage to public - confidence in the agency. This is particularly likely where the release includes - unedited internal commentary and discussion. However, the consequence of loss of - confidentiality of most management improvement information is likely to involve only - limited harm to government assets, personnel, or missions. Special Factors Affecting - Confidentiality Impact Determination: Unauthorized disclosure of some background - information that supports development of Federal management improvement plans can - reveal personnel-sensitive information, including information subject to the Privacy - Act of 1974. The Privacy Act Information provisional impact levels are documented in - the Personal Identity and Authentication information type. Other background - information can reveal sensitive vulnerabilities, capabilities, or methods of - anti-terrorism, law enforcement, or national security activities. Depending on the - information in question, the confidentiality impact can be moderate, high, or - involve national security information (outside the scope of this guideline). Also, - some strategic plans are themselves national security information.
+The confidentiality impact level is the effect of unauthorized disclosure of management improvement information on the ability of responsible agencies to gauge the ongoing efficiency of business processes and identify opportunities for re-engineering or restructuring. Premature public release of draft plans before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. However, the consequence of loss of confidentiality of most management improvement information is likely to involve only limited harm to government assets, personnel, or missions. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some background information that supports development of Federal management improvement plans can reveal personnel-sensitive information, including information subject to the Privacy Act of 1974. + The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Other background information can reveal sensitive vulnerabilities, capabilities, or methods of anti-terrorism, law enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some strategic plans are themselves national security information.
The provisional confidentiality impact level recommended for management improvement - information is low.
+The provisional confidentiality impact level recommended for management improvement information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - management improvement information. The management improvement planning processes - are usually tolerant of delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the management improvement information. The management improvement planning processes are usually tolerant of delays.
The provisional availability impact level recommended for management improvement - information is low.
+The provisional availability impact level recommended for management improvement information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Special Factors Affecting Integrity Impact Determination: Unauthorized - modification or destruction of information affecting external communications that - contain management improvement information (e.g., web pages, electronic mail) may - adversely affect operations or public confidence in the agency, but the damage to - the mission would usually be limited. Public confidence consequences can be expected - to be more serious for agencies that have national defense, intelligence, or - information security missions. In such cases, the impact may be at least moderate. - Failure to detect malicious modification of personnel information (mostly background - information) can result in disruption of some agency operations and disruptive - administrative or legal actions.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain management improvement information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences can be expected to be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate. Failure to detect malicious modification of personnel information (mostly background information) can result in disruption of some agency operations and disruptive administrative or legal actions.
The provisional integrity impact level recommended for management improvement - information is low.
+The provisional integrity impact level recommended for management improvement information is low.
Budget and Performance Integration involves activities that align Federal resources - allocated through budget formulation, execution, and management actions with - examinations of program objectives, performance, and demonstrated results such as - Program Performance Assessments, Government Performance Results Act (GPRA) plans and - reports, performance-based agency budget submissions, and Financial Management Cost - Accounting and Performance Measurement data.
+Budget and Performance Integration involves activities that align Federal resources allocated through budget formulation, execution, and management actions with examinations of program objectives, performance, and demonstrated results such as Program Performance Assessments, Government Performance Results Act (GPRA) plans and reports, performance-based agency budget submissions, and Financial Management Cost Accounting and Performance Measurement data.
The confidentiality impact level is the effect of unauthorized disclosure budget and - performance integration information on the abilities of responsible agencies to - align Federal resources allocated through budget formulation, execution, and - management actions. The consequences of unauthorized disclosure of the majority of - budget and performance integration information will result in a limited adverse - effect on agency operations, agency assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: The effects of loss of - confidentiality of budget and performance integration information can violate - privacy regulations, reveal information proprietary to private institutions, and - reveal procurement-sensitive information. In aggregate, budget and performance - integration information can reveal capabilities and methods that some agencies - (e.g., law enforcement, homeland security, national defense, intelligence) consider - extremely sensitive. In these cases, the potential harm that can result from - unauthorized disclosure ranges from moderate to high to national security-related. - In the last case, the information is outside the scope of this document. Public - release of sensitive budget and performance integration information can result in - unnecessary damage to public confidence in the agency. This is particularly likely - where the release includes unedited internal commentary and discussion.
+The confidentiality impact level is the effect of unauthorized disclosure budget and performance integration information on the abilities of responsible agencies to align Federal resources allocated through budget formulation, execution, and management actions. The consequences of unauthorized disclosure of the majority of budget and performance integration information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: The effects of loss of confidentiality of budget and performance integration information can violate privacy regulations, reveal information proprietary to private institutions, and reveal procurement-sensitive information. In aggregate, budget and performance integration information can reveal capabilities and methods that some agencies (e.g., law enforcement, homeland security, national defense, intelligence) consider extremely sensitive. In these + cases, the potential harm that can result from unauthorized disclosure ranges from moderate to high to national security-related. In the last case, the information is outside the scope of this document. Public release of sensitive budget and performance integration information can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion.
The provisional confidentiality impact level recommended for resource budget and - performance integration information is low.
+The provisional confidentiality impact level recommended for resource budget and performance integration information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to budget - and performance integration information. The budget and performance integration - processes are usually tolerant of delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to budget and performance integration information. The budget and performance integration processes are usually tolerant of delays.
The provisional availability impact level recommended for budget and performance - integration information is low.
+The provisional availability impact level recommended for budget and performance integration information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Special Factors Affecting Integrity Impact Determination: Unauthorized - modification or destruction of information affecting external communications that - contain budget and performance integration information (e.g., web pages, electronic - mail) may adversely affect operations or public confidence in the agency, but the - damage to the mission would usually be limited. Public confidence consequences will - be more serious for agencies that have national defense, intelligence, or - information security missions. In such cases, the impact may be at least - moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain budget and performance integration information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.
The provisional integrity impact level recommended for budget and performance - integration information is low.
+The provisional integrity impact level recommended for budget and performance integration information is low.
Tax and Fiscal Policy encompasses analysis of the implications for economic growth - and stability in the United States and the world of Federal tax and spending - policies. This includes assessing the sustainability of current programs and - policies, the best means for raising revenues, the distribution of tax liabilities, - and the appropriate limits on debt.
+Tax and Fiscal Policy encompasses analysis of the implications for economic growth and stability in the United States and the world of Federal tax and spending policies. This includes assessing the sustainability of current programs and policies, the best means for raising revenues, the distribution of tax liabilities, and the appropriate limits on debt.
information on the abilities of responsible agencies to analyze the implications for - economic growth and stability in the United States and the world of Federal tax and - spending policies. The consequences of unauthorized disclosure of the majority of - tax and fiscal policy information will result in a limited adverse effect on agency - operations, agency assets, or individuals. Special Factors Affecting Confidentiality - Impact Determination: The effects of loss of confidentiality of tax and fiscal - policy information can be more critical during the policy development process and - may severe impacts to the agency mission and privacy information. Premature or - accidental public release of sensitive tax and fiscal policy information can result - in unnecessary damage to public confidence in the agency. Additionally, premature - release of this information may create unfair economic advantages based on economic - projections and fiscal policies. In these cases, the potential harm that can result - from unauthorized disclosure ranges from moderate to high depending on the mission - impacted.
+information on the abilities of responsible agencies to analyze the implications for economic growth and stability in the United States and the world of Federal tax and spending policies. The consequences of unauthorized disclosure of the majority of tax and fiscal policy information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: The effects of loss of confidentiality of tax and fiscal policy information can be more critical during the policy development process and may severe impacts to the agency mission and privacy information. Premature or accidental public release of sensitive tax and fiscal policy information can result in unnecessary damage to public confidence in the agency. Additionally, premature release of this information may create unfair economic advantages based on economic projections and fiscal policies. In these cases, the potential harm that + can result from unauthorized disclosure ranges from moderate to high depending on the mission impacted.
The provisional confidentiality impact level recommended tax and fiscal policy - information is low.
+The provisional confidentiality impact level recommended tax and fiscal policy information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to tax and - fiscal policy information. Tax and fiscal policy processes are usually tolerant of - delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to tax and fiscal policy information. Tax and fiscal policy processes are usually tolerant of delays.
The provisional availability impact level recommended tax and fiscal policy - information is low.
+The provisional availability impact level recommended tax and fiscal policy information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Special Factors Affecting Integrity Impact Determination: Unauthorized - modification or destruction of information affecting external communications that - tax and fiscal policy information (e.g., web pages, electronic mail) may adversely - affect operations or public confidence in the agency, but the damage to the mission - would usually be limited. Public confidence consequences will be more serious for - agencies that have national defense, intelligence, or information security missions. - In such cases, the impact may be at least moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that tax and fiscal policy information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.
The provisional integrity impact level recommended for tax and fiscal policy - information is low.
+The provisional integrity impact level recommended for tax and fiscal policy information is low.
Contingency planning involves the actions required to plan for, respond to, and - mitigate damaging events.
+Contingency planning involves the actions required to plan for, respond to, and mitigate damaging events.
The confidentiality impact level is the effect of unauthorized disclosure of - contingency planning information on the ability of responsible agencies to plan for, - respond to, and mitigate damaging events. Unauthorized disclosure of contingency - planning information may equip an adversary with the information necessary to attack - a system so that recovery is impaired. Special Factors Affecting Confidentiality - Impact Determination: Unauthorized disclosure of background information that - supports development of Federal contingency plans can reveal sensitive - vulnerabilities, capabilities, intelligence assessments, intelligence sources, or - methods employed in anti-terrorism, law enforcement, or national security - activities. Depending on the information in question, the confidentiality impact can - be moderate, high, or involve national security information (outside the scope of - this guideline). Also, some contingency plans are themselves national security - information. However, the purpose of most contingency planning information is to - protect against inadvertent or accidental damaging events rather than against - malicious attacks. Even so, in the case of Federal government systems, the case of - hostile attacks on systems must be considered. The consequences of unauthorized - disclosure of extracts from contingency plans are likely to have negligible to - limited adverse effects on agency operations. In such cases, the confidentiality - impact would be, at most, low. Unauthorized disclosure of the entire plan to - malicious entities may have serious effects. As a result, the consequence of loss of - confidentiality of comprehensive contingency plans is likely to involve serious harm - to government assets, personnel, or missions. In such cases, the confidentiality - impact would be, at least, moderate.
-The provisional confidentiality impact level recommended for contingency planning - information is moderate.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - contingency planning information. The effects of disruption of access to contingency - planning information or information systems depend on the timing of the disruption. - If access to contingency planning information is denied because of a power outage, - recovery may be delayed and the work of government agencies disrupted. Special - Factors Affecting Availability Impact Determination: The contingency planning - processes are usually tolerant of delays. In contrast, the contingency plan - implementation process is not tolerant of delays. The consequences of disruption of - access to contingency planning information depend on both the period of the outage - and the criticality of the disrupted processes. The consequent impact level may - range from low to high.
-The provisional availability impact level recommended for contingency planning - information is moderate.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Errors in contingency plans that result from integrity compromise can - result in serious consequences to system recovery capabilities. These can range from - incorrect telephone numbers and e-mail addresses on notification lists to erroneous - schedules and file designations for database back-ups and archives or software - baselines, updates, and patches.
-The provisional integrity impact level recommended for contingency planning - information is moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of contingency planning information on the ability of responsible agencies to plan for, respond to, and mitigate damaging events. Unauthorized disclosure of contingency planning information may equip an adversary with the information necessary to attack a system so that recovery is impaired. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of background information that supports development of Federal contingency plans can reveal sensitive vulnerabilities, capabilities, intelligence assessments, intelligence sources, or methods employed in anti-terrorism, law enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some contingency plans are themselves national security information. However, the + purpose of most contingency planning information is to protect against inadvertent or accidental damaging events rather than against malicious attacks. Even so, in the case of Federal government systems, the case of hostile attacks on systems must be considered. The consequences of unauthorized disclosure of extracts from contingency plans are likely to have negligible to limited adverse effects on agency operations. In such cases, the confidentiality impact would be, at most, low. Unauthorized disclosure of the entire plan to malicious entities may have serious effects. As a result, the consequence of loss of confidentiality of comprehensive contingency plans is likely to involve serious harm to government assets, personnel, or missions. In such cases, the confidentiality impact would be, at least, moderate.
+ +The provisional confidentiality impact level recommended for contingency planning information is moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the contingency planning information. The effects of disruption of access to contingency planning information or information systems depend on the timing of the disruption. If access to contingency planning information is denied because of a power outage, recovery may be delayed and the work of government agencies disrupted. Special Factors Affecting Availability Impact Determination: The contingency planning processes are usually tolerant of delays. In contrast, the contingency plan implementation process is not tolerant of delays. The consequences of disruption of access to contingency planning information depend on both the period of the outage and the criticality of the disrupted processes. The consequent impact level may range from low to high.
+The provisional availability impact level recommended for contingency planning information is moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Errors in contingency plans that result from integrity compromise can result in serious consequences to system recovery capabilities. These can range from incorrect telephone numbers and e-mail addresses on notification lists to erroneous schedules and file designations for database back-ups and archives or software baselines, updates, and patches.
+The provisional integrity impact level recommended for contingency planning information is moderate.
Continuity of operations involves the activities associated with the identification - of critical systems and processes, and the planning and preparation required to - ensure that these systems and processes will be available in the event of a - catastrophic event.
+Continuity of operations involves the activities associated with the identification of critical systems and processes, and the planning and preparation required to ensure that these systems and processes will be available in the event of a catastrophic event.
The confidentiality impact level is the effect of unauthorized disclosure of - continuity of operations information on the ability of responsible agencies to - identify critical systems and processes, and to conduct the planning and preparation - required to ensure that these systems and processes will be available in the event - of a catastrophic event. Unauthorized disclosure of the entire plan to malicious - entities may have serious effects. As a result, the consequence of loss of - confidentiality of most continuity of operations plans (and comprehensive continuity - of operations plans) is likely to do serious harm to government assets, personnel, - or missions. Special Factors Affecting Confidentiality Impact Determination: - Unauthorized disclosure of background information that supports development of - Federal continuity of operations plans can reveal sensitive vulnerabilities, - capabilities, intelligence assessments, intelligence sources, or methods employed in - anti-terrorism, law enforcement, or national security activities. Depending on the - information in question, the confidentiality impact can be moderate, high, or - involve national security information (outside the scope of this guideline). - Unauthorized disclosure of continuity of operations information for critical - infrastructures and key national assets may require a high impact level. However, - the purpose of most continuity of operations information is to protect against - inadvertent or accidental damaging events rather than against malicious attacks. - Even so, in the case of Federal government systems, hostile attacks on systems must - be considered. The consequences of unauthorized disclosure of extracts from - continuity of operations plans are likely to have negligible to limited adverse - effects on agency operations. In such cases, the confidentiality impact would be, at - most, low. Unauthorized disclosure of continuity of operations information may - inform an adversary regarding what facilities and processes are considered to be - critical. Such unauthorized disclosure may also equip an adversary with the - information necessary to attack a system so that operations are disrupted, and that - recovery is impaired. In such cases, the confidentiality impact would be, at least, - moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of continuity of operations information on the ability of responsible agencies to identify critical systems and processes, and to conduct the planning and preparation required to ensure that these systems and processes will be available in the event of a catastrophic event. Unauthorized disclosure of the entire plan to malicious entities may have serious effects. As a result, the consequence of loss of confidentiality of most continuity of operations plans (and comprehensive continuity of operations plans) is likely to do serious harm to government assets, personnel, or missions. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of background information that supports development of Federal continuity of operations plans can reveal sensitive vulnerabilities, capabilities, intelligence assessments, intelligence sources, or methods employed in anti-terrorism, law + enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Unauthorized disclosure of continuity of operations information for critical infrastructures and key national assets may require a high impact level. However, the purpose of most continuity of operations information is to protect against inadvertent or accidental damaging events rather than against malicious attacks. Even so, in the case of Federal government systems, hostile attacks on systems must be considered. The consequences of unauthorized disclosure of extracts from continuity of operations plans are likely to have negligible to limited adverse effects on agency operations. In such cases, the confidentiality impact would be, at most, low. Unauthorized disclosure of continuity of operations information may inform an adversary regarding what + facilities and processes are considered to be critical. Such unauthorized disclosure may also equip an adversary with the information necessary to attack a system so that operations are disrupted, and that recovery is impaired. In such cases, the confidentiality impact would be, at least, moderate.
The provisional confidentiality impact level recommended for continuity of operations - information is moderate.
+The provisional confidentiality impact level recommended for continuity of operations information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - continuity of operations information. Special Factors Affecting Availability Impact - Determination: The effects of disruption of access to continuity of operations - information or information systems depend on the timing of the disruption. If access - to continuity of operations information is denied because of a power outage, - recovery may be delayed and the work of government agencies disrupted. The - continuity of operations planning process is usually tolerant of delays. In - contrast, the continuity of operations implementation process is not tolerant of - delays. The consequences of disruption of access to continuity of operations - information depend on both the period of the outage and the criticality of the - disrupted processes. The consequent impact level will range from low to high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the continuity of operations information. Special Factors Affecting Availability Impact Determination: The effects of disruption of access to continuity of operations information or information systems depend on the timing of the disruption. If access to continuity of operations information is denied because of a power outage, recovery may be delayed and the work of government agencies disrupted. The continuity of operations planning process is usually tolerant of delays. In contrast, the continuity of operations implementation process is not tolerant of delays. The consequences of disruption of access to continuity of operations information depend on both the period of the outage and the criticality of the disrupted processes. The consequent impact level will range from low to high.
The provisional availability impact level recommended for continuity of operations - information is moderate
+The provisional availability impact level recommended for continuity of operations information is moderate
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Errors in continuity of operations plans that result from integrity - compromise can result in serious consequences to system recovery capabilities. These - can range from incorrect telephone numbers and e-mail addresses on notification - lists to erroneous version numbers for database back-ups and archives or software - baselines, updates, and patches.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Errors in continuity of operations plans that result from integrity compromise can result in serious consequences to system recovery capabilities. These can range from incorrect telephone numbers and e-mail addresses on notification lists to erroneous version numbers for database back-ups and archives or software baselines, updates, and patches.
The provisional integrity impact level recommended for continuity of operations - information is moderate.
+The provisional integrity impact level recommended for continuity of operations information is moderate.
Service recovery involves the internal actions necessary to develop a plan for - resuming operations after a catastrophe occurs, such as a fire or earthquake.
+Service recovery involves the internal actions necessary to develop a plan for resuming operations after a catastrophe occurs, such as a fire or earthquake.
The confidentiality impact level is the effect of the unauthorized disclosure of - service recovery information on the ability of responsible agencies to develop plans - for resuming operations after a catastrophe occurs, such as a fire or earthquake. In - the case of service recovery plans for natural catastrophes, the information - associated with service recovery planning is not intrinsically sensitive. In the - case of catastrophes caused by malicious activity, unauthorized disclosure of - service recovery information may inform an adversary regarding what facilities and - processes are considered to be critical. Such unauthorized disclosure may also equip - an adversary with the information necessary to attack a system in such a way that - operations are disrupted, and that recovery is impaired or even blocked. The purpose - of most service recovery information is to protect against natural catastrophes - rather than against malicious attacks. In most cases, the consequence of loss of - confidentiality of service recovery information is not likely to do serious harm to - government assets, personnel, or missions. Special Factors Affecting Confidentiality - Impact Determination: Unauthorized disclosure of background information that - supports development of Federal service recovery plans can reveal sensitive - vulnerabilities, capabilities, intelligence assessments, intelligence sources, or - methods employed in anti-terrorism, law enforcement, or national security - activities. Depending on the information in question, the confidentiality impact can - be moderate, high, or involve national security information (outside the scope of - this guideline). Also, some service recovery plans are themselves national security - information.
+The confidentiality impact level is the effect of the unauthorized disclosure of service recovery information on the ability of responsible agencies to develop plans for resuming operations after a catastrophe occurs, such as a fire or earthquake. In the case of service recovery plans for natural catastrophes, the information associated with service recovery planning is not intrinsically sensitive. In the case of catastrophes caused by malicious activity, unauthorized disclosure of service recovery information may inform an adversary regarding what facilities and processes are considered to be critical. Such unauthorized disclosure may also equip an adversary with the information necessary to attack a system in such a way that operations are disrupted, and that recovery is impaired or even blocked. The purpose of most service recovery information is to protect against natural catastrophes rather than against malicious attacks. In most cases, the consequence of loss of + confidentiality of service recovery information is not likely to do serious harm to government assets, personnel, or missions. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of background information that supports development of Federal service recovery plans can reveal sensitive vulnerabilities, capabilities, intelligence assessments, intelligence sources, or methods employed in anti-terrorism, law enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some service recovery plans are themselves national security information.
The provisional confidentiality impact level recommended for service recovery - information is low.
+The provisional confidentiality impact level recommended for service recovery information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - service recovery information. The effects of disruption of access to service - recovery information or information systems depend on the timing of the disruption. - If access to service recovery information is denied because of a power outage, - recovery may be delayed and the work of government agencies disrupted. Special - Factors Affecting Availability Impact Determination: Service recovery planning - processes are usually tolerant of delay. In contrast, the implementation of recovery - plans is not tolerant of delays. For service recovery implementation, the - consequences of access disruption depend on the time period of the disruption and - the criticality of the disrupted processes. The consequent impact level may range - from low to high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the service recovery information. The effects of disruption of access to service recovery information or information systems depend on the timing of the disruption. If access to service recovery information is denied because of a power outage, recovery may be delayed and the work of government agencies disrupted. Special Factors Affecting Availability Impact Determination: Service recovery planning processes are usually tolerant of delay. In contrast, the implementation of recovery plans is not tolerant of delays. For service recovery implementation, the consequences of access disruption depend on the time period of the disruption and the criticality of the disrupted processes. The consequent impact level may range from low to high.
The provisional availability impact level recommended for service recovery - information is low.
+The provisional availability impact level recommended for service recovery information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information.
The provisional integrity impact level recommended for service recovery information - is low.
+The provisional integrity impact level recommended for service recovery information is low.
Debt Collection supports activities associated with the collection of money owed to - the United States government from both foreign and domestic sources.
+Debt Collection supports activities associated with the collection of money owed to the United States government from both foreign and domestic sources.
The confidentiality impact level is the effect of unauthorized disclosure of debt - collection information on the ability of responsible agencies to properly and - efficiently collect money owed to the United States government from both foreign and - domestic sources. The consequences of unauthorized disclosure of debt collection - information are generally dependent on the identity of the debtor and of the nature - and value of the debt being collected. Typically, unauthorized disclosure of debt - collection information will have only a limited adverse effect on agency operations, - assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: Where more sensitive information is involved, it will commonly be - personal information subject to the Privacy Act of 1974, information that is - proprietary to a corporation or other organization, or information that is - politically sensitive by a foreign government. The Privacy Act Information - provisional impact levels are documented in the Personal Identity and Authentication - information type. Such information will often be associated with debt collection - processes. Where the amount of the debt is significant, and unauthorized knowledge - might imperil successful collection, then the associated confidentiality impact - assigned to debt collection information might be moderate (or even high in the case - of extremely high dollar value cases).
+The confidentiality impact level is the effect of unauthorized disclosure of debt collection information on the ability of responsible agencies to properly and efficiently collect money owed to the United States government from both foreign and domestic sources. The consequences of unauthorized disclosure of debt collection information are generally dependent on the identity of the debtor and of the nature and value of the debt being collected. Typically, unauthorized disclosure of debt collection information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will commonly be personal information subject to the Privacy Act of 1974, information that is proprietary to a corporation or other organization, or information that is politically sensitive by a foreign government. The Privacy Act Information provisional impact levels + are documented in the Personal Identity and Authentication information type. Such information will often be associated with debt collection processes. Where the amount of the debt is significant, and unauthorized knowledge might imperil successful collection, then the associated confidentiality impact assigned to debt collection information might be moderate (or even high in the case of extremely high dollar value cases).
The provisional confidentiality impact level recommended for debt collection - information is moderate.
+The provisional confidentiality impact level recommended for debt collection information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the debt - collection information. Most Federal debt collection processes are tolerant of - delays. Also, the consequences of temporary inability to access information - concerning foreign or domestic debt will be minimal.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the debt collection information. Most Federal debt collection processes are tolerant of delays. Also, the consequences of temporary inability to access information concerning foreign or domestic debt will be minimal.
The provisional availability impact level recommended for debt collection information - is low.
+The provisional availability impact level recommended for debt collection information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Therefore, the consequences of unauthorized modification or destruction - of debt collection information depend on the type of property being managed and on - the immediacy with which the information is expected to be used. Special Factors - Affecting Integrity Impact Determination: If the modified or destroyed information - is substantive financial data, there is a greater potential for harm to result from - actions being taken based on incomplete or false information. This can have serious - adverse effects on individual financial actions with consequent loss of revenue - from, or other unanticipated consequences regarding the personal property under - disposition. The severity of the consequences depends on the type of the debt and of - the debtor but would be most likely be moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Therefore, the consequences of unauthorized modification or destruction of debt collection information depend on the type of property being managed and on the immediacy with which the information is expected to be used. Special Factors Affecting Integrity Impact Determination: If the modified or destroyed information is substantive financial data, there is a greater potential for harm to result from actions being taken based on incomplete or false information. This can have serious adverse effects on individual financial actions with consequent loss of revenue from, or other unanticipated consequences regarding the personal property under disposition. The severity of the consequences depends on the type of the debt and of the debtor but would be most likely be moderate.
The provisional integrity impact level recommended for debt collection information is - low.
+The provisional integrity impact level recommended for debt collection information is low.
User fee Collection involves the collection of fees assessed on individuals or - organizations for the provision of Government services and for the use of Government - goods or resources (i.e. National Parks).
+User fee Collection involves the collection of fees assessed on individuals or organizations for the provision of Government services and for the use of Government goods or resources (i.e. National Parks).
The confidentiality impact level is the effect of unauthorized disclosure of user fee - collection information on the ability of responsible agencies to correctly and - efficiently enforce, regulate, and effect the collection of fees assessed on - individuals or organizations for the provision of Government services and for the - use of Government goods or resources. In general, particularly in aggregate, this - information is public record.
+The confidentiality impact level is the effect of unauthorized disclosure of user fee collection information on the ability of responsible agencies to correctly and efficiently enforce, regulate, and effect the collection of fees assessed on individuals or organizations for the provision of Government services and for the use of Government goods or resources. In general, particularly in aggregate, this information is public record.
The recommended provisional confidentiality impact level for user fee collection - information is low.
+The recommended provisional confidentiality impact level for user fee collection information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the user - fee collection information. The missions supported by user fee collection - information are generally tolerant of delay. However, any extended period of - unavailability would likely be seriously disruptive to the operations for which fees - are collected.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the user fee collection information. The missions supported by user fee collection information are generally tolerant of delay. However, any extended period of unavailability would likely be seriously disruptive to the operations for which fees are collected.
The provisional availability impact level recommended for user fee collection - information is moderate.
+The provisional availability impact level recommended for user fee collection information is moderate.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. For example, there may be some circumstances when the unauthorized - modification or destruction of user fee collection information is undertaken as part - of a scheme to divert payments, conceal underpayment of failure to make payment of - fees, or otherwise defraud the government. In addition, the consequences of - unauthorized modification or destruction of user fee collection information may - depend on the urgency with which the information is needed or the immediacy with - which the information is used. In most cases, it is unlikely that the information - will be needed urgently or acted upon immediately. Special Factors Affecting - Integrity Impact Determination: Unauthorized modification or destruction of - information affecting external communications might have an adverse effect on agency - operations, image and reputation. The integrity impact level assigned may be - moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. For example, there may be some circumstances when the unauthorized modification or destruction of user fee collection information is undertaken as part of a scheme to divert payments, conceal underpayment of failure to make payment of fees, or otherwise defraud the government. In addition, the consequences of unauthorized modification or destruction of user fee collection information may depend on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be needed urgently or acted upon immediately. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications might have an adverse effect on agency operations, + image and reputation. The integrity impact level assigned may be moderate.
The provisional integrity impact level recommended for user fee collection - information is low.
+The provisional integrity impact level recommended for user fee collection information is low.
Federal Asset Sales encompasses the activities associated with the acquisition, - oversight, tracking, and sale of non-internal assets managed by the Federal - Government with a commercial value and sold to the private sector.
+Federal Asset Sales encompasses the activities associated with the acquisition, oversight, tracking, and sale of non-internal assets managed by the Federal Government with a commercial value and sold to the private sector.
The confidentiality impact level is the effect of the unauthorized disclosure of - Federal asset sales information on the ability of responsible agencies to properly - and efficiently acquire, oversee, track, and sell non-internal assets managed by the - Federal Government with a commercial value and sold to the private sector. The - consequences of unauthorized disclosure of Federal asset sales information are - generally dependent on the nature and value of the property being disposed. - Generally, Federal asset sales information is public. Most managed property would - not be of sufficient individual value to occasion such an occurrence (bid rigging, - etc.). Special Factors Affecting Confidentiality Impact Determination: Where - unauthorized knowledge regarding the property being disposed of might lead to unfair - advantage (i.e., ability to accurately bid on an auction lot to the detriment of - other bidders), then the associated confidentiality impact assigned to Federal asset - sales information might be moderate. Such an instance might arise if a disruption of - the proper procedures could reasonably cause an adverse effect on future operations - of the responsible agency, or if the agency’s image, or individual reputations might - be damaged.
+The confidentiality impact level is the effect of the unauthorized disclosure of Federal asset sales information on the ability of responsible agencies to properly and efficiently acquire, oversee, track, and sell non-internal assets managed by the Federal Government with a commercial value and sold to the private sector. The consequences of unauthorized disclosure of Federal asset sales information are generally dependent on the nature and value of the property being disposed. Generally, Federal asset sales information is public. Most managed property would not be of sufficient individual value to occasion such an occurrence (bid rigging, etc.). Special Factors Affecting Confidentiality Impact Determination: Where unauthorized knowledge regarding the property being disposed of might lead to unfair advantage (i.e., ability to accurately bid on an auction lot to the detriment of other bidders), then the associated confidentiality impact assigned to Federal asset sales + information might be moderate. Such an instance might arise if a disruption of the proper procedures could reasonably cause an adverse effect on future operations of the responsible agency, or if the agency’s image, or individual reputations might be damaged.
The provisional confidentiality impact level recommended for Federal asset sales - information is low.
+The provisional confidentiality impact level recommended for Federal asset sales information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - Federal asset sale information. The missions supported by Federal asset sale - information are generally tolerant of delay. Generally, the consequences of - temporary inability to access solicitations for bid, official notices of - disposition, etc., will be minimal.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the Federal asset sale information. The missions supported by Federal asset sale information are generally tolerant of delay. Generally, the consequences of temporary inability to access solicitations for bid, official notices of disposition, etc., will be minimal.
The provisional availability impact level recommended for Federal asset sale - information is low.
+The provisional availability impact level recommended for Federal asset sale information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of Federal - asset sale information is partially dependent on the type of property being managed - and whether the data is time-critical. If the modified or destroyed information is - substantive financial data, actions that are taken based on incomplete or false - information could have serious adverse effects on individual financial actions. - Unauthorized modification or destruction of information affecting external - communications (e.g., web pages, solicitations for bid, official notices of - disposition, etc.) may adversely affect the operations, image or reputation of an - agency. However, the damage to the management mission would usually be of more - immediate concern. The severity of the consequent integrity impact depends on the - nature of the property but would be most likely be moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of Federal asset sale information is partially dependent on the type of property being managed and whether the data is time-critical. If the modified or destroyed information is substantive financial data, actions that are taken based on incomplete or false information could have serious adverse effects on individual financial actions. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, solicitations for bid, official notices of disposition, etc.) may adversely affect the operations, image or reputation of an agency. However, the damage to the management mission would usually be of more immediate concern. The severity of the consequent integrity impact depends on the nature of + the property but would be most likely be moderate.
The provisional integrity impact level recommended for Federal asset sales - information is moderate.
+The provisional integrity impact level recommended for Federal asset sales information is moderate.
Customer Service supports activities associated with providing and managing the - delivery of information and support to the government’s customers.
+Customer Service supports activities associated with providing and managing the delivery of information and support to the government’s customers.
The confidentiality impact level is the effect of unauthorized disclosure of customer - service information on the ability of responsible agencies to provide and manage the - delivery of information and support to the government’s customers. Most customer - service information is likely to be in the public domain and poses no - confidentiality impact. In most cases, unauthorized disclosure of customer service - information will have at most a limited adverse effect on agency operations, assets, - or individuals. Special Factors Affecting Confidentiality Impact Determination: Some - customer service information may include customer-provided information covered by - the provisions of the Privacy Act of 1974. The Privacy Act Information provisional - impact levels are documented in the Personal Identity and Authentication information - type. Unauthorized disclosure of large volumes of information protected under the - Privacy Act can be expected to have a serious to severe effect on public confidence - in the agency. Actions taken that are intended to establish blame, compensate - victims, or repair damage done with the exposed information can cause serious - disruption of an agency’s mission capability. In such cases, the confidentiality - impact can be moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of customer service information on the ability of responsible agencies to provide and manage the delivery of information and support to the government’s customers. Most customer service information is likely to be in the public domain and poses no confidentiality impact. In most cases, unauthorized disclosure of customer service information will have at most a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Some customer service information may include customer-provided information covered by the provisions of the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Unauthorized disclosure of large volumes of information protected under the Privacy Act can be expected to have a serious to severe effect on public + confidence in the agency. Actions taken that are intended to establish blame, compensate victims, or repair damage done with the exposed information can cause serious disruption of an agency’s mission capability. In such cases, the confidentiality impact can be moderate.
The provisional confidentiality impact level recommended for customer service - information is low.
+The provisional confidentiality impact level recommended for customer service information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - customer service information. The effects of disruption of access to or use of - customer service information can usually be In addition, customer service operations - are not typically tolerant of delay. Even temporary loss of availability of customer - service information is likely to disrupt customer operations. In most cases, - disruption of access to customer service information can be expected to have only a - limited adverse effect on agency operations, agency assets, or individuals. Special - Factors Affecting Availability Impact Determination: While most outages will result - in only limited adverse effects on government operations, repeated outages can have - a serious adverse effect on public confidence in the agency. In such cases, the - availability impact might be moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the customer service information. The effects of disruption of access to or use of customer service information can usually be In addition, customer service operations are not typically tolerant of delay. Even temporary loss of availability of customer service information is likely to disrupt customer operations. In most cases, disruption of access to customer service information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: While most outages will result in only limited adverse effects on government operations, repeated outages can have a serious adverse effect on public confidence in the agency. In such cases, the availability impact might be moderate.
The provisional availability impact level recommended for customer service - information is low.
+The provisional availability impact level recommended for customer service information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Typically, the adverse effects of unauthorized modification or - destruction of customer service information on overall agency mission functions or - public confidence in the agency are limited. The more serious integrity impacts - become increasingly likely as E-government initiatives progress. Typically, the - unauthorized modification or destruction of information affecting external - communications (e.g., web pages, electronic mail) will result in limited adverse - affect on operations or public confidence in the agency and the damage to most - missions would usually be limited. Special Factors Affecting Integrity Impact - Determination: An increasing proportion of customer service activities are - interactive. Consequently, there is a potential for customer actions being taken - based on modified or incomplete information. Similarly, unauthorized modification or - deletion of customer-supplied information can result in government mishandling of - interactions with customers. If this occurs on a large-scale serious damage to - public confidence in the agency may result. In such cases, a moderate integrity may - be associated with customer service information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Typically, the adverse effects of unauthorized modification or destruction of customer service information on overall agency mission functions or public confidence in the agency are limited. The more serious integrity impacts become increasingly likely as E-government initiatives progress. Typically, the unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) will result in limited adverse affect on operations or public confidence in the agency and the damage to most missions would usually be limited. Special Factors Affecting Integrity Impact Determination: An increasing proportion of customer service activities are interactive. Consequently, there is a potential for customer actions being taken based on modified or + incomplete information. Similarly, unauthorized modification or deletion of customer-supplied information can result in government mishandling of interactions with customers. If this occurs on a large-scale serious damage to public confidence in the agency may result. In such cases, a moderate integrity may be associated with customer service information.
The provisional integrity impact level recommended for customer service information - is low.
+The provisional integrity impact level recommended for customer service information is low.
Official Information Dissemination includes all efforts to provide official - government information to external stakeholders through the use of various types of - media, such as video, paper, web, etc.
+Official Information Dissemination includes all efforts to provide official government information to external stakeholders through the use of various types of media, such as video, paper, web, etc.
The confidentiality impact level is the effect of unauthorized disclosure of official - information dissemination information on the ability of responsible agencies to - provide official Federal government information to external stakeholders through the - use of various communications media. Official information dissemination information - is usually in the public domain and poses no confidentiality impact.
+The confidentiality impact level is the effect of unauthorized disclosure of official information dissemination information on the ability of responsible agencies to provide official Federal government information to external stakeholders through the use of various communications media. Official information dissemination information is usually in the public domain and poses no confidentiality impact.
The provisional confidentiality impact level recommended for official information - dissemination information is low.
+The provisional confidentiality impact level recommended for official information dissemination information is low.
mission, not on the time required to re-establish access to the official information - dissemination information. Official information dissemination processes are - generally tolerant of limited delays. However, even temporary loss of availability - of official information dissemination information is likely to have an adverse - effect on public confidence in the agency. In most cases, disruption of access to - official information dissemination information can be expected to have only a - limited adverse effect on overall agency operations, agency assets, or individuals. - Special Factors Affecting Availability Impact Determination: While most cases will - result in only limited consequences, repeated outages can have a serious adverse - effect on public confidence in the agency. This can significantly degrade the - official information dissemination mission capability. In such cases, the - availability impact might be moderate.
+mission, not on the time required to re-establish access to the official information dissemination information. Official information dissemination processes are generally tolerant of limited delays. However, even temporary loss of availability of official information dissemination information is likely to have an adverse effect on public confidence in the agency. In most cases, disruption of access to official information dissemination information can be expected to have only a limited adverse effect on overall agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: While most cases will result in only limited consequences, repeated outages can have a serious adverse effect on public confidence in the agency. This can significantly degrade the official information dissemination mission capability. In such cases, the availability impact might be moderate.
The provisional availability impact level recommended for official information - dissemination information is low.
+The provisional availability impact level recommended for official information dissemination information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In general, the adverse effects of unauthorized modification or - destruction of official information dissemination information on overall agency - mission functions will be limited. Special Factors Affecting Integrity Impact - Determination: There is a potential for customer actions taken based on modified or - incomplete information. In addition, unauthorized modification or destruction of - official information dissemination information may result in distribution of false - and misleading information (e.g., modified web pages, electronic mail, video). Such - events can adversely affect operations or public confidence in the agency. This can - significantly degrade the official information dissemination mission capability. In - such cases, a moderate integrity impact may exist. Also, the more serious integrity - impacts become increasingly likely as E-government initiatives progress.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In general, the adverse effects of unauthorized modification or destruction of official information dissemination information on overall agency mission functions will be limited. Special Factors Affecting Integrity Impact Determination: There is a potential for customer actions taken based on modified or incomplete information. In addition, unauthorized modification or destruction of official information dissemination information may result in distribution of false and misleading information (e.g., modified web pages, electronic mail, video). Such events can adversely affect operations or public confidence in the agency. This can significantly degrade the official information dissemination mission capability. In such cases, a moderate integrity impact may exist. Also, the more serious + integrity impacts become increasingly likely as E-government initiatives progress.
The provisional integrity impact level recommended for official information - dissemination information is low.
+The provisional integrity impact level recommended for official information dissemination information is low.
Product Outreach relates to the marketing of government services products, and - programs to the general public in an attempt to promote awareness and increase the - number of customers/beneficiaries of those services and programs.
+Product Outreach relates to the marketing of government services products, and programs to the general public in an attempt to promote awareness and increase the number of customers/beneficiaries of those services and programs.
The confidentiality impact level is the effect of unauthorized disclosure of product - outreach information on the ability of responsible agencies to market government - services products, and programs to the general public in an attempt to promote - awareness and increase the number of customers/beneficiaries of those services and - programs. Product outreach information is usually in the public domain and poses no - confidentiality impact.
+The confidentiality impact level is the effect of unauthorized disclosure of product outreach information on the ability of responsible agencies to market government services products, and programs to the general public in an attempt to promote awareness and increase the number of customers/beneficiaries of those services and programs. Product outreach information is usually in the public domain and poses no confidentiality impact.
The provisional confidentiality impact level recommended for product outreach - information is low.
+The provisional confidentiality impact level recommended for product outreach information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - product outreach information. Product outreach processes are generally tolerant of - limited delays. In most cases, disruption of access to product outreach information - can be expected to have only a limited adverse effect on agency operations, agency - assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the product outreach information. Product outreach processes are generally tolerant of limited delays. In most cases, disruption of access to product outreach information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for product outreach - information is low.
+The provisional availability impact level recommended for product outreach information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In most cases, the adverse effect of unauthorized modification or - destruction of product outreach information on overall agency mission functions will - be limited. Special Factors Affecting Integrity Impact Determination: The - unauthorized modification or destruction of product outreach information may result - in distribution of false and misleading information. Such events may adversely - affect operations or public confidence in the agency and may significantly degrade - the product marketing mission capability. In such cases, a moderate integrity impact - may exist.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effect of unauthorized modification or destruction of product outreach information on overall agency mission functions will be limited. Special Factors Affecting Integrity Impact Determination: The unauthorized modification or destruction of product outreach information may result in distribution of false and misleading information. Such events may adversely affect operations or public confidence in the agency and may significantly degrade the product marketing mission capability. In such cases, a moderate integrity impact may exist.
The provisional integrity impact level recommended for product outreach information - is low.
+The provisional integrity impact level recommended for product outreach information is low.
Public Relations activities involve the efforts to promote an organizations image - through the effective handling of citizen concerns.
+Public Relations activities involve the efforts to promote an organizations image through the effective handling of citizen concerns.
The confidentiality impact level is the effect of unauthorized disclosure of public - relations information on the ability of responsible agencies to promote an - organizations image through the effective handling of citizen concerns. Public - relations information itself is usually in the public domain and poses no - confidentiality impact. Special Factors Affecting Confidentiality Impact - Determination: Internal correspondence associated with development of public - relations information can contain information, the unauthorized disclosure of which - can have a serious adverse effect on agency operations. This can result in - assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of public relations information on the ability of responsible agencies to promote an organizations image through the effective handling of citizen concerns. Public relations information itself is usually in the public domain and poses no confidentiality impact. Special Factors Affecting Confidentiality Impact Determination: Internal correspondence associated with development of public relations information can contain information, the unauthorized disclosure of which can have a serious adverse effect on agency operations. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for public relations - information is low.
+The provisional confidentiality impact level recommended for public relations information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - public relations information. Public relations processes are generally tolerant of - limited delays. In most cases, disruption of access to public relations information - can be expected to have only a limited adverse effect on agency operations, agency - assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the public relations information. Public relations processes are generally tolerant of limited delays. In most cases, disruption of access to public relations information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for public relations - information is low.
+The provisional availability impact level recommended for public relations information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In most cases, the adverse effects of unauthorized modification or - destruction of public relations information on overall agency mission functions will - be limited. Special Factors Affecting Integrity Impact Determination: Unauthorized - modification or destruction of public relations information may result in - distribution of false and misleading information. Such events can be expected to - adversely affect operations and/or public confidence in the agency. This can - significantly degrade the public relations mission capability. In such cases, a - moderate integrity impact may exist.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effects of unauthorized modification or destruction of public relations information on overall agency mission functions will be limited. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of public relations information may result in distribution of false and misleading information. Such events can be expected to adversely affect operations and/or public confidence in the agency. This can significantly degrade the public relations mission capability. In such cases, a moderate integrity impact may exist.
The provisional integrity impact level recommended for public relations information - is low.
+The provisional integrity impact level recommended for public relations information is low.
Legislation Tracking involves following legislation from conception to adoption.
@@ -1901,51 +983,29 @@The confidentiality impact level is the effect of unauthorized disclosure of - legislation tracking information on the ability of responsible agencies to follow - legislation from conception to adoption. Legislation tracking information itself is - usually in the public domain and poses no confidentiality impact. Special Factors - Affecting Confidentiality Impact Determination: In some cases, internal - correspondence associated with legislation tracking information can contain - information, that if improperly disclosed, will have a serious adverse effect on - agency relationships with other agencies and with the legislative branch. This can - result in assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of legislation tracking information on the ability of responsible agencies to follow legislation from conception to adoption. Legislation tracking information itself is usually in the public domain and poses no confidentiality impact. Special Factors Affecting Confidentiality Impact Determination: In some cases, internal correspondence associated with legislation tracking information can contain information, that if improperly disclosed, will have a serious adverse effect on agency relationships with other agencies and with the legislative branch. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for legislation tracking - information is low.
+The provisional confidentiality impact level recommended for legislation tracking information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - legislation tracking information. Legislation tracking processes are generally - tolerant of limited delays. In most cases, disruption of access to legislation - tracking information will have only a limited adverse effect on agency operations, - agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the legislation tracking information. Legislation tracking processes are generally tolerant of limited delays. In most cases, disruption of access to legislation tracking information will have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for legislation tracking - information is low.
+The provisional availability impact level recommended for legislation tracking information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In most cases, the adverse effects of unauthorized modification or - destruction of legislation tracking information on overall agency mission functions - will be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effects of unauthorized modification or destruction of legislation tracking information on overall agency mission functions will be limited.
The provisional integrity impact level recommended for legislation tracking - information is low.
+The provisional integrity impact level recommended for legislation tracking information is low.
Legislation Testimony involves activities associated with providing - testimony/evidence in support or, or opposition to, legislation from conception to - adoption.
+Legislation Testimony involves activities associated with providing testimony/evidence in support or, or opposition to, legislation from conception to adoption.
The confidentiality impact level is the effect of unauthorized disclosure of - legislation testimony information on the ability of responsible agencies to provide - testimony/evidence in support or, or opposition to, legislation from conception to - adoption. Most testimony regarding legislation is in the public domain, and even - premature release should result in no more than limited harm to agency assets, - personnel, or operations. Special Factors Affecting Confidentiality Impact - Determination: The effects of loss of confidentiality of some information applicable - to pending testimony may result in attempts by competing interests to influence - and/or impede a specific legislative process. The consequences to agency programs - and of the ability of an agency to perform its mission can be very serious. - Premature public release of draft testimony before internal coordination and review - has been conducted can result in unnecessary criticism of the proposed testimony and - damage public confidence in the agency. These consequences are particularly likely - where the release includes unedited internal commentary and discussion. The results - of unauthorized disclosure of information to the public can imperil specific agency - programs, but a consequent loss of public confidence can do persistent harm to an - agency’s ability to effectively perform its mission. This can result in assignment - of a moderate impact level to such information. Some information associated with - legislative testimony is classified national security information and is outside the - scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of legislation testimony information on the ability of responsible agencies to provide testimony/evidence in support or, or opposition to, legislation from conception to adoption. Most testimony regarding legislation is in the public domain, and even premature release should result in no more than limited harm to agency assets, personnel, or operations. Special Factors Affecting Confidentiality Impact Determination: The effects of loss of confidentiality of some information applicable to pending testimony may result in attempts by competing interests to influence and/or impede a specific legislative process. The consequences to agency programs and of the ability of an agency to perform its mission can be very serious. Premature public release of draft testimony before internal coordination and review has been conducted can result in unnecessary criticism of the proposed testimony and damage public + confidence in the agency. These consequences are particularly likely where the release includes unedited internal commentary and discussion. The results of unauthorized disclosure of information to the public can imperil specific agency programs, but a consequent loss of public confidence can do persistent harm to an agency’s ability to effectively perform its mission. This can result in assignment of a moderate impact level to such information. Some information associated with legislative testimony is classified national security information and is outside the scope of this guideline.
The provisional confidentiality impact level recommended for legislation testimony - information is low.
+The provisional confidentiality impact level recommended for legislation testimony information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - legislation testimony information. The legislation testimony processes are usually - tolerant of delays. Special Factors Affecting Availability Impact Determination: - Excessive recovery delays can result in damage to agency reputation and to interests - associated with specific legislation. This can result in assignment of a moderate - impact level to such information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the legislation testimony information. The legislation testimony processes are usually tolerant of delays. Special Factors Affecting Availability Impact Determination: Excessive recovery delays can result in damage to agency reputation and to interests associated with specific legislation. This can result in assignment of a moderate impact level to such information.
The provisional availability impact level recommended for legislation testimony - information is low.
+The provisional availability impact level recommended for legislation testimony information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - external publication of testimony associated with legislation (e.g., web pages, - electronic mail) may adversely affect inter-agency relationships, relations with - Congress, or public confidence in the agency. However, damage to the mission would - usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external publication of testimony associated with legislation (e.g., web pages, electronic mail) may adversely affect inter-agency relationships, relations with Congress, or public confidence in the agency. However, damage to the mission would usually be limited.
The provisional integrity impact level recommended for legislation testimony - information is low.
+The provisional integrity impact level recommended for legislation testimony information is low.
Proposal Development involves drafting proposed legislation that creates or amends - laws subject to Congressional legislative action.
+Proposal Development involves drafting proposed legislation that creates or amends laws subject to Congressional legislative action.
The confidentiality impact level is the effect of unauthorized disclosure of proposal - development information on the ability of responsible agencies to draft proposed - legislation that creates or amends laws subject to Congressional legislative action. - Legislation is normally in the public domain. However, the effects of loss of - confidentiality of background information used in the development of proposed - legislation or of early drafts of proposed legislation could result in attempts by - competing interests to influence and/or impede a specific legislative process. The - consequences to agency programs and of the ability of an agency to perform its - mission can be very serious. Premature public release of proposed legislation before - internal coordination and review has been conducted can result in unnecessary - criticism of the proposed legislation and even damage public confidence in the - agency. These consequences are particularly likely where the release includes - unedited internal commentary and discussion. In general, unauthorized disclosure of - much legislative proposal information, particularly in early phases of the process, - is likely to result in serious harm to agency assets or operations. 40 Special - Factors Affecting Confidentiality Impact Determination: Some proposal development - information used by specific Federal agencies (e.g., homeland security, law - enforcement, defense, intelligence community) is very sensitive or classified - national security information. National security information is outside the scope of - this guideline. The sensitivity level recommended for the very sensitive information - is high. If the proposal development information is moved to the public domain, the - confidentiality impact level becomes Not Applicable (NA).
+The confidentiality impact level is the effect of unauthorized disclosure of proposal development information on the ability of responsible agencies to draft proposed legislation that creates or amends laws subject to Congressional legislative action. Legislation is normally in the public domain. However, the effects of loss of confidentiality of background information used in the development of proposed legislation or of early drafts of proposed legislation could result in attempts by competing interests to influence and/or impede a specific legislative process. The consequences to agency programs and of the ability of an agency to perform its mission can be very serious. Premature public release of proposed legislation before internal coordination and review has been conducted can result in unnecessary criticism of the proposed legislation and even damage public confidence in the agency. These consequences are particularly likely where the release includes unedited + internal commentary and discussion. In general, unauthorized disclosure of much legislative proposal information, particularly in early phases of the process, is likely to result in serious harm to agency assets or operations. 40 Special Factors Affecting Confidentiality Impact Determination: Some proposal development information used by specific Federal agencies (e.g., homeland security, law enforcement, defense, intelligence community) is very sensitive or classified national security information. National security information is outside the scope of this guideline. The sensitivity level recommended for the very sensitive information is high. If the proposal development information is moved to the public domain, the confidentiality impact level becomes Not Applicable (NA).
In order to accommodate event-driven consequences of unauthorized disclosure of - pre-release drafts, the provisional confidentiality impact level recommended for - proposal development information is moderate.
+In order to accommodate event-driven consequences of unauthorized disclosure of pre-release drafts, the provisional confidentiality impact level recommended for proposal development information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - proposal development information. Proposal development processes are usually - tolerant of delays. Special Factors Affecting Availability Impact Determination: - Excessive recovery delays can result in damage to agency reputation and to interests - associated with specific legislation. This can result in assignment of a moderate - impact level to such information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the proposal development information. Proposal development processes are usually tolerant of delays. Special Factors Affecting Availability Impact Determination: Excessive recovery delays can result in damage to agency reputation and to interests associated with specific legislation. This can result in assignment of a moderate impact level to such information.
The provisional availability impact level recommended for proposal development - information is low.
+The provisional availability impact level recommended for proposal development information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - external publication of proposed legislation (e.g., web pages, electronic mail) - might adversely affect inter-agency relationships, relations with Congress, or - public confidence in the agency. However, damage to the mission would usually be - limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external publication of proposed legislation (e.g., web pages, electronic mail) might adversely affect inter-agency relationships, relations with Congress, or public confidence in the agency. However, damage to the mission would usually be limited.
The provisional integrity impact level recommended for proposal development - information is low.
+The provisional integrity impact level recommended for proposal development information is low.
Congressional Liaison Operations involves all activities associated with supporting - the formal relationship between a Federal Agency and the U.S. Congress.
+Congressional Liaison Operations involves all activities associated with supporting the formal relationship between a Federal Agency and the U.S. Congress.
The confidentiality impact level is the effect of unauthorized disclosure of - Congressional liaison information on the ability of responsible agencies to support - their formal relationships with U.S. Congress. The effects of loss of - confidentiality of information associated with Congressional liaison can facilitate - attempts by competing interests to influence and/or impede a specific legislative - process or poison inter-branch relations. The consequences to agency programs and - even of the ability of an agency to perform its mission can be very serious. - Premature public release of information associated with Congressional liaison before - internal coordination and review has been conducted can result in unnecessary - criticism of the preliminary data or positions, and even damage public confidence in - the agency. These consequences are particularly likely where the release includes - unedited internal commentary and discussion. In general, unauthorized disclosure of - much Congressional liaison information is likely to result in serious harm to agency - assets and/or operations. If the Congressional liaison information is moved to the - public domain, the confidentiality impact level becomes Not Applicable (NA). Special - Factors Affecting Confidentiality Impact Determination: Some Congressional liaison - information used by Federal agencies (e.g., homeland security, law enforcement, - defense, intelligence community) is very sensitive or even classified national - security information. National security information is outside the scope of this - guideline. The sensitivity level associated with the very sensitive information is - high.
+The confidentiality impact level is the effect of unauthorized disclosure of Congressional liaison information on the ability of responsible agencies to support their formal relationships with U.S. Congress. The effects of loss of confidentiality of information associated with Congressional liaison can facilitate attempts by competing interests to influence and/or impede a specific legislative process or poison inter-branch relations. The consequences to agency programs and even of the ability of an agency to perform its mission can be very serious. Premature public release of information associated with Congressional liaison before internal coordination and review has been conducted can result in unnecessary criticism of the preliminary data or positions, and even damage public confidence in the agency. These consequences are particularly likely where the release includes unedited internal commentary and discussion. In general, unauthorized disclosure of much + Congressional liaison information is likely to result in serious harm to agency assets and/or operations. If the Congressional liaison information is moved to the public domain, the confidentiality impact level becomes Not Applicable (NA). Special Factors Affecting Confidentiality Impact Determination: Some Congressional liaison information used by Federal agencies (e.g., homeland security, law enforcement, defense, intelligence community) is very sensitive or even classified national security information. National security information is outside the scope of this guideline. The sensitivity level associated with the very sensitive information is high.
The provisional confidentiality impact level recommended for Congressional liaison - information is moderate.
+The provisional confidentiality impact level recommended for Congressional liaison information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - Congressional liaison information. Congressional liaison processes are usually - tolerant of delays. Special Factors Affecting Availability Impact Determination: - Excessive recovery delays can result in damage to agency reputation and to interests - associated with specific legislation. This can result in assignment of a moderate - impact level to such information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the Congressional liaison information. Congressional liaison processes are usually tolerant of delays. Special Factors Affecting Availability Impact Determination: Excessive recovery delays can result in damage to agency reputation and to interests associated with specific legislation. This can result in assignment of a moderate impact level to such information.
The provisional availability impact level recommended for Congressional liaison - information is low.
+The provisional availability impact level recommended for Congressional liaison information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information.
The provisional integrity impact level recommended for Congressional liaison - information is low.
+The provisional integrity impact level recommended for Congressional liaison information is low.
Central Fiscal Operations includes the fiscal operations that the Department of - Treasury performs on behalf of the Government.14 [Note: Tax-related functions are - associated with the Taxation Management information type.] Impacts to some - information and information systems associated with central fiscal operations may - affect the security of the critical banking and finance infrastructure. In most - cases, the effect on public welfare of a loss of central fiscal operations - functionality can be expected to be delayed rather than immediate. The potential for - consequent loss of human life or of major national assets is low.
+Central Fiscal Operations includes the fiscal operations that the Department of Treasury performs on behalf of the Government.14 [Note: Tax-related functions are associated with the Taxation Management information type.] Impacts to some information and information systems associated with central fiscal operations may affect the security of the critical banking and finance infrastructure. In most cases, the effect on public welfare of a loss of central fiscal operations functionality can be expected to be delayed rather than immediate. The potential for consequent loss of human life or of major national assets is low.
The confidentiality impact level is the effect of unauthorized disclosure of central - fiscal operations information on the fiscal operations that the Department of - Treasury performs on behalf of the Government. The effects of loss of - confidentiality can reasonably be expected to jeopardize relationships and - administrative actions necessary to mission fulfillment and/or to seriously damage - public confidence in the agency. For example, the unauthorized disclosure of - investigative and enforcement information can have serious economic impact on both - individual companies and the broader market place (e.g., short-term stock market - perturbations). The consequences of such unauthorized disclosures may have a serious - adverse effect on public confidence in the agency. Special Factors Affecting - Confidentiality Impact Determination: Where the operations in question involve - liaison with law enforcement or homeland security organizations, the consequences of - unauthorized disclosure can imperil operations critical to the security of human - life, critical infrastructure protection, ore the protection of key national assets. - For those operations, the consequences to key financial infrastructure elements can - be serious to severe. In such cases, the associated confidentiality impact level - will be high.
+The confidentiality impact level is the effect of unauthorized disclosure of central fiscal operations information on the fiscal operations that the Department of Treasury performs on behalf of the Government. The effects of loss of confidentiality can reasonably be expected to jeopardize relationships and administrative actions necessary to mission fulfillment and/or to seriously damage public confidence in the agency. For example, the unauthorized disclosure of investigative and enforcement information can have serious economic impact on both individual companies and the broader market place (e.g., short-term stock market perturbations). The consequences of such unauthorized disclosures may have a serious adverse effect on public confidence in the agency. Special Factors Affecting Confidentiality Impact Determination: Where the operations in question involve liaison with law enforcement or homeland security organizations, the consequences of unauthorized disclosure can + imperil operations critical to the security of human life, critical infrastructure protection, ore the protection of key national assets. For those operations, the consequences to key financial infrastructure elements can be serious to severe. In such cases, the associated confidentiality impact level will be high.
The confidentiality impact level recommended for most central fiscal operations - information is moderate.
+The confidentiality impact level recommended for most central fiscal operations information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - central fiscal operations information. Central fiscal operations processes are - usually tolerant of delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the central fiscal operations information. Central fiscal operations processes are usually tolerant of delays.
The provisional availability impact level recommended for central fiscal operations - information is low.
+The provisional availability impact level recommended for central fiscal operations information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - external communications that include central fiscal operations information (e.g., - web pages, electronic mail) may adversely affect operations and/or public confidence - in the agency, but the damage to the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications that include central fiscal operations information (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for central fiscal operations - information is normally low.
+The provisional integrity impact level recommended for central fiscal operations information is normally low.
Legislative functions include the service support activities associated with costs of - the Legislative Branch other than the Tax Court, the Library of Congress, and the - Government Printing Office revolving fund.
+Legislative functions include the service support activities associated with costs of the Legislative Branch other than the Tax Court, the Library of Congress, and the Government Printing Office revolving fund.
The confidentiality impact level is the effect of unauthorized disclosure of - legislative functions information on the ability of responsible agencies to provide - service support activities associated with costs of the Legislative Branch other - than the Tax Court, the Library of Congress, and the Government Printing Office - revolving fund. The effects of loss of confidentiality of information associated - with legislative functions can be expected to have only a limited impact on Federal - government assets, operations, or personnel welfare.
+The confidentiality impact level is the effect of unauthorized disclosure of legislative functions information on the ability of responsible agencies to provide service support activities associated with costs of the Legislative Branch other than the Tax Court, the Library of Congress, and the Government Printing Office revolving fund. The effects of loss of confidentiality of information associated with legislative functions can be expected to have only a limited impact on Federal government assets, operations, or personnel welfare.
The provisional confidentiality impact level recommended for legislative functions - information is low.
+The provisional confidentiality impact level recommended for legislative functions information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - legislative service support information. Legislative functions processes are usually - tolerant of delays. Special Factors Affecting Availability Impact Determination: - Excessive recovery delays can result in damage to agency reputation and to interests - associated with specific legislation. This can result in assignment of a moderate - impact level to such information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the legislative service support information. Legislative functions processes are usually tolerant of delays. Special Factors Affecting Availability Impact Determination: Excessive recovery delays can result in damage to agency reputation and to interests associated with specific legislation. This can result in assignment of a moderate impact level to such information.
The provisional availability impact level recommended for legislative functions - information is low.
+The provisional availability impact level recommended for legislative functions information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Misunderstandings resulting from modified information that is actually - exchanged can usually be resolved and any resulting damage to the support function - from modified information that is exchanged would usually be limited. Unauthorized - modification or destruction of information affecting external publication of - legislative service support information (e.g., web pages, electronic mail) may - adversely affect inter-agency relationships, relations with Congress, or public - confidence in the agency. However, damage to the mission would usually be - limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Misunderstandings resulting from modified information that is actually exchanged can usually be resolved and any resulting damage to the support function from modified information that is exchanged would usually be limited. Unauthorized modification or destruction of information affecting external publication of legislative service support information (e.g., web pages, electronic mail) may adversely affect inter-agency relationships, relations with Congress, or public confidence in the agency. However, damage to the mission would usually be limited.
The provisional integrity impact level recommended for legislative functions - information is low.
+The provisional integrity impact level recommended for legislative functions information is low.
The confidentiality impact level associated with the executive information type is - associated with executive functions. The effects of loss of confidentiality of - policies and guidance during the formative stage can result in attempts by affected - entities and other interested parties to influence and/or impede the policy and - guidance development process. Premature public release of formative policies and - guidance before internal coordination and review can result in unnecessary damage to - public confidence in the executive office. These consequences may occur when the - release includes unedited internal commentary and discussion.
+The confidentiality impact level associated with the executive information type is associated with executive functions. The effects of loss of confidentiality of policies and guidance during the formative stage can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guidance development process. Premature public release of formative policies and guidance before internal coordination and review can result in unnecessary damage to public confidence in the executive office. These consequences may occur when the release includes unedited internal commentary and discussion.
The provisional confidentiality impact level recommended for executive functions - information is low.
+The provisional confidentiality impact level recommended for executive functions information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - executive information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the executive information.
The provisional availability impact level recommended for executive functions - information is low.
+The provisional availability impact level recommended for executive functions information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - external communications that contain executive information (e.g., web pages, - electronic mail) may adversely affect public confidence in the government.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications that contain executive information (e.g., web pages, electronic mail) may adversely affect public confidence in the government.
The provisional integrity impact level recommended for executive information is - low.
+The provisional integrity impact level recommended for executive information is low.
Central Property Management involves most of the operations of the General Services - Administration.
+Central Property Management involves most of the operations of the General Services Administration.
The confidentiality impact level is the effect of unauthorized disclosure of central - property management information on the ability of the General Services - Administration to acquire, provide, and centrally administer offices buildings, - fleets, machinery, and other capital assets and consumable supplies used by the - Federal government. The consequences of unauthorized disclosure of most central - property management information are likely to have only a limited adverse effect on - agency operations, agency assets, or individuals. Special Factors Affecting - Confidentiality Impact Determination: Unauthorized disclosure of information - associated with very large procurements can result in fraud, waste, abuse, and/or - legal proceedings that can have a serious to severe effect on Federal government - assets and operations. Also, information associated with acquisition, maintenance, - administration, and operation of many Federal government office buildings, - transportation fleets, and operational facilities can be of material use to - criminals seeking to gain access to Federal facilities to facilitate or perpetrate - fraud, theft, or some other criminal enterprise. In this case, unauthorized - disclosure of information can have a serious adverse effect on agency operations, - agency assets, or individuals. The consequent confidentiality impact would be at - least moderate. Information associated with maintenance, administration, and - operation of other Federal government facilities can be of material use to - terrorists seeking to penetrate and/or commandeer such facilities as part of - operations intended to harm critical infrastructures, key national assets, or - people. Examples of more potentially damaging information include architectural, - maintenance and administrative information that might permit either covert - pedestrian or unimpeded vehicular access to government buildings (e.g., - Congressional office buildings, FBI Headquarters, the National Archives, Smithsonian - Institution buildings, dams, nuclear power plants, etc.). In such cases, the - confidentiality impact level may be high. [Some information is classified as - national security and is outside the scope of this guideline.] Anticipated or - realized unauthorized disclosure of one agency’s central property management - information by GSA could result in negative impacts on cross-jurisdictional - coordination within the central property management infrastructure and the general - effectiveness of organizations tasked with acquiring and managing government - facilities and supplies.
+The confidentiality impact level is the effect of unauthorized disclosure of central property management information on the ability of the General Services Administration to acquire, provide, and centrally administer offices buildings, fleets, machinery, and other capital assets and consumable supplies used by the Federal government. The consequences of unauthorized disclosure of most central property management information are likely to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of information associated with very large procurements can result in fraud, waste, abuse, and/or legal proceedings that can have a serious to severe effect on Federal government assets and operations. Also, information associated with acquisition, maintenance, administration, and operation of many Federal government office buildings, transportation fleets, and + operational facilities can be of material use to criminals seeking to gain access to Federal facilities to facilitate or perpetrate fraud, theft, or some other criminal enterprise. In this case, unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, or individuals. The consequent confidentiality impact would be at least moderate. Information associated with maintenance, administration, and operation of other Federal government facilities can be of material use to terrorists seeking to penetrate and/or commandeer such facilities as part of operations intended to harm critical infrastructures, key national assets, or people. Examples of more potentially damaging information include architectural, maintenance and administrative information that might permit either covert pedestrian or unimpeded vehicular access to government buildings (e.g., Congressional office buildings, FBI Headquarters, the National Archives, + Smithsonian Institution buildings, dams, nuclear power plants, etc.). In such cases, the confidentiality impact level may be high. [Some information is classified as national security and is outside the scope of this guideline.] Anticipated or realized unauthorized disclosure of one agency’s central property management information by GSA could result in negative impacts on cross-jurisdictional coordination within the central property management infrastructure and the general effectiveness of organizations tasked with acquiring and managing government facilities and supplies.
The provisional confidentiality impact level recommended for central property - management information is low.
+The provisional confidentiality impact level recommended for central property management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - central property management information. The functions supported by most central - property management information are tolerant of delays. Typically, the disruption of - access to central property management information will have a limited adverse effect - on agency operations (including mission functions and public confidence in the - agency), agency assets, or individuals. Special Factors Affecting Availability - Impact Determination: Exceptions may include emergency response aspects of disaster - management. In such cases, delays measured in hours can cost lives and major - property damage. Consequently, the availability impact level associated with - unauthorized modification or destruction of central property management information - needed to respond to emergencies may be high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the central property management information. The functions supported by most central property management information are tolerant of delays. Typically, the disruption of access to central property management information will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency response aspects of disaster management. In such cases, delays measured in hours can cost lives and major property damage. Consequently, the availability impact level associated with unauthorized modification or destruction of central property management information needed to respond to emergencies may be high.
The provisional availability impact level recommended for central property management - information is low.
+The provisional availability impact level recommended for central property management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In addition, the consequences of unauthorized modification or - destruction of central property management information usually depends on the - urgency with which the information is needed or the immediacy with which the - information is used. In most cases, it is unlikely that the information will be - time-critical or acted upon immediately. Unauthorized modification or destruction of - information affecting external publication of central property management - information (e.g., web pages, electronic mail) may adversely affect public - confidence in the agency. However, damage to the mission would usually be - limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In addition, the consequences of unauthorized modification or destruction of central property management information usually depends on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be time-critical or acted upon immediately. Unauthorized modification or destruction of information affecting external publication of central property management information (e.g., web pages, electronic mail) may adversely affect public confidence in the agency. However, damage to the mission would usually be limited.
The provisional integrity impact level recommended for central property management - information is low.
+The provisional integrity impact level recommended for central property management information is low.
Central Personnel Management involves most of the operating activities of the Office - of Personnel Management and related agencies.
+Central Personnel Management involves most of the operating activities of the Office of Personnel Management and related agencies.
The confidentiality impact level is the effect of unauthorized disclosure of central - personnel management information on the ability of the Office of Personnel - Management (OPM) to build a high quality and diverse Federal workforce, based on - merit system principles. Central personnel management information includes human - resources management and consulting services, education and leadership development - services, and investigation services. The unauthorized disclosure of most central - personnel management information will have only a limited adverse effect on agency - operations, assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: Very sensitive information is typically personal information subject - to the Privacy Act of 1974. (The Privacy Act Information provisional impact levels - are documented in the Personal Identity and Authentication information type.) Such - information will often be assigned a moderate confidentiality impact level. Some - information associated with investigative services may be particularly sensitive and - require a high confidentiality impact level.
+The confidentiality impact level is the effect of unauthorized disclosure of central personnel management information on the ability of the Office of Personnel Management (OPM) to build a high quality and diverse Federal workforce, based on merit system principles. Central personnel management information includes human resources management and consulting services, education and leadership development services, and investigation services. The unauthorized disclosure of most central personnel management information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Very sensitive information is typically personal information subject to the Privacy Act of 1974. (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) Such information will often be assigned a moderate confidentiality impact level. Some + information associated with investigative services may be particularly sensitive and require a high confidentiality impact level.
The provisional confidentiality impact level recommended for central personnel - management information is low.
+The provisional confidentiality impact level recommended for central personnel management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - central personnel management information. Central personnel management processes are - generally tolerant of reasonable delays. In most cases, disruption of access to - central personnel management information can be expected to have only a limited - adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the central personnel management information. Central personnel management processes are generally tolerant of reasonable delays. In most cases, disruption of access to central personnel management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for central personnel - management information is low.
+The provisional availability impact level recommended for central personnel management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of undetected unauthorized modification or destruction - of central personnel management information can conceivably disrupt central - personnel management operations (e.g., (e.g., by modifying sensitive private - personal information or compromising confidentiality mechanisms). Unauthorized - modification or destruction of information affecting external publication of central - personnel management information (e.g., web pages, electronic mail) may adversely - affect public confidence in the government. However, damage to the mission would - usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of undetected unauthorized modification or destruction of central personnel management information can conceivably disrupt central personnel management operations (e.g., (e.g., by modifying sensitive private personal information or compromising confidentiality mechanisms). Unauthorized modification or destruction of information affecting external publication of central personnel management information (e.g., web pages, electronic mail) may adversely affect public confidence in the government. However, damage to the mission would usually be limited.
The provisional integrity impact level recommended for central personnel management - information is low.
+The provisional integrity impact level recommended for central personnel management information is low.
Taxation Management includes activities associated with the implementation of the - Internal Revenue Code and the collection of taxes in the United States and - abroad.
+Taxation Management includes activities associated with the implementation of the Internal Revenue Code and the collection of taxes in the United States and abroad.
The confidentiality impact level is the effect of unauthorized disclosure of taxation - management information on the ability of the Internal Revenue Service (IRS) to - enforce the Internal Revenue Code and to collect taxes in the United States and - abroad. The IRS Guidebook for Information Sensitivity Analysis provides guidelines - for identifying IRS Official Use Only (OUO) Information. Sensitive information is - identified in the IRM as any information which if lost, stolen, (accessed), or - altered without proper authorization may adversely affect Service operations. The - IRM states that unauthorized disclosure of sensitive information may cause lawsuits - against Service officials as well as the Service, unwanted notoriety for the - Service, and public distrust of the Service’s ability to protect such information – - all of which may result in an increase in noncompliance with tax laws. It notes that - unauthorized release of information such as the name and address of an informant (in - cases of tax evasion or fraud) may threaten a person’s life.17 Additionally, - sensitive information is defined in Section 25.10 of the IRM as information that - requires protection due to the risk or magnitude of loss that could result from - inadvertent or deliberate disclosure of the information. Sensitive information - includes information whose improper use could adversely affect the ability of the - agency to accomplish its mission, proprietary information, records about individuals - that require protection under the Privacy Act, and information not releasable under - the Freedom of Information Act. The IRS OUO guideline notes that prevention of - unauthorized disclosure of information revealing internal matters, the disclosure of - which would risk circumvention of a legal requirement or agency rules and - regulations has assumed an increasingly important role in homeland security. - Unauthorized disclosure of sensitive or private IRS information can be expected to - have a serious effect on both the welfare of individuals and public confidence in - the government. Special Factors Affecting Confidentiality Impact Determination: In - cases where unauthorized disclosure of taxation information can impede - anti-terrorism or other homeland security activities or endanger the lives of agents - or informants, the confidentiality impact level is high.
-The provisional confidentiality impact level recommended for taxation management - information is moderate.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - taxation management information. Taxation management processes are generally - tolerant of limited delays. In most cases, disruption of access to taxation - management information can be expected to have only a limited adverse effect on - overall agency operations, agency assets, or individuals. However, even temporary - loss of availability of taxation management information is likely to have an adverse - effect on public confidence in the agency and on Federal government cash flow. - Special Factors Affecting Availability Impact Determination: While most cases will - result in only limited consequences, repeated disruptions can have a serious adverse - effect on public confidence in the agency. This can significantly degrade the - taxation management mission capability. In such cases, the availability impact might - be moderate. Loss of availability of significant amounts of taxation management - information over long periods of time can do serious harm to Federal government - operations. The economic ramifications would potentially be severe.
-The provisional availability impact level recommended for taxation management - information is low.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In addition, the consequences of unauthorized modification or - destruction of taxation management information may depend on the urgency with which - the information is needed or the immediacy with which the information is used. In - most cases, it is unlikely that the information will be needed urgently or acted - upon immediately. Also, the adverse effects of unauthorized modification or - destruction of taxation management information on overall agency mission functions - is expected to be limited. Special Factors Affecting Integrity Impact Determination: - There is a potential for tax code enforcement, other law enforcement, or - anti-terrorism actions being taken based on modified or incomplete information. - Also, unauthorized modification or destruction of taxation management information - may result in distribution of false and misleading information. Such events can be - expected to adversely affect individuals, operations, and/or public confidence in - the agency. This can significantly degrade the taxation management mission - capability. In extreme cases (e.g., misidentification of an informant), the - consequences can be life threatening. In such cases, a high integrity impact may - exist.
-The provisional integrity impact level recommended for taxation management - information is low.
+The confidentiality impact level is the effect of unauthorized disclosure of taxation management information on the ability of the Internal Revenue Service (IRS) to enforce the Internal Revenue Code and to collect taxes in the United States and abroad. The IRS Guidebook for Information Sensitivity Analysis provides guidelines for identifying IRS Official Use Only (OUO) Information. Sensitive information is identified in the IRM as any information which if lost, stolen, (accessed), or altered without proper authorization may adversely affect Service operations. The IRM states that unauthorized disclosure of sensitive information may cause lawsuits against Service officials as well as the Service, unwanted notoriety for the Service, and public distrust of the Service’s ability to protect such information – all of which may result in an increase in noncompliance with tax laws. It notes that unauthorized release of information such as the name and address of an informant (in + cases of tax evasion or fraud) may threaten a person’s life.17 Additionally, sensitive information is defined in Section 25.10 of the IRM as information that requires protection due to the risk or magnitude of loss that could result from inadvertent or deliberate disclosure of the information. Sensitive information includes information whose improper use could adversely affect the ability of the agency to accomplish its mission, proprietary information, records about individuals that require protection under the Privacy Act, and information not releasable under the Freedom of Information Act. The IRS OUO guideline notes that prevention of unauthorized disclosure of information revealing internal matters, the disclosure of which would risk circumvention of a legal requirement or agency rules and regulations has assumed an increasingly important role in homeland security. Unauthorized disclosure of sensitive or private IRS information can be expected to have a serious + effect on both the welfare of individuals and public confidence in the government. Special Factors Affecting Confidentiality Impact Determination: In cases where unauthorized disclosure of taxation information can impede anti-terrorism or other homeland security activities or endanger the lives of agents or informants, the confidentiality impact level is high.
+ +The provisional confidentiality impact level recommended for taxation management information is moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the taxation management information. Taxation management processes are generally tolerant of limited delays. In most cases, disruption of access to taxation management information can be expected to have only a limited adverse effect on overall agency operations, agency assets, or individuals. However, even temporary loss of availability of taxation management information is likely to have an adverse effect on public confidence in the agency and on Federal government cash flow. Special Factors Affecting Availability Impact Determination: While most cases will result in only limited consequences, repeated disruptions can have a serious adverse effect on public confidence in the agency. This can significantly degrade the taxation management mission capability. In such cases, the availability impact might be moderate. Loss + of availability of significant amounts of taxation management information over long periods of time can do serious harm to Federal government operations. The economic ramifications would potentially be severe.
+The provisional availability impact level recommended for taxation management information is low.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In addition, the consequences of unauthorized modification or destruction of taxation management information may depend on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be needed urgently or acted upon immediately. Also, the adverse effects of unauthorized modification or destruction of taxation management information on overall agency mission functions is expected to be limited. Special Factors Affecting Integrity Impact Determination: There is a potential for tax code enforcement, other law enforcement, or anti-terrorism actions being taken based on modified or incomplete information. Also, unauthorized modification or destruction of taxation management information may result in + distribution of false and misleading information. Such events can be expected to adversely affect individuals, operations, and/or public confidence in the agency. This can significantly degrade the taxation management mission capability. In extreme cases (e.g., misidentification of an informant), the consequences can be life threatening. In such cases, a high integrity impact may exist.
+The provisional integrity impact level recommended for taxation management information is low.
Central Records and Statistics Management involves the operations surrounding the - management of official documents, statistics, and records for the entire Federal - Government. This information type is intended to include information and information - systems associated with the management of records and statistics for the Federal - government as a whole, such as the records management performed by NARA or the - statistics and data collection performed by the Bureau of the Census. Note: Many - agencies perform records and statistics management for a particular business - function and as such should be mapped to the service support, management, or mission - area associated with that business function. The central records and statistics - management information type is intended for functions performed on behalf of the - entire Federal government.
+Central Records and Statistics Management involves the operations surrounding the management of official documents, statistics, and records for the entire Federal Government. This information type is intended to include information and information systems associated with the management of records and statistics for the Federal government as a whole, such as the records management performed by NARA or the statistics and data collection performed by the Bureau of the Census. Note: Many agencies perform records and statistics management for a particular business function and as such should be mapped to the service support, management, or mission area associated with that business function. The central records and statistics management information type is intended for functions performed on behalf of the entire Federal government.
The confidentiality impact level is the effect of unauthorized disclosure of central - records and statistics management information on the ability of responsible agencies - to manage official documents, statistics, and records for the entire Federal - Government. Unauthorized disclosure of raw data and other source information for - central records and statistics management operations is likely to violate the - Privacy Act of 1974 and other regulations applicable to the dissemination of - personal and government information. (The provisional impact levels for personnel - information are documented in the Personal Identity and Authentication, Income, - Representative Payee, and Entitlement Event information types.) Special Factors - Affecting Confidentiality Impact Determination: Unauthorized disclosure of some - centrally managed records can pose a threat to human life or a loss of major assets. - In such cases, the confidentiality impact is high.
+The confidentiality impact level is the effect of unauthorized disclosure of central records and statistics management information on the ability of responsible agencies to manage official documents, statistics, and records for the entire Federal Government. Unauthorized disclosure of raw data and other source information for central records and statistics management operations is likely to violate the Privacy Act of 1974 and other regulations applicable to the dissemination of personal and government information. (The provisional impact levels for personnel information are documented in the Personal Identity and Authentication, Income, Representative Payee, and Entitlement Event information types.) Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some centrally managed records can pose a threat to human life or a loss of major assets. In such cases, the confidentiality impact is high.
The provisional confidentiality impact level recommended for central records and - statistics management information is moderate.
+The provisional confidentiality impact level recommended for central records and statistics management information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - central records and statistics management information. Central records and - statistics management processes are generally tolerant of reasonable delays. - Generally, disruption of access to central records and statistics management - information can be expected to have only a limited adverse effect on agency - operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the central records and statistics management information. Central records and statistics management processes are generally tolerant of reasonable delays. Generally, disruption of access to central records and statistics management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for central records and - statistics management information is low.
+The provisional availability impact level recommended for central records and statistics management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In addition, the consequences of unauthorized modification or - destruction of central records and statistics management information may depend on - the urgency with which the information is needed or the immediacy with which the - information is used. In most cases, it is unlikely that the information will be - time-critical or acted upon immediately.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In addition, the consequences of unauthorized modification or destruction of central records and statistics management information may depend on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be time-critical or acted upon immediately.
The provisional integrity impact level recommended for central records and statistics - management information is low.
+The provisional integrity impact level recommended for central records and statistics management information is low.
Income information includes all the wages, self-employment earnings, savings data and - other financial resources information that is needed to help determine the amount of - Retirement, Survivor, or Disability benefits that individuals may be entitled to - receive or not receive from the Supplementary Security Income or RSDI Title II - Programs. In most cases, the impact levels are based on the effects of unauthorized - disclosure, modification, or loss of availability of income information on the - ability of the Federal government to identify citizen entitlements and obligations - and to protect individuals against identity theft and the Federal government against - fraud.
+Income information includes all the wages, self-employment earnings, savings data and other financial resources information that is needed to help determine the amount of Retirement, Survivor, or Disability benefits that individuals may be entitled to receive or not receive from the Supplementary Security Income or RSDI Title II Programs. In most cases, the impact levels are based on the effects of unauthorized disclosure, modification, or loss of availability of income information on the ability of the Federal government to identify citizen entitlements and obligations and to protect individuals against identity theft and the Federal government against fraud.
The confidentiality impact level is based on the effects of unauthorized disclosure - of income information on the ability of the Federal government to identify citizen - entitlements and obligations and to protect individuals against identity theft and - the Federal government against fraud. Unauthorized disclosure of raw data and other - source information for benefits determination and revenue collection operations is - likely to violate the Privacy Act of 1974 and other regulations applicable to the - dissemination of personal and government information. Unauthorized disclosure of - centrally managed income information can have a serious adverse effect on agency - missions. Therefore, for agencies that manage large income information involving - records of the general public, the provisional confidentiality impact level can be - expected to be at least moderate.
+The confidentiality impact level is based on the effects of unauthorized disclosure of income information on the ability of the Federal government to identify citizen entitlements and obligations and to protect individuals against identity theft and the Federal government against fraud. Unauthorized disclosure of raw data and other source information for benefits determination and revenue collection operations is likely to violate the Privacy Act of 1974 and other regulations applicable to the dissemination of personal and government information. Unauthorized disclosure of centrally managed income information can have a serious adverse effect on agency missions. Therefore, for agencies that manage large income information involving records of the general public, the provisional confidentiality impact level can be expected to be at least moderate.
The provisional confidentiality impact level recommended for income information is - moderate.
+The provisional confidentiality impact level recommended for income information is moderate.
The availability impact level is based on the specific purpose to which income - information is put; and not on the time required to re-establish access to the - income information. Benefits determination and liability calculation (e.g., - taxation) processes are generally tolerant of reasonable delays. In many cases, - disruption of access to income information can be expected to have only a limited - adverse effect on agency operations, agency assets, or individuals. Special Factors - Affecting Availability Impact Determination: In the case of very large data bases - containing income information relating to the general public, there is a significant - probability that processing delays will affect the benefits entitlements or - liabilities (e.g., tax liabilities) of large numbers of individuals. The larger the - number of records affected, the longer the delays that can be expected to result. - This can result in financial hardship for citizens and in serious disruption of the - agency operations due to large time and resource requirements for backlog - processing. In such cases, the availability impact level would be at least moderate. - In the case of permanent loss of records, the impact might even be high.
-The provisional availability impact level recommended for income information is - moderate.
+The availability impact level is based on the specific purpose to which income information is put; and not on the time required to re-establish access to the income information. Benefits determination and liability calculation (e.g., taxation) processes are generally tolerant of reasonable delays. In many cases, disruption of access to income information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In the case of very large data bases containing income information relating to the general public, there is a significant probability that processing delays will affect the benefits entitlements or liabilities (e.g., tax liabilities) of large numbers of individuals. The larger the number of records affected, the longer the delays that can be expected to result. This can result in financial hardship for citizens and in serious disruption of the agency + operations due to large time and resource requirements for backlog processing. In such cases, the availability impact level would be at least moderate. In the case of permanent loss of records, the impact might even be high.
+ +The provisional availability impact level recommended for income information is moderate.
The integrity impact level is based on the specific purpose to which income - information is put; and not on the time required to detect the modification or - destruction of information. In the case of very large data bases containing income - information relating to the general public, there is a significant probability that - erroneous actions will be taken affecting the benefits entitlements or liabilities - (e.g., tax liabilities) of large numbers of individuals. This can result in at least - short-term financial hardship for citizens. It can also be expected to result in - very serious disruption of the agency operations due to large time and resource - requirements for taking corrective actions. In such cases, the integrity impact - level would be at least moderate. Special Factors Affecting Integrity Impact - Determination: In the case of smaller organizations, and where the information - affected is limited to employees, the consequences may justify only a low - provisional impact rating.
+The integrity impact level is based on the specific purpose to which income information is put; and not on the time required to detect the modification or destruction of information. In the case of very large data bases containing income information relating to the general public, there is a significant probability that erroneous actions will be taken affecting the benefits entitlements or liabilities (e.g., tax liabilities) of large numbers of individuals. This can result in at least short-term financial hardship for citizens. It can also be expected to result in very serious disruption of the agency operations due to large time and resource requirements for taking corrective actions. In such cases, the integrity impact level would be at least moderate. Special Factors Affecting Integrity Impact Determination: In the case of smaller organizations, and where the information affected is limited to employees, the consequences may justify only a low provisional impact + rating.
The provisional integrity impact level recommended for income information is - moderate.
+The provisional integrity impact level recommended for income information is moderate.
Personal identity and authentication information includes that information necessary - to ensure that all persons who are potentially entitled to receive any federal - benefit are enumerated and identified so that Federal agencies can have reasonable - assurance that they are paying or communicating with the right individuals. This - information include individual citizen’s Social Security Numbers, names, dates of - birth, places of birth, parents’ names, etc.
+Personal identity and authentication information includes that information necessary to ensure that all persons who are potentially entitled to receive any federal benefit are enumerated and identified so that Federal agencies can have reasonable assurance that they are paying or communicating with the right individuals. This information include individual citizen’s Social Security Numbers, names, dates of birth, places of birth, parents’ names, etc.
The confidentiality impact level is based on the effects of unauthorized disclosure - of personal identity and authentication information on the ability of Federal - agencies to determine that communications with and payments to individuals are being - made with or to the correct individuals - and to protect individuals against - identity theft and the Federal government against fraud. Unauthorized disclosure of - raw data and other source information for identity authentication operations is - likely to violate the Privacy Act of 1974 and other regulations applicable to the - dissemination of personal and government information. There are many cases in which - unauthorized disclosure of personal identity and authentication information will - have only a limited adverse effect on government operations, assets, or individuals. - However, the potential for use of such information by criminals to perpetrate - identity theft and related fraud can do serious harm to individuals. Unauthorized - disclosure of centrally managed personal identity and authentication information, - such as passport and visa control databases can have a serious adverse effect on - agency missions. Special Factors Affecting Confidentiality Impact Determination: For - agencies that manage large income information involving records of the general - public, the provisional confidentiality impact level can be expected to be at least - moderate. Where personal identity and authentication information is used in - controlling access to facilities (e.g., Federal facilities, critical infrastructure - facilities, key national assets) or for border control purposes, the consequences of - unauthorized disclosure that permits credentials forgery can justify a high impact - assignment.
-The provisional confidentiality impact level recommended for personal identity and - authentication information is moderate.
-The availability impact level is based on the specific purpose to which personal - identity and authentication information is put; and not on the time required to - re-establish access to the personal identity and authentication information. - Benefits determination processes are generally tolerant of reasonable delays. In - many cases, disruption of access to personal identity and authentication information - can be expected to have only a limited adverse effect on agency operations, agency - assets, or individuals. Special Factors Affecting Availability Impact Determination: - In the case of very large data bases containing personal identity and authentication - information relating to the general public, there is a significant probability that - processing delays will affect the benefits entitlements of or access to facilities - by large numbers of individuals. The larger the number of records affected, the - longer the delays that can be expected to result. This can result in financial - hardship for citizens and in serious disruption of the agency operations due to - large time and resource requirements for backlog processing. In such cases, the - availability impact level would be at least moderate. In the case of permanent loss - of records or access to facilities by emergency personnel, the impact might even be - high.
+The confidentiality impact level is based on the effects of unauthorized disclosure of personal identity and authentication information on the ability of Federal agencies to determine that communications with and payments to individuals are being made with or to the correct individuals - and to protect individuals against identity theft and the Federal government against fraud. Unauthorized disclosure of raw data and other source information for identity authentication operations is likely to violate the Privacy Act of 1974 and other regulations applicable to the dissemination of personal and government information. There are many cases in which unauthorized disclosure of personal identity and authentication information will have only a limited adverse effect on government operations, assets, or individuals. However, the potential for use of such information by criminals to perpetrate identity theft and related fraud can do serious harm to individuals. Unauthorized + disclosure of centrally managed personal identity and authentication information, such as passport and visa control databases can have a serious adverse effect on agency missions. Special Factors Affecting Confidentiality Impact Determination: For agencies that manage large income information involving records of the general public, the provisional confidentiality impact level can be expected to be at least moderate. Where personal identity and authentication information is used in controlling access to facilities (e.g., Federal facilities, critical infrastructure facilities, key national assets) or for border control purposes, the consequences of unauthorized disclosure that permits credentials forgery can justify a high impact assignment.
+ +The provisional confidentiality impact level recommended for personal identity and authentication information is moderate.
+The availability impact level is based on the specific purpose to which personal identity and authentication information is put; and not on the time required to re-establish access to the personal identity and authentication information. Benefits determination processes are generally tolerant of reasonable delays. In many cases, disruption of access to personal identity and authentication information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In the case of very large data bases containing personal identity and authentication information relating to the general public, there is a significant probability that processing delays will affect the benefits entitlements of or access to facilities by large numbers of individuals. The larger the number of records affected, the longer the delays that can be expected to result. This can result in financial + hardship for citizens and in serious disruption of the agency operations due to large time and resource requirements for backlog processing. In such cases, the availability impact level would be at least moderate. In the case of permanent loss of records or access to facilities by emergency personnel, the impact might even be high.
The provisional availability impact level recommended for personal identity and - authentication information is moderate.
+The provisional availability impact level recommended for personal identity and authentication information is moderate.
The integrity impact level is based on the specific purpose to which personal - identity and authentication information is put; and not on the time required to - detect the modification or destruction of information. In the case of very large - databases containing personal identity and authentication information relating to - the general public, there is a significant probability that erroneous actions will - be taken affecting benefits entitlements of or access to facilities by large numbers - of individuals. In the case of benefits, this can result in at least short-term - financial hardship for citizens. It can also be expected to result in very serious - disruption of the agency operations due to large time and resource requirements for - taking corrective actions. Special Factors Affecting Integrity Impact Determination: - In the case of smaller organizations, and where the information affected is limited - to employees, there will still be an impact, but the consequences may justify only a - low provisional impact rating. Where a data modification permits access to - facilities (or ingress into the United States) by individuals to whom access should - be prohibited, the integrity impact could be high.
+The integrity impact level is based on the specific purpose to which personal identity and authentication information is put; and not on the time required to detect the modification or destruction of information. In the case of very large databases containing personal identity and authentication information relating to the general public, there is a significant probability that erroneous actions will be taken affecting benefits entitlements of or access to facilities by large numbers of individuals. In the case of benefits, this can result in at least short-term financial hardship for citizens. It can also be expected to result in very serious disruption of the agency operations due to large time and resource requirements for taking corrective actions. Special Factors Affecting Integrity Impact Determination: In the case of smaller organizations, and where the information affected is limited to employees, there will still be an impact, but the consequences may justify + only a low provisional impact rating. Where a data modification permits access to facilities (or ingress into the United States) by individuals to whom access should be prohibited, the integrity impact could be high.
The provisional integrity impact level recommended for personal identity and - authentication information is moderate.
+The provisional integrity impact level recommended for personal identity and authentication information is moderate.
Entitlement event information includes information about events such as death and - date of occurrence, date of a disabling event and the relating data that can - reasonably prove the severity of such disability, proof of age for retirement - benefits, birth and relationship of spouse and/or children who may be entitled to - benefits only as auxiliaries of the primary beneficiary, and other related - information needed to process a claim for benefits. This also includes means-related - information required to administer all the means related benefits associated with - the Title XVI (Supplementary Security Income Program) and the new drug provisions of - the recently revised Medicare Program.
+Entitlement event information includes information about events such as death and date of occurrence, date of a disabling event and the relating data that can reasonably prove the severity of such disability, proof of age for retirement benefits, birth and relationship of spouse and/or children who may be entitled to benefits only as auxiliaries of the primary beneficiary, and other related information needed to process a claim for benefits. This also includes means-related information required to administer all the means related benefits associated with the Title XVI (Supplementary Security Income Program) and the new drug provisions of the recently revised Medicare Program.
The confidentiality impact level is based on the effects of unauthorized disclosure - of entitlement event information on the ability of the Federal government to - establish qualifications of individuals to receive government benefits - and to - protect individuals and the Federal government against fraud. Unauthorized - disclosure of raw data and other source information for entitlement operations is - likely to violate the Privacy Act of 1974 and other regulations applicable to the - dissemination of personal information. Unauthorized disclosure of centrally managed - entitlement event information can have a serious adverse effect on agency missions. - Therefore for agencies that manage large income information involving records of the - general public, the provisional confidentiality impact level can be expected to be - at least moderate.
-The provisional confidentiality impact level recommended for entitlement event - information is moderate.
-The availability impact level is based on the specific use of the entitlement event - information and not on the time required to re-establish access to the income - information. Benefits determination processes are generally tolerant of reasonable - delays. In many cases, disruption of access to entitlement event information can be - expected to have only a limited adverse effect on agency operations, agency assets, - or individuals. Special Factors Affecting Availability Impact Determination: In the - case of very large data bases containing entitlement event information relating to - the general public, there is a significant probability that processing delays will - affect the benefits entitlements of large numbers of individuals. The larger the - number of records affected, the longer the delays that can be expected to result. - This can result in financial hardship for citizens. It can also result in very - serious disruption of the agency operations due to large time and resource - requirements for backlog processing. In such cases, the availability impact level - would be at least moderate. In the case of permanent loss of records, the impact - might even be high.
-The provisional availability impact level recommended for income information is - moderate.
+The confidentiality impact level is based on the effects of unauthorized disclosure of entitlement event information on the ability of the Federal government to establish qualifications of individuals to receive government benefits - and to protect individuals and the Federal government against fraud. Unauthorized disclosure of raw data and other source information for entitlement operations is likely to violate the Privacy Act of 1974 and other regulations applicable to the dissemination of personal information. Unauthorized disclosure of centrally managed entitlement event information can have a serious adverse effect on agency missions. Therefore for agencies that manage large income information involving records of the general public, the provisional confidentiality impact level can be expected to be at least moderate.
+ +The provisional confidentiality impact level recommended for entitlement event information is moderate.
+The availability impact level is based on the specific use of the entitlement event information and not on the time required to re-establish access to the income information. Benefits determination processes are generally tolerant of reasonable delays. In many cases, disruption of access to entitlement event information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In the case of very large data bases containing entitlement event information relating to the general public, there is a significant probability that processing delays will affect the benefits entitlements of large numbers of individuals. The larger the number of records affected, the longer the delays that can be expected to result. This can result in financial hardship for citizens. It can also result in very serious disruption of the agency operations due to large time and resource + requirements for backlog processing. In such cases, the availability impact level would be at least moderate. In the case of permanent loss of records, the impact might even be high.
+The provisional availability impact level recommended for income information is moderate.
The integrity impact level is based on the specific use of the entitlement event - information and not on the time required to detect the modification or destruction - of information. In the case of very large databases containing entitlement event - information relating to the general public, there is a significant probability that - erroneous actions will be taken affecting the benefits entitlements of large numbers - of individuals. This can result in at least short-term financial hardship for - citizens. It can also be expected to result in serious disruption of the agency - operations due to the time and resource requirements for taking corrective actions. - In such cases, the integrity impact level would be at least moderate. Special - Factors Affecting Integrity Impact Determination: In the case of smaller - organizations, and where the information affected is limited to employees, the - consequences may justify only a low provisional impact rating.
+The integrity impact level is based on the specific use of the entitlement event information and not on the time required to detect the modification or destruction of information. In the case of very large databases containing entitlement event information relating to the general public, there is a significant probability that erroneous actions will be taken affecting the benefits entitlements of large numbers of individuals. This can result in at least short-term financial hardship for citizens. It can also be expected to result in serious disruption of the agency operations due to the time and resource requirements for taking corrective actions. In such cases, the integrity impact level would be at least moderate. Special Factors Affecting Integrity Impact Determination: In the case of smaller organizations, and where the information affected is limited to employees, the consequences may justify only a low provisional impact rating.
The provisional integrity impact level recommended for entitlement event information - is moderate.
+The provisional integrity impact level recommended for entitlement event information is moderate.
Representative payee information includes the information required to determine the - need for representative payees and the data that is gathered to make the - determination of who should serve as the representative payee for all beneficiaries - of federal benefits who are unable to manage their own funds. This also includes - accountability information required to provide reasonable assurance that the funds - are being used appropriately for the well being of entitled individuals.
+Representative payee information includes the information required to determine the need for representative payees and the data that is gathered to make the determination of who should serve as the representative payee for all beneficiaries of federal benefits who are unable to manage their own funds. This also includes accountability information required to provide reasonable assurance that the funds are being used appropriately for the well being of entitled individuals.
The confidentiality impact level is based on the effects of unauthorized disclosure - of representative payee information on the ability of the Federal government to - determine that entitlement funds are being used appropriately for the well being of - entitled individuals - and to protect individuals against identity theft and the - Federal government against fraud. Unauthorized disclosure of data for representative - payee operations is likely to violate the Privacy Act of 1974 and other regulations - applicable to the dissemination of personal information. Unauthorized disclosure of - centrally managed representative payee information can have a serious adverse effect - on agency missions and on large numbers of individuals. Therefore, in the case of - large representative payee information databases, the provisional confidentiality - impact level can be expected to be at least moderate.
+The confidentiality impact level is based on the effects of unauthorized disclosure of representative payee information on the ability of the Federal government to determine that entitlement funds are being used appropriately for the well being of entitled individuals - and to protect individuals against identity theft and the Federal government against fraud. Unauthorized disclosure of data for representative payee operations is likely to violate the Privacy Act of 1974 and other regulations applicable to the dissemination of personal information. Unauthorized disclosure of centrally managed representative payee information can have a serious adverse effect on agency missions and on large numbers of individuals. Therefore, in the case of large representative payee information databases, the provisional confidentiality impact level can be expected to be at least moderate.
The provisional confidentiality impact level recommended for representative payee - information is moderate.
+The provisional confidentiality impact level recommended for representative payee information is moderate.
The availability impact level is based on the specific use of the representative - payee information and not on the time required to re-establish access to the - representative payee information. Benefits payment processes are not necessarily - tolerant of delays. In many cases, disruption of access to representative payee - information can be expected to have a very serious adverse effect on individuals. - Special Factors Affecting Availability Impact Determination: In the case of very - large data bases containing representative payee information relating to the general - public, there is a significant probability that processing delays will affect the - benefits payments to large numbers of individuals. The larger the number of records - affected, the longer the delays that can be expected to result. This can result in - financial hardship for some individuals and in serious disruption of agency - operations. In such cases, the availability impact level would be at least moderate. - In the case of permanent loss of records, the impact might even be high.
+The availability impact level is based on the specific use of the representative payee information and not on the time required to re-establish access to the representative payee information. Benefits payment processes are not necessarily tolerant of delays. In many cases, disruption of access to representative payee information can be expected to have a very serious adverse effect on individuals. Special Factors Affecting Availability Impact Determination: In the case of very large data bases containing representative payee information relating to the general public, there is a significant probability that processing delays will affect the benefits payments to large numbers of individuals. The larger the number of records affected, the longer the delays that can be expected to result. This can result in financial hardship for some individuals and in serious disruption of agency operations. In such cases, the availability impact level would be at least moderate. In the + case of permanent loss of records, the impact might even be high.
The provisional availability impact level recommended for representative payee - information is moderate.
+The provisional availability impact level recommended for representative payee information is moderate.
The integrity impact level is based on the specific use of the payee information and - not on the time required to detect the modification or destruction of information. - In the case of very large databases containing representative payee information - relating to the general public, there is a significant probability that erroneous - actions will be taken affecting the benefits payments to large numbers of - individuals. This can result in at least short-term financial hardship for our most - vulnerable citizens. Loss of integrity can result in serious disruption of the - agency operations. In such cases, the integrity impact level would be at least - moderate. Special Factors Affecting Integrity Impact Determination: In the case of - fraudulent diversion of payments intended for particularly dependent individuals, - there can be life-threatening consequences. In such cases, a high integrity impact - rating may be justified.
+The integrity impact level is based on the specific use of the payee information and not on the time required to detect the modification or destruction of information. In the case of very large databases containing representative payee information relating to the general public, there is a significant probability that erroneous actions will be taken affecting the benefits payments to large numbers of individuals. This can result in at least short-term financial hardship for our most vulnerable citizens. Loss of integrity can result in serious disruption of the agency operations. In such cases, the integrity impact level would be at least moderate. Special Factors Affecting Integrity Impact Determination: In the case of fraudulent diversion of payments intended for particularly dependent individuals, there can be life-threatening consequences. In such cases, a high integrity impact rating may be justified.
The provisional integrity impact level recommended for representative payee - information is moderate.
+The provisional integrity impact level recommended for representative payee information is moderate.
An additional management and support sub-function information type has been defined - to address General Information as a catch-all information type that may not be - defined by the FEA BRM. As such, agencies may find it necessary to identify - additional information types not defined in the BRM and assign impact levels to - those types. Agency personnel may uniquely identify information types using a FIPS - 199 process to identify information not contained neatly in the FEA BRM. Not all of - these information types are likely to have the same impact levels. The impacts to - some information types will jeopardize system functionality and the agency mission - more than other information types. General Information impact levels must be - assessed in the context of the agencies mission.
+An additional management and support sub-function information type has been defined to address General Information as a catch-all information type that may not be defined by the FEA BRM. As such, agencies may find it necessary to identify additional information types not defined in the BRM and assign impact levels to those types. Agency personnel may uniquely identify information types using a FIPS 199 process to identify information not contained neatly in the FEA BRM. Not all of these information types are likely to have the same impact levels. The impacts to some information types will jeopardize system functionality and the agency mission more than other information types. General Information impact levels must be assessed in the context of the agencies mission.
The confidentiality impact level is based on the effects of unauthorized disclosure - of representative general information on the ability of the agency to accomplish its - mission.
+The confidentiality impact level is based on the effects of unauthorized disclosure of representative general information on the ability of the agency to accomplish its mission.
The provisional confidentiality impact level recommended for general information is - low.
+The provisional confidentiality impact level recommended for general information is low.
The availability impact level is based on the specific use of the general information - and not on the time required to re-establish access to the general information.
+The availability impact level is based on the specific use of the general information and not on the time required to re-establish access to the general information.
The provisional availability impact level recommended for general information is - low.
+The provisional availability impact level recommended for general information is low.
The integrity impact level is based on the specific use of the general information - and not on the time required to detect the modification or destruction of - information.
+The integrity impact level is based on the specific use of the general information and not on the time required to detect the modification or destruction of information.
The provisional integrity impact level recommended for general information is - low.
+The provisional integrity impact level recommended for general information is low.
Facilities, Fleet, and Equipment management involves the maintenance, administration, - certification, and operation of office buildings, fleets, machinery, and other - capital assets considered as possessions of the Federal government. Impacts to some - information and information systems associated with facilities, fleet, and equipment - management may affect the security of some key national assets (e.g., nuclear power - plants, dams, and other government facilities).
+Facilities, Fleet, and Equipment management involves the maintenance, administration, certification, and operation of office buildings, fleets, machinery, and other capital assets considered as possessions of the Federal government. Impacts to some information and information systems associated with facilities, fleet, and equipment management may affect the security of some key national assets (e.g., nuclear power plants, dams, and other government facilities).
The confidentiality impact level is the effect of unauthorized disclosure of - facilities, fleet, and equipment management information on the ability of - responsible agencies to maintain, administer, and operate offices buildings, fleets, - machinery, and other capital assets of the Federal government. The consequences of - unauthorized disclosure of most facilities, fleet, and equipment management - information are likely to have only a limited adverse effect on agency operations, - agency assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: Information associated with maintenance, administration, and - operation of many Federal government office buildings, transportation fleets, and - operational facilities can be of material use to criminals seeking to gain access to - Federal facilities in order to facilitate or perpetrate fraud, theft, or some other - criminal enterprise (e.g., extract inmates from Federal detention facilities). In - this case, unauthorized disclosure of information can have a serious adverse effect - on agency operations, agency assets, or individuals. The consequent confidentiality - impact would be at least moderate. Information associated with maintenance, - administration, and operation of other Federal government office buildings, - transportation fleets, and operational facilities can be of material use to - terrorists seeking to penetrate and/or commandeer such facilities as part of - operations intended to harm critical infrastructures, key national assets, or - people. Examples of this information include information that reveals specific - measures respecting limiting access to and operation of government aircraft, - maintenance and administrative information that might permit either covert - pedestrian or unimpeded vehicular access to government buildings (e.g., - Congressional office buildings, FBI Headquarters, the National Archives, Smithsonian - Institution buildings, dams, nuclear power plants, etc.), and schedules/itineraries - of government surface transportation fleets (e.g., for transport of executive - personnel or hazardous materials). In these cases, the confidentiality impact must - be considered to be high. [Some information regarding transportation and storage of - nuclear materials is classified as national security related and is outside the - scope of this guideline. Other information, such as Nuclear Regulatory Commission - “SAFEGUARDS” information is not national security information, but must have a high - confidentiality impact level.] Anticipated or realized unauthorized disclosure of - one agency’s facilities, fleet, and equipment management information by another - agency could result in negative impacts on cross-jurisdictional coordination within - the facilities, fleet, and equipment management infrastructure and the general - effectiveness of organizations tasked with facilities, fleet, and/or equipment - management.
+The confidentiality impact level is the effect of unauthorized disclosure of facilities, fleet, and equipment management information on the ability of responsible agencies to maintain, administer, and operate offices buildings, fleets, machinery, and other capital assets of the Federal government. The consequences of unauthorized disclosure of most facilities, fleet, and equipment management information are likely to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Information associated with maintenance, administration, and operation of many Federal government office buildings, transportation fleets, and operational facilities can be of material use to criminals seeking to gain access to Federal facilities in order to facilitate or perpetrate fraud, theft, or some other criminal enterprise (e.g., extract inmates from Federal detention facilities). In this case, + unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, or individuals. The consequent confidentiality impact would be at least moderate. Information associated with maintenance, administration, and operation of other Federal government office buildings, transportation fleets, and operational facilities can be of material use to terrorists seeking to penetrate and/or commandeer such facilities as part of operations intended to harm critical infrastructures, key national assets, or people. Examples of this information include information that reveals specific measures respecting limiting access to and operation of government aircraft, maintenance and administrative information that might permit either covert pedestrian or unimpeded vehicular access to government buildings (e.g., Congressional office buildings, FBI Headquarters, the National Archives, Smithsonian Institution buildings, dams, nuclear power plants, + etc.), and schedules/itineraries of government surface transportation fleets (e.g., for transport of executive personnel or hazardous materials). In these cases, the confidentiality impact must be considered to be high. [Some information regarding transportation and storage of nuclear materials is classified as national security related and is outside the scope of this guideline. Other information, such as Nuclear Regulatory Commission “SAFEGUARDS” information is not national security information, but must have a high confidentiality impact level.] Anticipated or realized unauthorized disclosure of one agency’s facilities, fleet, and equipment management information by another agency could result in negative impacts on cross-jurisdictional coordination within the facilities, fleet, and equipment management infrastructure and the general effectiveness of organizations tasked with facilities, fleet, and/or equipment management.
The provisional confidentiality impact level recommended for facilities, fleet, and - equipment management information is low.
+The provisional confidentiality impact level recommended for facilities, fleet, and equipment management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - facilities, fleet, and equipment management information. Functions supported by most - facilities, fleet, and equipment management information are tolerant of delays. - Typically, disruption of access to facilities, fleet, and equipment management - information has a limited adverse effect on agency operations (including mission - functions and public confidence in the agency), agency assets, or individuals. - Special Factors Affecting Availability Impact Determination: Exceptions may include - emergency response aspects of disaster management or leadership protection. In such - cases, delays measured in seconds can cost lives and major property damage. - Consequently, the availability impact level associated with unauthorized - modification or destruction of facilities, fleet, and equipment management - information needed to respond to emergencies will be high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the facilities, fleet, and equipment management information. Functions supported by most facilities, fleet, and equipment management information are tolerant of delays. Typically, disruption of access to facilities, fleet, and equipment management information has a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency response aspects of disaster management or leadership protection. In such cases, delays measured in seconds can cost lives and major property damage. Consequently, the availability impact level associated with unauthorized modification or destruction of facilities, fleet, and equipment management information needed to respond to + emergencies will be high.
The provisional availability impact level recommended for facilities, fleet, and - equipment management information is low.
+The provisional availability impact level recommended for facilities, fleet, and equipment management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In addition, the consequences of unauthorized modification to or - destruction of facilities, fleet, and equipment management information may depend on - the urgency with which the information is needed or the immediacy with which the - information is used. In most cases, it is unlikely that the information will be - time-critical or acted upon immediately. Special Factors Affecting Integrity Impact - Determination: Exceptions may include emergency response aspects of disaster - management or leadership protection. In such cases, the integrity impact level - associated with unauthorized modification or destruction of facilities, fleet, and - equipment management information can be high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In addition, the consequences of unauthorized modification to or destruction of facilities, fleet, and equipment management information may depend on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be time-critical or acted upon immediately. Special Factors Affecting Integrity Impact Determination: Exceptions may include emergency response aspects of disaster management or leadership protection. In such cases, the integrity impact level associated with unauthorized modification or destruction of facilities, fleet, and equipment management information can be high.
The provisional integrity impact level recommended for facilities, fleet, and - equipment management information is low.
+The provisional integrity impact level recommended for facilities, fleet, and equipment management information is low.
Help Desk Services involves the management of a service center to respond to - government employees' technical and administrative questions.
+Help Desk Services involves the management of a service center to respond to government employees' technical and administrative questions.
The confidentiality impact level is the effect of unauthorized disclosure of help - desk service information on the ability of responsible agencies to manage of service - center responses to government employees' technical and administrative questions. - The consequences of unauthorized disclosure of most help desk service information - are likely to have only a limited adverse effect on agency operations, agency - assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: Information associated with service center responses can provide - useful information to adversaries seeking to penetrate Federal systems. If the - contents or functions of a system have sufficient sensitivity and/or criticality, a - moderate or high impact level may be considered for help desk information.
+The confidentiality impact level is the effect of unauthorized disclosure of help desk service information on the ability of responsible agencies to manage of service center responses to government employees' technical and administrative questions. The consequences of unauthorized disclosure of most help desk service information are likely to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Information associated with service center responses can provide useful information to adversaries seeking to penetrate Federal systems. If the contents or functions of a system have sufficient sensitivity and/or criticality, a moderate or high impact level may be considered for help desk information.
The provisional confidentiality impact level recommended for help desk service - information is low.
+The provisional confidentiality impact level recommended for help desk service information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to help - desk service information. Typically, disruption of access to help desk service - information will have a limited adverse effect on agency operations (including - mission functions and public confidence in the agency), agency assets, or - individuals. Special Factors Affecting Availability Impact Determination: Exceptions - may include emergency response components of disaster management or other - time-critical functions (e.g., some systems that support air traffic control - functions). Consequently, the availability impact level associated with unauthorized - modification or destruction of help desk service information needed to respond to - emergencies can be high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to help desk service information. Typically, disruption of access to help desk service information will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency response components of disaster management or other time-critical functions (e.g., some systems that support air traffic control functions). Consequently, the availability impact level associated with unauthorized modification or destruction of help desk service information needed to respond to emergencies can be high.
The provisional availability impact level recommended for help desk service - information is low.
+The provisional availability impact level recommended for help desk service information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In addition, the consequences of unauthorized modification to or - destruction of help desk service information usually depends on the urgency with - which the information is needed or the immediacy with which the information is used. - In most cases, it is unlikely that the information will be time-critical or acted - upon immediately. Special Factors Affecting Integrity Impact Determination: In - relatively few cases would the consequences of unauthorized modification of help - desk information that is acted upon immediately result in more than limited damage - to agency operations or assets. Exceptions may include bogus information regarding - operation of communications processors, data base systems, or other systems - necessary to emergency response aspects of disaster management, criminal - apprehension, air traffic control or other time-critical missions. In such cases, a - moderate or high integrity impact level might be considered for unauthorized - modification or destruction of help desk service information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In addition, the consequences of unauthorized modification to or destruction of help desk service information usually depends on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be time-critical or acted upon immediately. Special Factors Affecting Integrity Impact Determination: In relatively few cases would the consequences of unauthorized modification of help desk information that is acted upon immediately result in more than limited damage to agency operations or assets. Exceptions may include bogus information regarding operation of communications processors, data base systems, or other systems necessary to emergency response aspects of disaster management, criminal apprehension, + air traffic control or other time-critical missions. In such cases, a moderate or high integrity impact level might be considered for unauthorized modification or destruction of help desk service information.
he provisional integrity impact level recommended for help desk service information - is low.
+he provisional integrity impact level recommended for help desk service information is low.
Security Management involves the physical protection of an organization’s personnel, - assets, and facilities (including security clearance management). Impacts to some - information and information systems associated with security management may affect - the security of some critical infrastructure elements and key national assets (e.g., - nuclear power plants, dams, and other government facilities). Impact levels - associated with security information directly relate to the potential threat to - human life associated with the asset(s) being protected (e.g., consequences to the - public of terrorist access to dams or nuclear power plants).
+Security Management involves the physical protection of an organization’s personnel, assets, and facilities (including security clearance management). Impacts to some information and information systems associated with security management may affect the security of some critical infrastructure elements and key national assets (e.g., nuclear power plants, dams, and other government facilities). Impact levels associated with security information directly relate to the potential threat to human life associated with the asset(s) being protected (e.g., consequences to the public of terrorist access to dams or nuclear power plants).
The confidentiality impact level is the effect of unauthorized disclosure of security - management information on the ability of responsible organizations to physically - protect their personnel, assets, and facilities. The consequences of unauthorized - disclosure of most security management information depend on the likelihood that the - information might jeopardize the physical security of an organization’s assets and - the value, and potential for damage of the assets being protected. Information - associated with the physical security of many Federal government office buildings, - transportation fleets, and operational facilities can be of material use to - criminals seeking to gain access to Federal facilities in order to perpetrate a - major crime (e.g., extraction of inmates from Federal detention facilities, theft of - commodities market projections, access to information associated with a felony - criminal investigation or prosecution, theft of blank license issuing facilities - and/or materials, access to competition-sensitive information associated with major - procurements, undetected access to national archives or museum properties, access to - currency printing facilities or materials, theft of major currency or bullion - storage facilities). In such cases, unauthorized disclosure of information can have - a serious adverse effect on agency operations, agency assets, or individuals. - Unauthorized disclosure of one agency’s security management information by another - agency could result in negative impacts on cross-jurisdictional coordination within - the security management infrastructure and the general effectiveness of - organizations tasked with physical protection of Federal facilities. The - consequences of physical protection failures at most Federal facilities are more - likely to result in serious21 adverse effects. Special Factors Affecting - Confidentiality Impact Determination: Information associated with security - management at other Federal government office buildings, transportation fleets, and - operational facilities can be of material use to terrorists seeking to penetrate - and/or commandeer such facilities as part of operations intended to harm critical - infrastructures, key national assets, or people. Examples of more potentially - damaging information includes information that reveals specific measures for - protecting government aircraft, information that might permit access that creates an - opportunity to bomb a government building (e.g., Congressional office buildings, FBI - Headquarters, the National Archives, Smithsonian Institution buildings, dams, - nuclear power plants, etc.), and leadership protection details that could result in - assassination opportunities. In these cases, the confidentiality impact must be - high. Unauthorized disclosure of security management information that can be - reasonably expected to pose a serious threat to human life (including those of - security guards) must also be assigned a high confidentiality impact. [Security - management information associated with some Federal government assets is classified. - The classified information is national security related and is outside the scope of - this guideline.] Other security management information, such as that affecting - Nuclear Regulatory Commission “SAFEGUARDS” or Internal Revenue Service “Limited For - Official Use Only” information is not national security information, but must be - treated as having high confidentiality impact.
-The confidentiality impact level recommended for most security management information - is moderate.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - security management information. Functions supported by most security management - information are tolerant of delays. Typically, disruption of access to security - management information will have a limited adverse effect on agency operations - (including mission functions and public confidence in the agency), agency assets, or - individuals. Special Factors Affecting Availability Impact Determination: Exceptions - may include alarm and alert communications and interconnections for security - management systems and automated control systems that support security management - processes (e.g., door and gate operations in buildings to which access is limited - such as detention facilities and many Federal office buildings For these exceptions, - the data is time-critical. The availability impact level associated with - unauthorized modification or destruction of such alarm, alert, and automated process - security management information may be high.
-The provisional availability impact level recommended for security management - information is low.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - security management information may depend on the urgency with which the information - is needed or the immediacy with which the information is used. In cases of intrusion - indications, security management information can be time-critical. The consequences - of unauthorized modification or destruction of time-critical security management - information can reasonably be expected to result in physical security - vulnerabilities. The range of potential consequences is covered above in - Confidentiality.
-The provisional integrity impact level recommended for most security management - information is moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of security management information on the ability of responsible organizations to physically protect their personnel, assets, and facilities. The consequences of unauthorized disclosure of most security management information depend on the likelihood that the information might jeopardize the physical security of an organization’s assets and the value, and potential for damage of the assets being protected. Information associated with the physical security of many Federal government office buildings, transportation fleets, and operational facilities can be of material use to criminals seeking to gain access to Federal facilities in order to perpetrate a major crime (e.g., extraction of inmates from Federal detention facilities, theft of commodities market projections, access to information associated with a felony criminal investigation or prosecution, theft of blank license issuing facilities + and/or materials, access to competition-sensitive information associated with major procurements, undetected access to national archives or museum properties, access to currency printing facilities or materials, theft of major currency or bullion storage facilities). In such cases, unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, or individuals. Unauthorized disclosure of one agency’s security management information by another agency could result in negative impacts on cross-jurisdictional coordination within the security management infrastructure and the general effectiveness of organizations tasked with physical protection of Federal facilities. The consequences of physical protection failures at most Federal facilities are more likely to result in serious21 adverse effects. Special Factors Affecting Confidentiality Impact Determination: Information associated with security management at other Federal + government office buildings, transportation fleets, and operational facilities can be of material use to terrorists seeking to penetrate and/or commandeer such facilities as part of operations intended to harm critical infrastructures, key national assets, or people. Examples of more potentially damaging information includes information that reveals specific measures for protecting government aircraft, information that might permit access that creates an opportunity to bomb a government building (e.g., Congressional office buildings, FBI Headquarters, the National Archives, Smithsonian Institution buildings, dams, nuclear power plants, etc.), and leadership protection details that could result in assassination opportunities. In these cases, the confidentiality impact must be high. Unauthorized disclosure of security management information that can be reasonably expected to pose a serious threat to human life (including those of security guards) must also be assigned a + high confidentiality impact. [Security management information associated with some Federal government assets is classified. The classified information is national security related and is outside the scope of this guideline.] Other security management information, such as that affecting Nuclear Regulatory Commission “SAFEGUARDS” or Internal Revenue Service “Limited For Official Use Only” information is not national security information, but must be treated as having high confidentiality impact.
+ +The confidentiality impact level recommended for most security management information is moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the security management information. Functions supported by most security management information are tolerant of delays. Typically, disruption of access to security management information will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include alarm and alert communications and interconnections for security management systems and automated control systems that support security management processes (e.g., door and gate operations in buildings to which access is limited such as detention facilities and many Federal office buildings For these exceptions, the data is time-critical. The availability impact level associated with unauthorized + modification or destruction of such alarm, alert, and automated process security management information may be high.
+The provisional availability impact level recommended for security management information is low.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of security management information may depend on the urgency with which the information is needed or the immediacy with which the information is used. In cases of intrusion indications, security management information can be time-critical. The consequences of unauthorized modification or destruction of time-critical security management information can reasonably be expected to result in physical security vulnerabilities. The range of potential consequences is covered above in Confidentiality.
+The provisional integrity impact level recommended for most security management information is moderate.
Travel involves the activities associated with planning, preparing, and monitoring of - business related travel for an organization’s employees.
+Travel involves the activities associated with planning, preparing, and monitoring of business related travel for an organization’s employees.
The confidentiality impact level is the effect of unauthorized disclosure of travel - information on the abilities of responsible agencies to plan, prepare, and monitor - business related travel for the organization’s employees. Generally, the - consequences of unauthorized disclosure of the majority of travel information will - result in a limited adverse effect on agency operations, agency assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: - Unauthorized disclosure of employee identification information coupled with credit - information (e.g., name, social security number, credit card number) can result in - moderate to serious consequences for individuals and local organizations. The - Privacy Act Information provisional impact levels are documented in the Personal - Identity and Authentication information type. Unauthorized disclosure of information - concerning carrier/provider contract negotiations can have significant financial or - legal consequences and put an agency at a serious disadvantage. Also, severe - consequences may result from unauthorized disclosure of information regarding - leadership travel plans that might jeopardize personnel security or the - confidentiality of sensitive operations plans. In the most sensitive cases, the - confidentiality impact level may be high.
+The confidentiality impact level is the effect of unauthorized disclosure of travel information on the abilities of responsible agencies to plan, prepare, and monitor business related travel for the organization’s employees. Generally, the consequences of unauthorized disclosure of the majority of travel information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of employee identification information coupled with credit information (e.g., name, social security number, credit card number) can result in moderate to serious consequences for individuals and local organizations. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Unauthorized disclosure of information concerning carrier/provider contract negotiations can have significant financial or legal + consequences and put an agency at a serious disadvantage. Also, severe consequences may result from unauthorized disclosure of information regarding leadership travel plans that might jeopardize personnel security or the confidentiality of sensitive operations plans. In the most sensitive cases, the confidentiality impact level may be high.
The provisional confidentiality impact level recommended for travel information is - low.
+The provisional confidentiality impact level recommended for travel information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - travel information. The nature of travel processes is usually tolerant of reasonable - delays, at least on the agency mission scale.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the travel information. The nature of travel processes is usually tolerant of reasonable delays, at least on the agency mission scale.
The provisional availability impact level recommended for travel information is - low.
+The provisional availability impact level recommended for travel information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of travel - information partially depends on the urgency with which the information is normally - needed and the consequences of aborted or modified travel. In the case of travel - planning information, the effects of such modifications are generally limited with - respect to agency mission capabilities or assets. There may be scenarios in which - integrity compromise of travel information may expose Federal leadership to harm or - endanger a sensitive or critical operation. However, most such scenarios are dealt - with in the context of impacts to mission operations information (Appendix D).
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of travel information partially depends on the urgency with which the information is normally needed and the consequences of aborted or modified travel. In the case of travel planning information, the effects of such modifications are generally limited with respect to agency mission capabilities or assets. There may be scenarios in which integrity compromise of travel information may expose Federal leadership to harm or endanger a sensitive or critical operation. However, most such scenarios are dealt with in the context of impacts to mission operations information (Appendix D).
The provisional integrity impact level recommended for travel information is low.
@@ -3377,9 +1678,7 @@Workplace policy development and management includes all activities required to - develop and disseminate workplace policies such as dress codes, time reporting - requirements, telecommuting, etc.
+Workplace policy development and management includes all activities required to develop and disseminate workplace policies such as dress codes, time reporting requirements, telecommuting, etc.
The confidentiality impact level is the effect of unauthorized disclosure of - workplace policy development and management information on the abilities of - responsible agencies to develop and disseminate workplace policies such as dress - codes, time reporting requirements, and telecommuting. The consequences of - unauthorized disclosure of the majority of workplace policy development and - management information will result in a limited adverse effect on agency operations, - agency assets, or individuals.
+The confidentiality impact level is the effect of unauthorized disclosure of workplace policy development and management information on the abilities of responsible agencies to develop and disseminate workplace policies such as dress codes, time reporting requirements, and telecommuting. The consequences of unauthorized disclosure of the majority of workplace policy development and management information will result in a limited adverse effect on agency operations, agency assets, or individuals.
The provisional confidentiality impact level recommended for workplace policy - development and management information is low.
+The provisional confidentiality impact level recommended for workplace policy development and management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - workplace policy development and management information. Generally, workplace policy - development and management processes are tolerant of reasonable delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the workplace policy development and management information. Generally, workplace policy development and management processes are tolerant of reasonable delays.
The provisional availability impact level recommended for workplace policy - development and management information is low.
+The provisional availability impact level recommended for workplace policy development and management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification to or destruction of - workplace policy development and management information depends primarily on the - criticality of the information with respect to agency mission capability, protection - of agency assets, and safety of individuals. Typically, the effects of modification - or deletion of this information are generally limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification to or destruction of workplace policy development and management information depends primarily on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. Typically, the effects of modification or deletion of this information are generally limited.
The provisional integrity impact level recommended for workplace policy development - and management information is low.
+The provisional integrity impact level recommended for workplace policy development and management information is low.
Assets and Liability Management provide accounting support for the management of - assets and liabilities of the Federal government. Assets and liability management - activities measure the total cost and revenue of Federal programs, and their various - elements, activities and outputs. Assets and liability management is essential for - providing accurate program measurement information, performance measures, and - financial statements with verifiable reporting of the cost of activities.
+Assets and Liability Management provide accounting support for the management of assets and liabilities of the Federal government. Assets and liability management activities measure the total cost and revenue of Federal programs, and their various elements, activities and outputs. Assets and liability management is essential for providing accurate program measurement information, performance measures, and financial statements with verifiable reporting of the cost of activities.
The confidentiality impact level is the effect of unauthorized disclosure of assets - and liability management information on the ability of responsible agencies to - provide accounting support for the management of assets and liabilities of the - Federal government. Generally, the unauthorized disclosure of assets and liability - management information will have only a limited adverse effect on agency operations, - assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: Unauthorized disclosure of some asset and liability management - information for programs that process high-impact information can assist some - criminals to evade enforcement activities. Examples range from tax evasion resulting - from unauthorized disclosure of information regarding audit budgets to unauthorized - disclosure of budget details for specific border control, antiterrorism, or witness - protection expenditures. Where actions taken based on unauthorized disclosure of - assets and liability management details pose a threat to human life or a loss of - major assets, the confidentiality impact is high.
+The confidentiality impact level is the effect of unauthorized disclosure of assets and liability management information on the ability of responsible agencies to provide accounting support for the management of assets and liabilities of the Federal government. Generally, the unauthorized disclosure of assets and liability management information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some asset and liability management information for programs that process high-impact information can assist some criminals to evade enforcement activities. Examples range from tax evasion resulting from unauthorized disclosure of information regarding audit budgets to unauthorized disclosure of budget details for specific border control, antiterrorism, or witness protection expenditures. Where actions taken based on unauthorized disclosure of assets and + liability management details pose a threat to human life or a loss of major assets, the confidentiality impact is high.
The recommended provisional confidentiality impact level for assets and liability - management information is low.
+The recommended provisional confidentiality impact level for assets and liability management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - assets and liability management information. Assets and liability management - processes are generally tolerant of delay. Typically, disruption of access to assets - and liability management information can be expected to have only a limited adverse - effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the assets and liability management information. Assets and liability management processes are generally tolerant of delay. Typically, disruption of access to assets and liability management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for assets and liability - management information is low.
+The provisional availability impact level recommended for assets and liability management information is low.
The accuracy of assets and liability management information is essential to providing - accurate program measurement information, performance measures, and financial - statements with verifiable reporting of the cost of activities. The integrity impact - level is based on the specific mission and the data supporting that mission, not on - the time required to detect the modification or destruction of information. Also, - the consequences of unauthorized modification or destruction of assets and liability - management information may depend on the urgency with which the information is - needed. Assets and liability management activities are not generally time-critical - and a compromise would have only limited adverse effects on agency operations, - agency assets, or individuals. Special Factors Affecting Integrity Impact - Determination: If reports based on modified or incomplete information are - circulated, the adverse effect on mission functions and public confidence in the - agency can be serious. In such cases, the integrity impact would be moderate.
+The accuracy of assets and liability management information is essential to providing accurate program measurement information, performance measures, and financial statements with verifiable reporting of the cost of activities. The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Also, the consequences of unauthorized modification or destruction of assets and liability management information may depend on the urgency with which the information is needed. Assets and liability management activities are not generally time-critical and a compromise would have only limited adverse effects on agency operations, agency assets, or individuals. Special Factors Affecting Integrity Impact Determination: If reports based on modified or incomplete information are circulated, the adverse effect on mission functions and public confidence in the agency can be + serious. In such cases, the integrity impact would be moderate.
The provisional integrity impact level recommended for assets and liability - management information is low.
+The provisional integrity impact level recommended for assets and liability management information is low.
Reporting and Information includes providing financial information, reporting and - analysis of financial transactions. Financial reporting includes the activities - necessary to support: management’s fiduciary role; budget formulation and execution - functions; fiscal management of program delivery and program decision making; and - internal and external reporting requirements.
+Reporting and Information includes providing financial information, reporting and analysis of financial transactions. Financial reporting includes the activities necessary to support: management’s fiduciary role; budget formulation and execution functions; fiscal management of program delivery and program decision making; and internal and external reporting requirements.
The confidentiality impact level is the effect of unauthorized disclosure of - financial reporting information on an agency’s ability to provide financial - information and reporting and analysis of financial transactions. Typically, the - unauthorized disclosure of financial reporting information will have only a limited - adverse effect on agency operations, assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: Unauthorized disclosure of financial - reporting information for programs that process high-impact information can give - adversaries damaging insights into details of agency plans, priorities, and - operations. In relatively rare cases, actions taken based on unauthorized disclosure - of financial reporting details pose a threat to human life or a loss of major - assets, so the confidentiality impact is high.
+The confidentiality impact level is the effect of unauthorized disclosure of financial reporting information on an agency’s ability to provide financial information and reporting and analysis of financial transactions. Typically, the unauthorized disclosure of financial reporting information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of financial reporting information for programs that process high-impact information can give adversaries damaging insights into details of agency plans, priorities, and operations. In relatively rare cases, actions taken based on unauthorized disclosure of financial reporting details pose a threat to human life or a loss of major assets, so the confidentiality impact is high.
The provisional confidentiality impact level recommended for reporting and - information is low.
+The provisional confidentiality impact level recommended for reporting and information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - assets and liability management information. Financial reporting processes are - generally tolerant of delay. Typically, disruption of access to financial reporting - information can be expected to have only a limited adverse effect on agency - operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the assets and liability management information. Financial reporting processes are generally tolerant of delay. Typically, disruption of access to financial reporting information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact recommended for reporting and information is - low.
+The provisional availability impact recommended for reporting and information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Financial reporting activities are not generally time-critical. Many - integrity compromises would result in limited adverse effects on agency operations, - agency assets, or individuals. If planning documents, proposals, or reports based on - modified or incomplete information are circulated; the adverse effect on mission - functions or public confidence in the agency can be serious. In most cases, serious - adverse effects on agency operations, agency assets, or individuals can be expected. - The extensive audit and investigative actions that often follow discovery of an - agency’s use of falsified financial reports or omission of financial reporting data - can place the agency at a significant disadvantage.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Financial reporting activities are not generally time-critical. Many integrity compromises would result in limited adverse effects on agency operations, agency assets, or individuals. If planning documents, proposals, or reports based on modified or incomplete information are circulated; the adverse effect on mission functions or public confidence in the agency can be serious. In most cases, serious adverse effects on agency operations, agency assets, or individuals can be expected. The extensive audit and investigative actions that often follow discovery of an agency’s use of falsified financial reports or omission of financial reporting data can place the agency at a significant disadvantage.
The provisional integrity impact level recommended for reporting and information is - moderate.
+The provisional integrity impact level recommended for reporting and information is moderate.
Funds Control includes the management of the Federal budget process including the - development of plans and programs, budgets, and performance outputs as well as - financing Federal programs and operations through appropriation and apportionment of - direct and reimbursable spending authority, fund transfers, investments and other - financing mechanisms. Funds control management includes the establishment of a - system for ensuring an organization does not obligate or disburse funds in excess of - those appropriated or authorized.
+Funds Control includes the management of the Federal budget process including the development of plans and programs, budgets, and performance outputs as well as financing Federal programs and operations through appropriation and apportionment of direct and reimbursable spending authority, fund transfers, investments and other financing mechanisms. Funds control management includes the establishment of a system for ensuring an organization does not obligate or disburse funds in excess of those appropriated or authorized.
The confidentiality impact level is the effect of unauthorized disclosure of funds - control information on the ability of responsible agencies to develop plans and - programs, budgets, and performance outputs and outcomes; and to finance Federal - programs and operations through appropriation and apportionment of direct and - reimbursable spending authority, fund transfers, investments and other financing - mechanisms. In general, unauthorized disclosure of funds control information, - particularly of budget allocations for specific programs or program elements, can be - seriously detrimental to government interests in procurement processes. In many - instances, such unauthorized disclosure is prohibited by executive order or by law - (e.g., Federal Acquisition Regulation). Premature release of draft funds control - information can yield advantages to competing interests and seriously endanger - agency operations – or even agency mission. Special Factors Affecting - Confidentiality Impact Determination: Unauthorized disclosure of funds control - information for programs that process classified or high-impact information can give - adversaries damaging insights into details of agency plans, priorities, and - operations. (Classified programs and systems are outside the scope of this - guideline.) In rare cases, actions taken based on unauthorized disclosure of funds - control details can pose a threat to human life or a loss of major assets, so the - confidentiality impact would be high.
+The confidentiality impact level is the effect of unauthorized disclosure of funds control information on the ability of responsible agencies to develop plans and programs, budgets, and performance outputs and outcomes; and to finance Federal programs and operations through appropriation and apportionment of direct and reimbursable spending authority, fund transfers, investments and other financing mechanisms. In general, unauthorized disclosure of funds control information, particularly of budget allocations for specific programs or program elements, can be seriously detrimental to government interests in procurement processes. In many instances, such unauthorized disclosure is prohibited by executive order or by law (e.g., Federal Acquisition Regulation). Premature release of draft funds control information can yield advantages to competing interests and seriously endanger agency operations – or even agency mission. Special Factors Affecting Confidentiality Impact + Determination: Unauthorized disclosure of funds control information for programs that process classified or high-impact information can give adversaries damaging insights into details of agency plans, priorities, and operations. (Classified programs and systems are outside the scope of this guideline.) In rare cases, actions taken based on unauthorized disclosure of funds control details can pose a threat to human life or a loss of major assets, so the confidentiality impact would be high.
While, in many cases, unauthorized disclosure of funds control information will have - only a limited adverse effect on agency operations, assets, or individuals, the - potential for serious harm is such that the provisional confidentiality impact level - recommended for funds control information is moderate.
+While, in many cases, unauthorized disclosure of funds control information will have only a limited adverse effect on agency operations, assets, or individuals, the potential for serious harm is such that the provisional confidentiality impact level recommended for funds control information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - funds control information. Funds control processes are generally tolerant of delay. - Typically, disruption of access to funds control information can be expected to have - only a limited adverse effect on agency operations, agency assets, or - individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the funds control information. Funds control processes are generally tolerant of delay. Typically, disruption of access to funds control information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for funds control information - is low. C.3.2.4 Accounting Information Type
+The provisional availability impact level recommended for funds control information is low. C.3.2.4 Accounting Information Type
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Funds control activities are not generally time-critical. An - accumulation of small changes to data or deletion of small entries can result in - budget shortfalls or cases of excessive obligations or disbursements.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Funds control activities are not generally time-critical. An accumulation of small changes to data or deletion of small entries can result in budget shortfalls or cases of excessive obligations or disbursements.
In most cases, the adverse effects of consequent negative publicity on mission - functions, image or public confidence in the agency can be serious. Therefore, the - provisional integrity impact level recommended for funds control information is - moderate.
+In most cases, the adverse effects of consequent negative publicity on mission functions, image or public confidence in the agency can be serious. Therefore, the provisional integrity impact level recommended for funds control information is moderate.
Accounting entails accounting for assets, liabilities, fund balances, revenues and - expenses associated with the maintenance of Federal funds and expenditure of Federal - appropriations (Salaries and Expenses, Operation and Maintenance, Procurement, - Working Capital, Trust Funds, etc.), in accordance with applicable Federal standards - (FASAB, Treasury, OMB, GAO, etc.).
+Accounting entails accounting for assets, liabilities, fund balances, revenues and expenses associated with the maintenance of Federal funds and expenditure of Federal appropriations (Salaries and Expenses, Operation and Maintenance, Procurement, Working Capital, Trust Funds, etc.), in accordance with applicable Federal standards (FASAB, Treasury, OMB, GAO, etc.).
The confidentiality impact level is the effect of unauthorized disclosure of - accounting information on the abilities of government agencies to maintain Federal - funds and expenditure of Federal appropriations in accordance with applicable - Federal standards. Unauthorized disclosure of accounting information for programs - that process classified or high-impact information can give adversaries damaging - insights into details of agency plans, priorities, and operations. In most cases, - unauthorized disclosure of accounting information will have only a limited adverse - effect on agency operations, assets, or individuals. (Classified programs and - systems are outside the scope of this guideline.) Special Factors Affecting - Confidentiality Impact Determination: In relatively rare cases, actions taken based - on unauthorized disclosure of accounting details can pose a threat to human life or - a loss of major assets, so the confidentiality impact would be high. In some cases, - unauthorized disclosure of accounting information can violate proprietary - information or other non-disclosure agreements. In such cases, the government may - suffer not only a loss of public confidence, but may become vulnerable to legal - actions. Where sensitive or proprietary information is involved, the impact of - unauthorized disclosure is likely to be moderate. Where the accounting information - is involved in an audit associated with suspected fraud or other criminal - activities, the investigation may be imperiled. Here too, the impact of unauthorized - disclosure is likely to be moderate.
-The provisional confidentiality impact level recommended for accounting information - is low.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - accounting information. Accounting processes are generally tolerant of delay. - Typically, disruption of access to accounting information can be expected to have - only a limited adverse effect on agency operations, agency assets, or - individuals.
-The provisional availability impact level recommended for accounting information is - low.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Accounting activities are not generally time-critical. An accumulation - of small changes to data or deletion of small entries can result in cost overruns - and other cases of excessive obligations or disbursements. In most cases, the - adverse effects of consequent negative publicity and institution of corrective - action programs on mission functions and public confidence in the agency can be - serious. Special Factors Affecting Integrity Impact Determination: In some cases, - undetected integrity compromises can be extremely expensive to the government and - its employees in terms of both monetary losses and loss of reputation.
-The provisional integrity impact level recommended for accounting information is - moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of accounting information on the abilities of government agencies to maintain Federal funds and expenditure of Federal appropriations in accordance with applicable Federal standards. Unauthorized disclosure of accounting information for programs that process classified or high-impact information can give adversaries damaging insights into details of agency plans, priorities, and operations. In most cases, unauthorized disclosure of accounting information will have only a limited adverse effect on agency operations, assets, or individuals. (Classified programs and systems are outside the scope of this guideline.) Special Factors Affecting Confidentiality Impact Determination: In relatively rare cases, actions taken based on unauthorized disclosure of accounting details can pose a threat to human life or a loss of major assets, so the confidentiality impact would be high. In some cases, unauthorized + disclosure of accounting information can violate proprietary information or other non-disclosure agreements. In such cases, the government may suffer not only a loss of public confidence, but may become vulnerable to legal actions. Where sensitive or proprietary information is involved, the impact of unauthorized disclosure is likely to be moderate. Where the accounting information is involved in an audit associated with suspected fraud or other criminal activities, the investigation may be imperiled. Here too, the impact of unauthorized disclosure is likely to be moderate.
+ +The provisional confidentiality impact level recommended for accounting information is low.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the accounting information. Accounting processes are generally tolerant of delay. Typically, disruption of access to accounting information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
+The provisional availability impact level recommended for accounting information is low.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Accounting activities are not generally time-critical. An accumulation of small changes to data or deletion of small entries can result in cost overruns and other cases of excessive obligations or disbursements. In most cases, the adverse effects of consequent negative publicity and institution of corrective action programs on mission functions and public confidence in the agency can be serious. Special Factors Affecting Integrity Impact Determination: In some cases, undetected integrity compromises can be extremely expensive to the government and its employees in terms of both monetary losses and loss of reputation.
+The provisional integrity impact level recommended for accounting information is moderate.
Payments include disbursements of Federal funds, via a variety of mechanisms, to - Federal and private individuals, Federal agencies, state, local and international - Governments, and the private sector, to effect payment for goods and services, or - distribute entitlements, benefits, grants, subsidies, loans, or claims. Payment - management provides appropriate control over all payments made by or on behalf of an - organization, including but not limited to payments made to: vendors in accordance - with contracts, purchase orders and other obligating documents; state governments - under a variety of programs; employees for salaries and expense reimbursements; - other Federal agencies for reimbursable work performed; individual citizens - receiving Federal benefits; and recipients of Federal loans.
+Payments include disbursements of Federal funds, via a variety of mechanisms, to Federal and private individuals, Federal agencies, state, local and international Governments, and the private sector, to effect payment for goods and services, or distribute entitlements, benefits, grants, subsidies, loans, or claims. Payment management provides appropriate control over all payments made by or on behalf of an organization, including but not limited to payments made to: vendors in accordance with contracts, purchase orders and other obligating documents; state governments under a variety of programs; employees for salaries and expense reimbursements; other Federal agencies for reimbursable work performed; individual citizens receiving Federal benefits; and recipients of Federal loans.
The confidentiality impact level is the effect of unauthorized disclosure of payments - information on the ability of responsible agencies to provide appropriate control - over all payments made by or on behalf of an organization. In most cases, - unauthorized disclosure of payments information will have only a limited adverse - effect on agency operations, assets, or individuals. Special Factors Affecting - Confidentiality Impact Determination: Payment information typically includes - information needed for electronic payments such as bank account numbers. - Unauthorized access to this type of information could result in significant - financial loss for both the Federal government and its payees. Where payment - activities are part of an agency’s service delivery mission (e.g., payment of - benefits), Privacy Act information and other information subject to statutory or - regulatory dissemination controls must appear in the payment vehicles (e.g., name - and social security number on check records). (The provisional impact levels for - personnel information are documented in the Personal Identity and Authentication, - Income, Representative Payee, and Entitlement Event information types.) In such - cases, the confidentiality impact level can be at least moderate. (See C.2.8.8.)
+The confidentiality impact level is the effect of unauthorized disclosure of payments information on the ability of responsible agencies to provide appropriate control over all payments made by or on behalf of an organization. In most cases, unauthorized disclosure of payments information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Payment information typically includes information needed for electronic payments such as bank account numbers. Unauthorized access to this type of information could result in significant financial loss for both the Federal government and its payees. Where payment activities are part of an agency’s service delivery mission (e.g., payment of benefits), Privacy Act information and other information subject to statutory or regulatory dissemination controls must appear in the payment vehicles (e.g., name and social security number on check + records). (The provisional impact levels for personnel information are documented in the Personal Identity and Authentication, Income, Representative Payee, and Entitlement Event information types.) In such cases, the confidentiality impact level can be at least moderate. (See C.2.8.8.)
The provisional confidentiality impact level recommended for payments information is - low.
+The provisional confidentiality impact level recommended for payments information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - payments information. Payment processes are generally tolerant of delay. Typically, - disruption of access to payments information can be expected to have only a limited - adverse effect on agency operations, agency assets, or individuals. Special Factors - Affecting Availability Impact Determination: Where payment activities are part of an - agency’s service delivery mission (e.g., payment of benefits), the consequences of - loss of information availability that result in failure of payments to go to the - appropriate entity can range from minor to life-threatening. In such cases, the - availability impact level can be moderate or high. (See C.2.8.11.)
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the payments information. Payment processes are generally tolerant of delay. Typically, disruption of access to payments information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Where payment activities are part of an agency’s service delivery mission (e.g., payment of benefits), the consequences of loss of information availability that result in failure of payments to go to the appropriate entity can range from minor to life-threatening. In such cases, the availability impact level can be moderate or high. (See C.2.8.11.)
For most Federal government payment systems, the provisional availability impact - level recommended for payments information is low.
+For most Federal government payment systems, the provisional availability impact level recommended for payments information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Payments activities are not generally time-critical. An accumulation of - small changes to data or deletion of small entries can result in cost overruns and - other cases of excessive disbursements. In most cases, the adverse effects of - consequent negative publicity and institution of corrective action programs on - mission functions or public confidence in the agency can be serious. Special Factors - Affecting Integrity Impact Determination: Where payment activities are part of an - agency’s service delivery mission (e.g., payment of benefits), the consequences of - integrity compromises that result in failure of payments to go to the appropriate - entity can range from minor to life-threatening. In such cases, the availability - impact level can be high. (See C.2.8.11.)
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Payments activities are not generally time-critical. An accumulation of small changes to data or deletion of small entries can result in cost overruns and other cases of excessive disbursements. In most cases, the adverse effects of consequent negative publicity and institution of corrective action programs on mission functions or public confidence in the agency can be serious. Special Factors Affecting Integrity Impact Determination: Where payment activities are part of an agency’s service delivery mission (e.g., payment of benefits), the consequences of integrity compromises that result in failure of payments to go to the appropriate entity can range from minor to life-threatening. In such cases, the availability impact level can be high. (See C.2.8.11.)
For most Federal government payment systems, the provisional integrity impact level - recommended for payments information is moderate.
+For most Federal government payment systems, the provisional integrity impact level recommended for payments information is moderate.
Collections and Receivables include deposits, fund transfers, and receipts for sales - or service. Receivable management supports activities associated with recognizing - and recording debts due to the Government, performing follow-up actions to collect - on these debts, and recording cash receipts.
+Collections and Receivables include deposits, fund transfers, and receipts for sales or service. Receivable management supports activities associated with recognizing and recording debts due to the Government, performing follow-up actions to collect on these debts, and recording cash receipts.
The confidentiality impact level is the effect of unauthorized disclosure of - collections and receivables information on the ability of responsible agencies to - recognize and record debts due to the Government, perform follow-up actions to - collect on these debts, and record cash receipts. In most cases, unauthorized - disclosure of receivable management information will have only a limited adverse - effect on agency operations, assets, or individuals.
+The confidentiality impact level is the effect of unauthorized disclosure of collections and receivables information on the ability of responsible agencies to recognize and record debts due to the Government, perform follow-up actions to collect on these debts, and record cash receipts. In most cases, unauthorized disclosure of receivable management information will have only a limited adverse effect on agency operations, assets, or individuals.
The provisional confidentiality impact level recommended for collections and - receivables information is low.
+The provisional confidentiality impact level recommended for collections and receivables information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - collections and receivables information. Collections and receivables processes are - generally tolerant of delay. Typically, disruption of access to collections and - receivables information can be expected to have only a limited adverse effect on - agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the collections and receivables information. Collections and receivables processes are generally tolerant of delay. Typically, disruption of access to collections and receivables information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for collections and receivables - information is low.
+The provisional availability impact level recommended for collections and receivables information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. An accumulation of small changes to data or deletion of small entries - can result in revenue shortfalls. In most cases, the adverse effects of consequent - negative publicity and institution of corrective action programs on mission - functions or public confidence in the agency can be serious.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. An accumulation of small changes to data or deletion of small entries can result in revenue shortfalls. In most cases, the adverse effects of consequent negative publicity and institution of corrective action programs on mission functions or public confidence in the agency can be serious.
The provisional integrity impact recommended for collections and receivables - information is moderate.
+The provisional integrity impact recommended for collections and receivables information is moderate.
Cost Accounting / Performance Measurement is the process of accumulating, measuring, - analyzing, interpreting, and reporting cost information useful to both internal and - external groups concerned with the way in which an organization uses, accounts for, - safeguards, and controls its resources to meet its objectives. Cost accounting - information is necessary in establishing strategic goals, measuring service efforts - and accomplishments, and relating efforts to accomplishments. Also, cost accounting, - financial accounting, and budgetary accounting all draw information from common data - sources.
+Cost Accounting / Performance Measurement is the process of accumulating, measuring, analyzing, interpreting, and reporting cost information useful to both internal and external groups concerned with the way in which an organization uses, accounts for, safeguards, and controls its resources to meet its objectives. Cost accounting information is necessary in establishing strategic goals, measuring service efforts and accomplishments, and relating efforts to accomplishments. Also, cost accounting, financial accounting, and budgetary accounting all draw information from common data sources.
The confidentiality impact level is the effect of unauthorized disclosure of cost - accounting / performance measurement information on the ability of responsible - agencies to process accumulating, measuring, analyzing, interpreting, and reporting - cost information useful to both internal and external groups concerned with the way - in which an organization uses, accounts for, safeguards, and controls its resources - to meet its objectives, and will have only a limited adverse effect on agency - operations, assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: In some cases, unauthorized disclosure of cost accounting / - performance measurement information can violate proprietary information or other - non-disclosure agreements. In such cases, the government may suffer not only a loss - of public confidence, but may become vulnerable to legal actions. Where sensitive or - proprietary information is involved, the impact of unauthorized disclosure is likely - to be moderate. Where the cost accounting information is involved in an audit - associated with suspected fraud or other criminal activities, the investigation may - be imperiled. Here too, the impact of unauthorized disclosure is likely to be - moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of cost accounting / performance measurement information on the ability of responsible agencies to process accumulating, measuring, analyzing, interpreting, and reporting cost information useful to both internal and external groups concerned with the way in which an organization uses, accounts for, safeguards, and controls its resources to meet its objectives, and will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, unauthorized disclosure of cost accounting / performance measurement information can violate proprietary information or other non-disclosure agreements. In such cases, the government may suffer not only a loss of public confidence, but may become vulnerable to legal actions. Where sensitive or proprietary information is involved, the impact of unauthorized disclosure is likely + to be moderate. Where the cost accounting information is involved in an audit associated with suspected fraud or other criminal activities, the investigation may be imperiled. Here too, the impact of unauthorized disclosure is likely to be moderate.
The provisional confidentiality impact level recommended for cost accounting / - performance measurement information is low.
+The provisional confidentiality impact level recommended for cost accounting / performance measurement information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to cost - accounting / performance measurement information. Cost accounting / performance - measurement processes are generally tolerant of delay. Typically, disruption of - access to cost accounting / performance measurement information can be expected to - have only a limited adverse effect on agency operations, agency assets, or - individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to cost accounting / performance measurement information. Cost accounting / performance measurement processes are generally tolerant of delay. Typically, disruption of access to cost accounting / performance measurement information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for cost accounting / - performance measurement information is low.
+The provisional availability impact level recommended for cost accounting / performance measurement information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In most cases, the adverse effects of consequent negative publicity and - institution of corrective action programs on mission functions or public confidence - in the agency can be serious.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effects of consequent negative publicity and institution of corrective action programs on mission functions or public confidence in the agency can be serious.
The provisional integrity impact level recommended for cost accounting / performance - measurement information is moderate.
+The provisional integrity impact level recommended for cost accounting / performance measurement information is moderate.
HR Strategy develops effective human capital management strategies to ensure federal - organizations are able to recruit, select, develop, train, and manage a - high-quality, productive workforce in accordance with merit system principles. This - sub-function includes: conducting both internal and external environmental scans; - developing human resources and human capital strategies and plans; establishing - human resources policy and practices; managing current and future workforce - competencies; developing workforce plans; developing succession plans; managing the - human resources budget; providing human resources and human capital consultative - support; and measuring and improving human resources performance.
+HR Strategy develops effective human capital management strategies to ensure federal organizations are able to recruit, select, develop, train, and manage a high-quality, productive workforce in accordance with merit system principles. This sub-function includes: conducting both internal and external environmental scans; developing human resources and human capital strategies and plans; establishing human resources policy and practices; managing current and future workforce competencies; developing workforce plans; developing succession plans; managing the human resources budget; providing human resources and human capital consultative support; and measuring and improving human resources performance.
The confidentiality impact level is the effect of unauthorized disclosure of HR - strategy information on the ability of responsible agencies to develop effective - human capital management strategies to ensure federal organizations are able to - recruit, select, develop, train, and manage a high-quality, productive workforce in - accordance with merit system principles, and will have only a limited adverse effect - on agency operations, assets, or individuals. The consequences of unauthorized - disclosure of the majority of HR strategy information will result in a limited - adverse effect on agency operations, agency assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: Where more sensitive information is - involved, it will probably be personal information subject to the Privacy Act of - 1974, the Health Insurance Portability and Accountability Act of 1996, or other laws - and executive orders affecting the dissemination of information regarding - individuals. In such cases, the consequences of unauthorized disclosure of HR - strategy information could be serious. In such cases, the confidentiality impact - level might be moderate. In a few cases (e.g., where some employees are potential - targets for retaliation by criminal elements or targets of foreign intelligence - organizations), unauthorized disclosure of some HR strategy information (e.g., - succession plans, names, addresses, title, organization, dependents’ information) - can have life-threatening consequences and has a high confidentiality impact - level.
+The confidentiality impact level is the effect of unauthorized disclosure of HR strategy information on the ability of responsible agencies to develop effective human capital management strategies to ensure federal organizations are able to recruit, select, develop, train, and manage a high-quality, productive workforce in accordance with merit system principles, and will have only a limited adverse effect on agency operations, assets, or individuals. The consequences of unauthorized disclosure of the majority of HR strategy information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974, the Health Insurance Portability and Accountability Act of 1996, or other laws and executive orders affecting the dissemination of information regarding + individuals. In such cases, the consequences of unauthorized disclosure of HR strategy information could be serious. In such cases, the confidentiality impact level might be moderate. In a few cases (e.g., where some employees are potential targets for retaliation by criminal elements or targets of foreign intelligence organizations), unauthorized disclosure of some HR strategy information (e.g., succession plans, names, addresses, title, organization, dependents’ information) can have life-threatening consequences and has a high confidentiality impact level.
The provisional confidentiality impact level recommended for disclosure of HR - strategy information is low.
+The provisional confidentiality impact level recommended for disclosure of HR strategy information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to HR - strategy information. HR strategy processes are generally tolerant of delay. - Typically, disruption of access HR strategy information can be expected to have only - a limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to HR strategy information. HR strategy processes are generally tolerant of delay. Typically, disruption of access HR strategy information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for HR strategy information is - low.
+The provisional availability impact level recommended for HR strategy information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of HR - strategy information depends mostly on the criticality of the information with - respect to agency mission, protection of agency assets, and safety of individuals. - Although there can be serious short-term effects for individuals, the effects of - modifications or deletion of this information are generally limited with respect to - agency mission capabilities or assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of HR strategy information depends mostly on the criticality of the information with respect to agency mission, protection of agency assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets.
The provisional integrity impact level recommended for HR strategy information is - low.
+The provisional integrity impact level recommended for HR strategy information is low.
Staff Acquisition establishes procedures for recruiting and selecting high-quality, - productive employees with the right skills and competencies, in accordance with - merit system principles. This sub-function includes: developing a staffing strategy - and plan; establishing an applicant evaluation approach; announcing the vacancy, - sourcing and evaluating candidates against the competency requirements for the - position; initiating pre-employment activities; and hiring employees.
+Staff Acquisition establishes procedures for recruiting and selecting high-quality, productive employees with the right skills and competencies, in accordance with merit system principles. This sub-function includes: developing a staffing strategy and plan; establishing an applicant evaluation approach; announcing the vacancy, sourcing and evaluating candidates against the competency requirements for the position; initiating pre-employment activities; and hiring employees.
The confidentiality impact level is the effect of unauthorized disclosure of staff - acquisition information on the ability of responsible agencies to establish - procedures for recruiting and selecting high-quality, productive employees with the - right skills and competencies, in accordance with merit system principles will have - only a limited adverse effect on agency operations, assets, or individuals. Special - Factors Affecting Confidentiality Impact Determination: Where more sensitive - information is involved, it will probably be personal information subject to the - Privacy Act of 1974. The Privacy Act Information provisional impact levels are - documented in the Personal Identity and Authentication information type. This can - result in assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of staff acquisition information on the ability of responsible agencies to establish procedures for recruiting and selecting high-quality, productive employees with the right skills and competencies, in accordance with merit system principles will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for disclosure of staff - acquisition information is low.
+The provisional confidentiality impact level recommended for disclosure of staff acquisition information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to staff - acquisition information. Staff acquisition processes are generally tolerant of - delay. Typically, disruption of staff acquisition information can be expected to - have only a limited adverse effect on agency operations, agency assets, or - individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to staff acquisition information. Staff acquisition processes are generally tolerant of delay. Typically, disruption of staff acquisition information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for staff acquisition - information is low
+The provisional availability impact level recommended for staff acquisition information is low
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of staff - acquisition information depends mostly on the criticality of the information with - respect to agency mission, protection of agency assets, and safety of individuals. - Although there can be serious short-term effects for individuals, the effects of - modifications or deletion of this information are generally limited with respect to - agency mission capabilities or assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of staff acquisition information depends mostly on the criticality of the information with respect to agency mission, protection of agency assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets.
The provisional integrity impact level recommended for staff acquisition information - is low.
+The provisional integrity impact level recommended for staff acquisition information is low.
Organization and Position Management designs, develops, and implements organizational - and position structures that create a high-performance, competency-driven framework - that both advances the agency mission and serves agency human capital needs.
+Organization and Position Management designs, develops, and implements organizational and position structures that create a high-performance, competency-driven framework that both advances the agency mission and serves agency human capital needs.
The confidentiality impact level is the effect of unauthorized disclosure of - organization and position management information on the ability of responsible - agencies to design, develop, and implement organizational and position structures - creating a high-performance, competency-driven framework that both advances the - agency mission and serves agency human capital needs. In most cases, unauthorized - disclosure of organization and position management information will have only a - limited adverse effect on agency operations, assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: Where more sensitive information is - involved, it will probably be personal information subject to the Privacy Act of - 1974. The Privacy Act Information provisional impact levels are documented in the - Personal Identity and Authentication information type. This can result in assignment - of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of organization and position management information on the ability of responsible agencies to design, develop, and implement organizational and position structures creating a high-performance, competency-driven framework that both advances the agency mission and serves agency human capital needs. In most cases, unauthorized disclosure of organization and position management information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for disclosure of - organization and position management information is low.
+The provisional confidentiality impact level recommended for disclosure of organization and position management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - organization and position management information. Organization and position - management processes are generally tolerant of delay. Typically, disruption of - organization and position management information can be expected to have only a - limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to organization and position management information. Organization and position management processes are generally tolerant of delay. Typically, disruption of organization and position management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for organization and position - management information is low.
+The provisional availability impact level recommended for organization and position management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - organization and position management information depends mostly on the criticality - of the information with respect to agency mission capability, protection of agency - assets, and safety of individuals.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of organization and position management information depends mostly on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals.
The provisional integrity impact level recommended for organization and position - management information is low.
+The provisional integrity impact level recommended for organization and position management information is low.
Compensation Management designs, develops, and implements compensation programs that - attract, retain and fairly compensate agency employees. In addition, designs, - develops, and implements pay for performance compensation programs to recognize and - reward high performance, with both base pay increases and performance bonus - payments. This sub-function includes: developing and implementing compensation - programs; administering bonus and monetary awards programs; administering pay - changes; managing time, attendance, leave and pay; and managing payroll.
+Compensation Management designs, develops, and implements compensation programs that attract, retain and fairly compensate agency employees. In addition, designs, develops, and implements pay for performance compensation programs to recognize and reward high performance, with both base pay increases and performance bonus payments. This sub-function includes: developing and implementing compensation programs; administering bonus and monetary awards programs; administering pay changes; managing time, attendance, leave and pay; and managing payroll.
The confidentiality impact level is the effect of unauthorized disclosure of - compensation management information on the ability of responsible agencies to - design, develop, and implements compensation programs that attract, retain and - fairly compensate agency employees will have only a limited adverse effect on agency - operations, assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: Where more sensitive information is involved, it will probably be - personal information subject to the Privacy Act of 1974. The Privacy Act Information - provisional impact levels are documented in the Personal Identity and Authentication - information type. In a few cases (e.g., where some employees are potential targets - for retaliation by criminal elements or targets of foreign intelligence - organizations), unauthorized disclosure of some compensation management information - (e.g., name, address, title, organization, dependents’ information) can have +
The confidentiality impact level is the effect of unauthorized disclosure of compensation management information on the ability of responsible agencies to design, develop, and implements compensation programs that attract, retain and fairly compensate agency employees will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. In a few cases (e.g., where some employees are potential targets for retaliation by criminal elements or targets of foreign intelligence organizations), unauthorized disclosure of some compensation management information (e.g., name, address, title, organization, dependents’ information) can have life-threatening consequences and has a high confidentiality impact level.
The provisional confidentiality impact level recommended for disclosure compensation - management information is low.
+The provisional confidentiality impact level recommended for disclosure compensation management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - compensation management information. Compensation management processes are generally - tolerant of delay. Typically, disruption compensation management information can be - expected to have only a limited adverse effect on agency operations, agency assets, - or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to compensation management information. Compensation management processes are generally tolerant of delay. Typically, disruption compensation management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended compensation management - information is low.
+The provisional availability impact level recommended compensation management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Compensation management activities are not generally time-critical. - Special Factors Affecting Integrity Impact Determination: An accumulation of small - changes to data or deletion of small entries can result in excessive disbursements - of payroll, bonus and monetary awards or affects pay changes, time and attendance, - etc. In some cases, the adverse effects of consequent negative publicity on mission - functions or public confidence in the agency can be serious. In some other cases, - integrity compromises that adversely affect a significant subset of the workforce - can result in staff issues and work stoppages that adversely affect the agency’s - mission. Where interruptions to agency missions can have serious or life-threatening - consequences for individuals, the impacts of integrity compromises can be moderate - or even high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Compensation management activities are not generally time-critical. Special Factors Affecting Integrity Impact Determination: An accumulation of small changes to data or deletion of small entries can result in excessive disbursements of payroll, bonus and monetary awards or affects pay changes, time and attendance, etc. In some cases, the adverse effects of consequent negative publicity on mission functions or public confidence in the agency can be serious. In some other cases, integrity compromises that adversely affect a significant subset of the workforce can result in staff issues and work stoppages that adversely affect the agency’s mission. Where interruptions to agency missions can have serious or life-threatening consequences for individuals, the impacts of integrity compromises can be + moderate or even high.
The provisional integrity impact level recommended for compensation management - information is low.
+The provisional integrity impact level recommended for compensation management information is low.
Benefits Management designs, develops, and implements benefit programs that attract, - retain and support current and former agency employees. This sub-function includes: - establishing and communicating benefits programs; processing benefits actions; and - interacting as necessary with third party benefits providers.
+Benefits Management designs, develops, and implements benefit programs that attract, retain and support current and former agency employees. This sub-function includes: establishing and communicating benefits programs; processing benefits actions; and interacting as necessary with third party benefits providers.
The confidentiality impact level is the effect of unauthorized disclosure benefits - management information on the ability of responsible agencies to design, develop, - and implement benefit programs that attract, retain and support current and former - agency employees will have only a limited adverse effect on agency operations, - assets, or individuals. The consequences of unauthorized disclosure of the majority - of benefits management information will result in a limited adverse effect on agency - operations, agency assets, or individuals. Special Factors Affecting Confidentiality - Impact Determination: Where more sensitive information is involved, it will probably - be personal information subject to the Privacy Act of 1974, the Health Insurance - Portability and Accountability Act of 1996, or information that is proprietary to a - corporation or other organization. In such cases, the consequences of unauthorized - disclosure of benefits management information could be serious (particularly in - cases of exposure of large data bases that might reveal private medical information - or facilitate identity theft or other financial fraud). (The provisional impact - levels for personnel information are documented in the Personal Identity and - Authentication, Income, and Entitlement Event information types.) In such cases, the - confidentiality impact level would be moderate.
+The confidentiality impact level is the effect of unauthorized disclosure benefits management information on the ability of responsible agencies to design, develop, and implement benefit programs that attract, retain and support current and former agency employees will have only a limited adverse effect on agency operations, assets, or individuals. The consequences of unauthorized disclosure of the majority of benefits management information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974, the Health Insurance Portability and Accountability Act of 1996, or information that is proprietary to a corporation or other organization. In such cases, the consequences of unauthorized disclosure of benefits management information could be serious + (particularly in cases of exposure of large data bases that might reveal private medical information or facilitate identity theft or other financial fraud). (The provisional impact levels for personnel information are documented in the Personal Identity and Authentication, Income, and Entitlement Event information types.) In such cases, the confidentiality impact level would be moderate.
The provisional confidentiality impact level recommended for disclosure of benefits - management information is low.
+The provisional confidentiality impact level recommended for disclosure of benefits management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to benefits - management information. Benefits management processes are generally tolerant of - delay. Typically, disruption benefits management information can be expected to have - only a limited adverse effect on agency operations, agency assets, or - individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to benefits management information. Benefits management processes are generally tolerant of delay. Typically, disruption benefits management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended benefits management information - is low.
+The provisional availability impact level recommended benefits management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - benefits management information depends mostly on the criticality of the information - with respect to agency mission capability, protection of agency assets, and safety - of individuals. In general, the effects of modifications or deletion of this - information are generally limited with respect to agency mission capabilities or - assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of benefits management information depends mostly on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. In general, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets.
The provisional integrity impact level recommended for benefits management - information is low.
+The provisional integrity impact level recommended for benefits management information is low.
Employee Performance Management designs, develops, and implements a comprehensive - performance management approach to ensure agency employees are demonstrating - competencies required of their work assignments. Design, develop and implement a - comprehensive performance management strategy that enables managers to make - distinctions in performance and links individual performance to agency goal and - mission accomplishment. This sub-function also includes managing employee - performance at the individual level and evaluating the overall effectiveness of the - agency’s employee development approach.
+Employee Performance Management designs, develops, and implements a comprehensive performance management approach to ensure agency employees are demonstrating competencies required of their work assignments. Design, develop and implement a comprehensive performance management strategy that enables managers to make distinctions in performance and links individual performance to agency goal and mission accomplishment. This sub-function also includes managing employee performance at the individual level and evaluating the overall effectiveness of the agency’s employee development approach.
The confidentiality impact level is the effect of unauthorized disclosure of employee - performance management information regarding the agencies ability to design, - develop, and implement a comprehensive performance management approach to ensure - agency employees are demonstrating competencies required of their work assignments. - In most cases, unauthorized disclosure of employee performance management - information will have only a limited adverse effect on agency operations, assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: Where - more sensitive information is involved, it will probably be personal information - subject to the Privacy Act of 1974. The Privacy Act Information provisional impact - levels are documented in the Personal Identity and Authentication information type. - This can result in assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of employee performance management information regarding the agencies ability to design, develop, and implement a comprehensive performance management approach to ensure agency employees are demonstrating competencies required of their work assignments. In most cases, unauthorized disclosure of employee performance management information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for disclosure of employee - performance management information is low.
+The provisional confidentiality impact level recommended for disclosure of employee performance management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to employee - performance management information. Employee performance management processes are - generally tolerant of delay. Typically, disruption employee performance management - information can be expected to have only a limited adverse effect on agency - operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to employee performance management information. Employee performance management processes are generally tolerant of delay. Typically, disruption employee performance management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended employee performance management - information is low.
+The provisional availability impact level recommended employee performance management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - employee performance management information depends mostly on the criticality of the - information with respect to agency mission capability, protection of agency assets, - and safety of individuals. Although there can be serious short-term effects for - individuals, the effects of modifications or deletion of this information are - generally limited with respect to agency mission capabilities or assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of employee performance management information depends mostly on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets.
The provisional integrity impact level recommended for employee performance - management information is low.
+The provisional integrity impact level recommended for employee performance management information is low.
Employee Relations designs, develops, and implements programs that strive to maintain - an effective employer-employee relationship that balance the agency’s needs against - its employees’ rights. This sub-function includes: addressing employee misconduct; - addressing employee performance problems; managing administrative grievances; - providing employee accommodation; administering employees assistance programs; - participating in administrative third party proceedings; and determining candidate - and applicant suitability.
+Employee Relations designs, develops, and implements programs that strive to maintain an effective employer-employee relationship that balance the agency’s needs against its employees’ rights. This sub-function includes: addressing employee misconduct; addressing employee performance problems; managing administrative grievances; providing employee accommodation; administering employees assistance programs; participating in administrative third party proceedings; and determining candidate and applicant suitability.
The confidentiality impact level is the effect of unauthorized disclosure of employee - relations information on the ability of responsible agencies to design, develop, and - implement programs that strive to maintain an effective employer-employee - relationship that balance the agency’s needs against its employees’ rights. The - consequences of unauthorized disclosure of the employee relations information will - result in a limited adverse effect on agency operations, agency assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: Where - more sensitive information is involved, it will probably be personal information - subject to the Privacy Act of 1974, the Health Insurance Portability and - Accountability Act of 1996, or other laws and executive orders affecting the - dissemination of information regarding individuals. (The provisional impact levels - for personnel information are documented in the Personal Identity and - Authentication.) In such cases, the consequences of unauthorized disclosure of - Employee Relations information could be serious. In such cases, the confidentiality - impact level might be moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of employee relations information on the ability of responsible agencies to design, develop, and implement programs that strive to maintain an effective employer-employee relationship that balance the agency’s needs against its employees’ rights. The consequences of unauthorized disclosure of the employee relations information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974, the Health Insurance Portability and Accountability Act of 1996, or other laws and executive orders affecting the dissemination of information regarding individuals. (The provisional impact levels for personnel information are documented in the Personal Identity and Authentication.) In such cases, the + consequences of unauthorized disclosure of Employee Relations information could be serious. In such cases, the confidentiality impact level might be moderate.
The provisional confidentiality impact level recommended for disclosure of employee - relations information is low.
+The provisional confidentiality impact level recommended for disclosure of employee relations information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access employee - relations information. Employee relations processes are generally tolerant of delay. - Typically, disruption employee relations information can be expected to have only a - limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access employee relations information. Employee relations processes are generally tolerant of delay. Typically, disruption employee relations information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended employee relations information - is low.
+The provisional availability impact level recommended employee relations information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - employee relations information depends mostly on the criticality of the information - with respect to agency mission capability, protection of agency assets, and safety - of individuals. Although there can be serious short-term effects for individuals, - the effects of modifications or deletion of this information are generally limited - with respect to agency mission capabilities or assets. Special Factors Affecting - Integrity Impact Determination: In some cases, integrity compromises that adversely - affect a significant subset of the workforce can result in work stoppages that - adversely affect the agency’s mission. Where interruptions to agency missions can - have serious or life-threatening consequences for individuals, the impacts of +
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of employee relations information depends mostly on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets. Special Factors Affecting Integrity Impact Determination: In some cases, integrity compromises that adversely affect a significant subset of the workforce can result in work stoppages that adversely affect the agency’s mission. Where interruptions to agency missions can have serious or life-threatening consequences for individuals, the impacts of integrity compromises can be moderate or even high.
The provisional integrity impact level recommended for employee relations information - is low.
+The provisional integrity impact level recommended for employee relations information is low.
Labor Relations manages the relationship between the agency and its unions and - bargaining units. This includes negotiating and administering labor contracts and - collective bargaining agreements; managing negotiated grievances; and participating - in negotiated third party proceedings.
+Labor Relations manages the relationship between the agency and its unions and bargaining units. This includes negotiating and administering labor contracts and collective bargaining agreements; managing negotiated grievances; and participating in negotiated third party proceedings.
The confidentiality impact level is the effect of unauthorized disclosure of labor - relations information on the ability of responsible agencies to manage the - relationship between the agency and its unions and bargaining units. This includes - negotiating and administering labor contracts and collective bargaining agreements; - managing negotiated grievances; and participating in negotiated third party - proceedings. The consequences of unauthorized disclosure of the majority of labor - relations information will result in a limited adverse effect on agency operations, - agency assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: In cases where the consequences of unauthorized disclosure of labor - relations information could seriously affect the agencies mission capability, - protection of agency assets, and safety of individuals, the confidentiality impact - level might be moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of labor relations information on the ability of responsible agencies to manage the relationship between the agency and its unions and bargaining units. This includes negotiating and administering labor contracts and collective bargaining agreements; managing negotiated grievances; and participating in negotiated third party proceedings. The consequences of unauthorized disclosure of the majority of labor relations information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In cases where the consequences of unauthorized disclosure of labor relations information could seriously affect the agencies mission capability, protection of agency assets, and safety of individuals, the confidentiality impact level might be moderate.
The provisional confidentiality impact level recommended for disclosure of labor - relations information is low.
+The provisional confidentiality impact level recommended for disclosure of labor relations information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to labor - relations information. Labor relations processes are generally tolerant of delay. - Typically, disruption labor relations information can be expected to have only a - limited adverse effect on agency operations, agency assets, or individuals. Special - Factors Affecting Availability Impact Determination: In some cases (e.g., where an - agency’s mission is strongly dependent on organized labor), loss of availability of - information that adversely affects a significant subset of the workforce can result - in work stoppages that adversely affect the agency’s mission. Where interruptions to - agency missions can have serious or life-threatening consequences for individuals, - the impacts of availability compromises can be moderate or even high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to labor relations information. Labor relations processes are generally tolerant of delay. Typically, disruption labor relations information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In some cases (e.g., where an agency’s mission is strongly dependent on organized labor), loss of availability of information that adversely affects a significant subset of the workforce can result in work stoppages that adversely affect the agency’s mission. Where interruptions to agency missions can have serious or life-threatening consequences for individuals, the impacts of availability compromises can be moderate or even high.
The provisional availability impact level recommended labor relations information is - low.
+The provisional availability impact level recommended labor relations information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of labor - relations information depends mostly on the criticality of the information with - respect to agency mission capability, protection of agency assets, and safety of - individuals. Although there can be serious short-term effects for individuals, the - effects of modifications or deletion of this information are generally limited with - respect to agency mission capabilities or assets. Special Factors Affecting - Integrity Impact Determination: In some cases (e.g., where an agency’s mission is - strongly dependent on organized labor), integrity compromises that adversely affect - a significant subset of the workforce can result in work stoppages that adversely - affect the agency’s mission. Where interruptions to agency missions can have serious - or life-threatening consequences for individuals, the impacts of integrity - compromises can be moderate or even high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of labor relations information depends mostly on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets. Special Factors Affecting Integrity Impact Determination: In some cases (e.g., where an agency’s mission is strongly dependent on organized labor), integrity compromises that adversely affect a significant subset of the workforce can result in work stoppages that adversely affect the agency’s mission. Where interruptions to agency missions can have + serious or life-threatening consequences for individuals, the impacts of integrity compromises can be moderate or even high.
The provisional integrity impact level recommended for labor relations information is - low.
+The provisional integrity impact level recommended for labor relations information is low.
Separation Management conducts efficient and effective employee separation programs - that assist employees in transitioning to non-Federal employment; facilitates the - removal of unproductive, non-performing employees; and assists employees in - transitioning to retirement.
+Separation Management conducts efficient and effective employee separation programs that assist employees in transitioning to non-Federal employment; facilitates the removal of unproductive, non-performing employees; and assists employees in transitioning to retirement.
The confidentiality impact level is the effect of unauthorized disclosure of - separation management information on the ability of responsible agencies conducts - efficient and effective employee separation programs that assist employees in - transitioning to non-Federal employment; facilitates the removal of unproductive, - non-performing employees; and assists employees in transitioning to retirement. In - most cases, unauthorized disclosure of separation management information will have - only a limited adverse effect on agency operations, assets, or individuals. Special - Factors Affecting Confidentiality Impact Determination: Where more sensitive - information is involved, it will probably be personal information subject to the - Privacy Act of 1974. The Privacy Act Information provisional impact levels are - documented in the Personal Identity and Authentication information type. This can - result in assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of separation management information on the ability of responsible agencies conducts efficient and effective employee separation programs that assist employees in transitioning to non-Federal employment; facilitates the removal of unproductive, non-performing employees; and assists employees in transitioning to retirement. In most cases, unauthorized disclosure of separation management information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for disclosure of separation - management information is low.
+The provisional confidentiality impact level recommended for disclosure of separation management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access separation - management. Separation management processes are generally tolerant of delay. - Typically, disruption separation management information can be expected to have only - a limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access separation management. Separation management processes are generally tolerant of delay. Typically, disruption separation management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended separation management - information is low.
+The provisional availability impact level recommended separation management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - separation management information is generally limited with respect to agency - mission capabilities or assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of separation management information is generally limited with respect to agency mission capabilities or assets.
The provisional integrity impact level recommended for separation management - information is low.
+The provisional integrity impact level recommended for separation management information is low.
Human Resources Development designs, develops, and implements a comprehensive - employee development approach to ensure that agency employees have the right - competencies and skills for current and future work assignments. This sub-function - includes conducting employee development needs assessments; designing employee - development programs; administering and delivering employee development programs; - and evaluating the overall effectiveness of the agency’s employee development - approach.
+Human Resources Development designs, develops, and implements a comprehensive employee development approach to ensure that agency employees have the right competencies and skills for current and future work assignments. This sub-function includes conducting employee development needs assessments; designing employee development programs; administering and delivering employee development programs; and evaluating the overall effectiveness of the agency’s employee development approach.
The confidentiality impact level is the effect of unauthorized disclosure of human - resources development information on the ability of responsible agencies to design, - develop, and comprehensive employee development approach to ensure that agency - employees have the right competencies and skills for current and future work - assignments. In most cases, unauthorized disclosure of human resource development - information will have only a limited adverse effect on agency operations, assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: Where - more sensitive information is involved, it will probably be personal information - subject to the Privacy Act of 1974. The Privacy Act Information provisional impact - levels are documented in the Personal Identity and Authentication information type. - This can result in assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of human resources development information on the ability of responsible agencies to design, develop, and comprehensive employee development approach to ensure that agency employees have the right competencies and skills for current and future work assignments. In most cases, unauthorized disclosure of human resource development information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for disclosure of human - resources development information is low.
+The provisional confidentiality impact level recommended for disclosure of human resources development information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish human resources - development information. Human resources development information is generally - tolerant of delay. Typically, disruption of human resources development information - can be expected to have only a limited adverse effect on agency operations, agency - assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish human resources development information. Human resources development information is generally tolerant of delay. Typically, disruption of human resources development information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended human resources development - information is low.
+The provisional availability impact level recommended human resources development information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of human - resource development information depends mostly on the criticality of the - information with respect to agency mission capability, protection of agency assets, - and safety of individuals. Although there can be serious short-term effects for - individuals, the effects of modifications or deletion of this information are - generally limited with respect to agency mission capabilities or assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of human resource development information depends mostly on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets.
The provisional integrity impact level recommended for human resources development - information is low.
+The provisional integrity impact level recommended for human resources development information is low.
Goods acquisition involves the procurement of physical goods, products, and capital - assets to be used by the Federal government.
+Goods acquisition involves the procurement of physical goods, products, and capital assets to be used by the Federal government.
The confidentiality impact level is the effect of unauthorized disclosure of goods - acquisition information on the ability of agencies to procure physical goods, - products, and capital assets to be used by the Federal government. The consequences - of unauthorized disclosure of most goods acquisition information will have only a - limited adverse effect on agency operations, agency assets, or individuals. Special - Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of - information associated with large procurements can result in fraud, waste, abuse, - and/or legal proceedings that can have a serious to severe effect on Federal - government assets and operations. Also, information associated with acquisition of - many Federal government facilities can be useful to criminals seeking to gain access - to those facilities. In these cases, unauthorized disclosure of information can have - a serious adverse effect on agency operations, agency assets, or individuals. The - consequent confidentiality impact would range from moderate to high. Also, - unauthorized disclosure of one agency’s goods acquisition information by another - agency could result in negative impacts on cross-jurisdictional coordination within - the goods acquisition infrastructure and the general effectiveness of organizations - tasked with acquisition of government facilities and supplies. Additionally, some - procurement information associated with proposals is proprietary. In the case of - competitive procurements, much information associated with unsuccessful bids remains - proprietary following award of the contract (e.g., pricing information). - Unauthorized disclosure of proprietary information can have serious consequences for - agencies and have at least a moderate confidentiality impact level. Some procurement - information is classified. The classified information is national security related - and is outside the scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of goods acquisition information on the ability of agencies to procure physical goods, products, and capital assets to be used by the Federal government. The consequences of unauthorized disclosure of most goods acquisition information will have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of information associated with large procurements can result in fraud, waste, abuse, and/or legal proceedings that can have a serious to severe effect on Federal government assets and operations. Also, information associated with acquisition of many Federal government facilities can be useful to criminals seeking to gain access to those facilities. In these cases, unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, or individuals. + The consequent confidentiality impact would range from moderate to high. Also, unauthorized disclosure of one agency’s goods acquisition information by another agency could result in negative impacts on cross-jurisdictional coordination within the goods acquisition infrastructure and the general effectiveness of organizations tasked with acquisition of government facilities and supplies. Additionally, some procurement information associated with proposals is proprietary. In the case of competitive procurements, much information associated with unsuccessful bids remains proprietary following award of the contract (e.g., pricing information). Unauthorized disclosure of proprietary information can have serious consequences for agencies and have at least a moderate confidentiality impact level. Some procurement information is classified. The classified information is national security related and is outside the scope of this guideline.
The provisional confidentiality impact level recommended for goods acquisition - information is low.
+The provisional confidentiality impact level recommended for goods acquisition information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - goods acquisition information. Functions and processes supported by most goods - acquisition information are tolerant of delays i.e., the data supporting the - functions/processes are not time-critical. Typically, disruption of access will have - a limited adverse effect on agency operations (including mission functions and - public confidence in the agency), agency assets, or individuals. Special Factors - Affecting Availability Impact Determination: Exceptions may include emergency - procurements necessary to support response aspects of disaster management. In such - cases, delays may cost lives and major property damage. Consequently, the - availability impact level associated with disruption of access to goods acquisition - information needed to respond to emergencies may be high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the goods acquisition information. Functions and processes supported by most goods acquisition information are tolerant of delays i.e., the data supporting the functions/processes are not time-critical. Typically, disruption of access will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency procurements necessary to support response aspects of disaster management. In such cases, delays may cost lives and major property damage. Consequently, the availability impact level associated with disruption of access to goods acquisition information needed to respond to emergencies may be high.
The provisional availability impact level recommended for goods acquisition - information is low.
+The provisional availability impact level recommended for goods acquisition information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of goods - acquisition information usually depends on the urgency with which the information is - needed or the immediacy with which the information is used Special Factors Affecting - Integrity Impact Determination: Unauthorized modification or destruction of - information affecting external publication of goods acquisition information (e.g., - web pages, electronic mail) may adversely affect public confidence in the agency. - However, damage to the mission would usually be limited. Unauthorized modification - or destruction of information relating to procurement actions (particularly proposal - information) can result in serious disruption of procurement processes that can be - important or even critical to agency operations. In such cases, the integrity impact - level can be moderate or even high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of goods acquisition information usually depends on the urgency with which the information is needed or the immediacy with which the information is used Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external publication of goods acquisition information (e.g., web pages, electronic mail) may adversely affect public confidence in the agency. However, damage to the mission would usually be limited. Unauthorized modification or destruction of information relating to procurement actions (particularly proposal information) can result in serious disruption of procurement processes that can be important or even critical to agency operations. In such cases, the + integrity impact level can be moderate or even high.
The provisional integrity impact level recommended for modification or destruction of - most goods acquisition information is low.
+The provisional integrity impact level recommended for modification or destruction of most goods acquisition information is low.
Inventory control refers to the tracking of information related to procured assets - and resources with regards to quantity, quality, and location.
+Inventory control refers to the tracking of information related to procured assets and resources with regards to quantity, quality, and location.
The confidentiality impact level is the effect of unauthorized disclosure of - inventory control information on the ability of agencies to track information - related to procured assets and resources with regards to quantity, quality, and - location. The consequences of unauthorized disclosure of most inventory control - information are likely to have only a limited adverse effect on agency operations, - agency assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: Unauthorized disclosure of information associated with inventories of - hazardous materials (e.g., radioactive materials, toxins, bio-hazardous items, - explosives) can facilitate terrorist or other criminal activities that may result in - serious effects on Federal government assets and operations and on the general - public. In general, inventory control information can be of material use to - criminals seeking to perpetrate fraud, theft, or some other criminal enterprise. In - these cases too, unauthorized disclosure of information can have a serious adverse - effect on agency operations, agency assets, or individuals. The consequent - confidentiality impact of these types of criminal exploitation of unauthorized - disclosure of inventory control information would range from moderate to high. Also, - unauthorized disclosure of one agency’s inventory control information by another - agency could result in negative impacts on cross-jurisdictional coordination within - the inventory control infrastructure and the general effectiveness of organizations - tasked with the distribution and accounting of government facilities and supplies. - Some inventory control information is classified. The classified information is - national security related and is outside the scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of inventory control information on the ability of agencies to track information related to procured assets and resources with regards to quantity, quality, and location. The consequences of unauthorized disclosure of most inventory control information are likely to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of information associated with inventories of hazardous materials (e.g., radioactive materials, toxins, bio-hazardous items, explosives) can facilitate terrorist or other criminal activities that may result in serious effects on Federal government assets and operations and on the general public. In general, inventory control information can be of material use to criminals seeking to perpetrate fraud, theft, or some other criminal enterprise. In these cases too, + unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, or individuals. The consequent confidentiality impact of these types of criminal exploitation of unauthorized disclosure of inventory control information would range from moderate to high. Also, unauthorized disclosure of one agency’s inventory control information by another agency could result in negative impacts on cross-jurisdictional coordination within the inventory control infrastructure and the general effectiveness of organizations tasked with the distribution and accounting of government facilities and supplies. Some inventory control information is classified. The classified information is national security related and is outside the scope of this guideline.
Regardless of the moderate or high impact associated with unauthorized disclosure of - some inventory control information, the provisional confidentiality impact level - recommended for inventory control information is low.
+Regardless of the moderate or high impact associated with unauthorized disclosure of some inventory control information, the provisional confidentiality impact level recommended for inventory control information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - inventory control information. Functions and processes supported by most inventory - control information are tolerant of delays i.e., the data supporting the - functions/processes are not time-critical. Typically, disruption of access to - inventory control information will have a limited adverse effect on agency - operations (including mission functions and public confidence in the agency), agency - assets, or individuals. Special Factors Affecting Availability Impact Determination: - Exceptions may include emergency requirements to access and distribute materials - necessary for disaster management. In such cases, delays may cost lives and major - property damage. Consequently, the impact level for inventory control information - needed to respond to emergencies will be high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to inventory control information. Functions and processes supported by most inventory control information are tolerant of delays i.e., the data supporting the functions/processes are not time-critical. Typically, disruption of access to inventory control information will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency requirements to access and distribute materials necessary for disaster management. In such cases, delays may cost lives and major property damage. Consequently, the impact level for inventory control information needed to respond to emergencies will be high.
The provisional availability impact level recommended for inventory control - information is low.
+The provisional availability impact level recommended for inventory control information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - inventory control information usually depends on the urgency with which the - information is needed or the immediacy with which the information is used. In most - cases, it is unlikely that the information will be needed urgently or acted upon - immediately. Unauthorized modification or destruction of information affecting - external publication of inventory control information (e.g., web pages, electronic - mail) may adversely affect public confidence in the agency. However, damage to the - mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of inventory control information usually depends on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be needed urgently or acted upon immediately. Unauthorized modification or destruction of information affecting external publication of inventory control information (e.g., web pages, electronic mail) may adversely affect public confidence in the agency. However, damage to the mission would usually be limited.
The provisional integrity impact level recommended for inventory control information - is low.
+The provisional integrity impact level recommended for inventory control information is low.
Logistics management involves the planning and tracking of personnel and their - resources in relation to their availability and location.
+Logistics management involves the planning and tracking of personnel and their resources in relation to their availability and location.
The confidentiality impact level is the effect of unauthorized disclosure of - logistics management information on the ability of agencies to plan and track the - availability and location of personnel and their resources. The consequences of - unauthorized disclosure of most logistics management information are likely to have - only limited adverse effects on agency operations, agency assets, or individuals. - Special Factors Affecting Confidentiality Impact Determination: Unauthorized - disclosure of logistics information associated with homeland security, law - enforcement and some transportation activities (e.g., air transport) can facilitate - terrorist or other criminal activities that may result in serious on Federal - government assets and operations and on the general public. Logistics management - information associated with a broad range of mission areas can be of material use to - criminals seeking to perpetrate fraud, theft, or other criminal enterprises. Also, - this information is a key intelligence target for those seeking information on - defense or law enforcement capabilities, dispositions and intent. In all these - cases, the unauthorized disclosure of logistics management information may result in - serious adverse effects on agency operations, agency assets, and individuals. - Therefore, the confidentiality impact level for these types of criminal exploitation - of unauthorized disclosure of logistics management information will range from - moderate to high. Some logistics management information is classified (e.g., some - military logistics information). The classified information is national security - related and is outside the scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of logistics management information on the ability of agencies to plan and track the availability and location of personnel and their resources. The consequences of unauthorized disclosure of most logistics management information are likely to have only limited adverse effects on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of logistics information associated with homeland security, law enforcement and some transportation activities (e.g., air transport) can facilitate terrorist or other criminal activities that may result in serious on Federal government assets and operations and on the general public. Logistics management information associated with a broad range of mission areas can be of material use to criminals seeking to perpetrate fraud, theft, or other criminal enterprises. Also, this information + is a key intelligence target for those seeking information on defense or law enforcement capabilities, dispositions and intent. In all these cases, the unauthorized disclosure of logistics management information may result in serious adverse effects on agency operations, agency assets, and individuals. Therefore, the confidentiality impact level for these types of criminal exploitation of unauthorized disclosure of logistics management information will range from moderate to high. Some logistics management information is classified (e.g., some military logistics information). The classified information is national security related and is outside the scope of this guideline.
The provisional confidentiality impact level recommended for most logistics - management information is low.
+The provisional confidentiality impact level recommended for most logistics management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - logistics management information. Functions and processes supported by most - logistics management information are tolerant of delays i.e., the data supporting - the functions/processes are not time-critical. Typically, disruption of access to - logistics management information will have a limited adverse effect on agency - operations (including mission functions and public confidence in the agency), agency - assets, or individuals. Special Factors Affecting Availability Impact Determination: - Exceptions may include emergency requirements to deploy personnel and their - resources to support disaster management. In such cases, delays may cost lives and - major property damage. Consequently, the impact level for logistics management - information needed to respond to emergencies will be high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to logistics management information. Functions and processes supported by most logistics management information are tolerant of delays i.e., the data supporting the functions/processes are not time-critical. Typically, disruption of access to logistics management information will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency requirements to deploy personnel and their resources to support disaster management. In such cases, delays may cost lives and major property damage. Consequently, the impact level for logistics management information needed to respond to emergencies will be high.
The availability impact level recommended for logistics management information is - low.
+The availability impact level recommended for logistics management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - logistics management information usually depends on the urgency with which the - information is needed or the immediacy with which the information is used. In most - cases, the information will not be needed urgently or acted upon immediately. - Unauthorized modification or destruction of information affecting external - publication of logistics management information (e.g., web pages, electronic mail) - may adversely affect public confidence in the agency. However, damage to the mission - would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of logistics management information usually depends on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, the information will not be needed urgently or acted upon immediately. Unauthorized modification or destruction of information affecting external publication of logistics management information (e.g., web pages, electronic mail) may adversely affect public confidence in the agency. However, damage to the mission would usually be limited.
The provisional integrity impact level recommended for logistics management - information is low.
+The provisional integrity impact level recommended for logistics management information is low.
Services acquisition involves the oversight and/or management of contractors and - service providers from the private sector.
+Services acquisition involves the oversight and/or management of contractors and service providers from the private sector.
The confidentiality impact level is the effect of unauthorized disclosure of services - acquisition information on the ability of agencies to oversee and/or manage - contractors and service providers from the private sector. The consequences of - unauthorized disclosure of most services acquisition information are likely to have - only a limited adverse effect on agency operations, agency assets, or individuals. - Special Factors Affecting Confidentiality Impact Determination: Unauthorized - disclosure of information associated with very large procurements can result in - fraud, waste, abuse, and/or legal proceedings that can have a serious effect on - Federal government assets and operations. Also, information associated with - acquisition of some services (e.g., security or protection services) can be of - material use to criminals seeking to gain access to Federal facilities or - information in order to facilitate or perpetrate sabotage, murder, fraud, theft, or - other criminal enterprises. In these cases, unauthorized disclosure of information - can have a serious adverse effect on agency operations, agency assets, and/or - individuals. The consequent confidentiality impact will range from moderate to high. - Additionally, some procurement information associated with proposals is proprietary. - In the case of competitive procurements, much information associated with - unsuccessful bids remains proprietary following award of the contract (e.g., pricing - information). Unauthorized disclosure of proprietary information can have serious - consequences for agencies and have at least a moderate confidentiality impact level. - Some services procurement information is classified. The classified information is - national security related and is outside the scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of services acquisition information on the ability of agencies to oversee and/or manage contractors and service providers from the private sector. The consequences of unauthorized disclosure of most services acquisition information are likely to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of information associated with very large procurements can result in fraud, waste, abuse, and/or legal proceedings that can have a serious effect on Federal government assets and operations. Also, information associated with acquisition of some services (e.g., security or protection services) can be of material use to criminals seeking to gain access to Federal facilities or information in order to facilitate or perpetrate sabotage, murder, fraud, theft, or other criminal enterprises. + In these cases, unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, and/or individuals. The consequent confidentiality impact will range from moderate to high. Additionally, some procurement information associated with proposals is proprietary. In the case of competitive procurements, much information associated with unsuccessful bids remains proprietary following award of the contract (e.g., pricing information). Unauthorized disclosure of proprietary information can have serious consequences for agencies and have at least a moderate confidentiality impact level. Some services procurement information is classified. The classified information is national security related and is outside the scope of this guideline.
The provisional confidentiality impact level recommended for most services - acquisition information is low.
+The provisional confidentiality impact level recommended for most services acquisition information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to services - acquisition information. Functions and processes supported by most services - acquisition information are tolerant of delays i.e., the data supporting the - functions/processes are not time-critical. In most cases, disruption of access to - services procurement information can be expected to have a limited adverse effect on - agency operations (including mission functions and public confidence in the agency), - agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to services acquisition information. Functions and processes supported by most services acquisition information are tolerant of delays i.e., the data supporting the functions/processes are not time-critical. In most cases, disruption of access to services procurement information can be expected to have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals.
The provisional availability impact level recommended for services acquisition - information is low.
+The provisional availability impact level recommended for services acquisition information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - services acquisition information usually depends on the urgency with which the - information is needed or the immediacy with which the information is used. In most - cases, the information will not be needed urgently or acted upon immediately. Also, - unauthorized modification or destruction of information affecting external - publication of services acquisition information (e.g., web pages, electronic mail) - may adversely affect public confidence in the agency. However, damage to the mission - would usually be limited. Special Factors Affecting Integrity Impact Determination: - Unauthorized modification or destruction of information relating to procurement - actions (particularly proposal information) can result in serious disruption of - procurement processes and loss of availability of services that can be important or - even critical to agency operations. In such cases, the integrity impact level can be - moderate or even high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of services acquisition information usually depends on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, the information will not be needed urgently or acted upon immediately. Also, unauthorized modification or destruction of information affecting external publication of services acquisition information (e.g., web pages, electronic mail) may adversely affect public confidence in the agency. However, damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information relating to procurement actions (particularly proposal information) can result in serious disruption of + procurement processes and loss of availability of services that can be important or even critical to agency operations. In such cases, the integrity impact level can be moderate or even high.
The provisional integrity impact level recommended for most services acquisition - information is low.
+The provisional integrity impact level recommended for most services acquisition information is low.
System Development supports all activities associated with the in-house design and - development of software applications.
+System Development supports all activities associated with the in-house design and development of software applications.
The confidentiality impact level is the effect of unauthorized disclosure of system - development information on the ability of responsible agencies to design and develop - software applications in-house. In the system development phase, a system’s security - configuration baseline is established. In most cases, the system development - information is not particularly sensitive and is distributed to the users. In - general, disclosure of the system development information is likely to result in - only limited adverse effects on the confidentiality of system information and - processes.
+The confidentiality impact level is the effect of unauthorized disclosure of system development information on the ability of responsible agencies to design and develop software applications in-house. In the system development phase, a system’s security configuration baseline is established. In most cases, the system development information is not particularly sensitive and is distributed to the users. In general, disclosure of the system development information is likely to result in only limited adverse effects on the confidentiality of system information and processes.
The provisional confidentiality impact level recommended for system development - information is low.
+The provisional confidentiality impact level recommended for system development information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to system - development information. Functions and processes supported by most system - development information are not time-critical. That is, temporary disruption of - access to system development information will usually have only a limited adverse - effect on agency operations (including mission functions and public confidence in - the agency), agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to system development information. Functions and processes supported by most system development information are not time-critical. That is, temporary disruption of access to system development information will usually have only a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals.
The provisional availability impact level recommended for system development - information is low.
+The provisional availability impact level recommended for system development information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of system - development information depend on the maximum aggregate sensitivity and criticality - of the information and processes associated with the system. Special Factors - Affecting Integrity Impact Determination: The Recommended Integrity Impact Level may - range from low to high to national security information (outside the scope of this - guideline).
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of system development information depend on the maximum aggregate sensitivity and criticality of the information and processes associated with the system. Special Factors Affecting Integrity Impact Determination: The Recommended Integrity Impact Level may range from low to high to national security information (outside the scope of this guideline).
The provisional integrity impact level recommended for most system development - information is moderate.
+The provisional integrity impact level recommended for most system development information is moderate.
Lifecycle/Change Management involves the processes that facilitate a smooth - evolution, composition, and workforce transition of the design and implementation of - changes to agency resources such as assets, methodologies, systems, or - procedures.
+Lifecycle/Change Management involves the processes that facilitate a smooth evolution, composition, and workforce transition of the design and implementation of changes to agency resources such as assets, methodologies, systems, or procedures.
The confidentiality impact level is the effect of unauthorized disclosure of - lifecycle/change management information on the ability of responsible agencies to - execute processes that facilitate a smooth evolution, composition, and workforce - transition of the design and implementation of changes to agency resources such as - assets, methodologies, systems, or procedures. Special Factors Affecting - Confidentiality Impact Determination: Unauthorized disclosure of some - lifecycle/change management information can provide adversaries with intelligence - information that may be useful in efforts to compromise the system. This can result - in assignment of a moderate impact level to such information. Additionally, there - are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade - secrets will generally be assigned a moderate confidentiality impact level.
+The confidentiality impact level is the effect of unauthorized disclosure of lifecycle/change management information on the ability of responsible agencies to execute processes that facilitate a smooth evolution, composition, and workforce transition of the design and implementation of changes to agency resources such as assets, methodologies, systems, or procedures. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some lifecycle/change management information can provide adversaries with intelligence information that may be useful in efforts to compromise the system. This can result in assignment of a moderate impact level to such information. Additionally, there are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade secrets will generally be assigned a moderate confidentiality impact level.
The provisional confidentiality impact level recommended for lifecycle/change - management information is low.
+The provisional confidentiality impact level recommended for lifecycle/change management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - lifecycle/change management information. Functions and processes supported by most - lifecycle/change management information are not time-critical. That is, temporary - disruption of access to lifecycle/change management information will usually have - only a limited adverse effect on agency operations (including mission functions and - public confidence in the agency), agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to lifecycle/change management information. Functions and processes supported by most lifecycle/change management information are not time-critical. That is, temporary disruption of access to lifecycle/change management information will usually have only a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals.
The provisional availability impact level recommended for lifecycle/change management - information is low.
+The provisional availability impact level recommended for lifecycle/change management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of undetected or unauthorized modification or - destruction of lifecycle/change management information depends on the maximum - aggregate sensitivity and criticality of the information and processes associated - with the system. Special Factors Affecting Integrity Impact Determination: The - Recommended Integrity Impact Level can range from low to high to national security - information (outside the scope of this guideline).
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of undetected or unauthorized modification or destruction of lifecycle/change management information depends on the maximum aggregate sensitivity and criticality of the information and processes associated with the system. Special Factors Affecting Integrity Impact Determination: The Recommended Integrity Impact Level can range from low to high to national security information (outside the scope of this guideline).
The provisional integrity impact level recommended for lifecycle/change management - information is moderate.
+The provisional integrity impact level recommended for lifecycle/change management information is moderate.
System Maintenance supports all activities associated with the maintenance of - in-house designed software applications.
+System Maintenance supports all activities associated with the maintenance of in-house designed software applications.
The confidentiality impact level is the effect of unauthorized disclosure of system - maintenance information on the ability of responsible agencies to maintain in-house - designed software applications. In most cases, system maintenance information is not - particularly sensitive and is distributed to the users. In general, disclosure of - system maintenance information is likely to result in only limited adverse effects - on the confidentiality of system information and processes.
+The confidentiality impact level is the effect of unauthorized disclosure of system maintenance information on the ability of responsible agencies to maintain in-house designed software applications. In most cases, system maintenance information is not particularly sensitive and is distributed to the users. In general, disclosure of system maintenance information is likely to result in only limited adverse effects on the confidentiality of system information and processes.
The provisional impact level recommended for system maintenance information is - low.
+The provisional impact level recommended for system maintenance information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - maintenance information. Functions and processes supported by most maintenance - information are not time-critical. That is, temporary disruption of access to - maintenance information will usually have only a limited adverse effect on agency - operations (including mission functions and public confidence in the agency), agency - assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to maintenance information. Functions and processes supported by most maintenance information are not time-critical. That is, temporary disruption of access to maintenance information will usually have only a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals.
The provisional availability impact level recommended for system maintenance - information is low.
+The provisional availability impact level recommended for system maintenance information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of system - maintenance information can be particularly serious because specific modifications - to system changes can be difficult to identify. Special Factors Affecting Integrity - Impact Determination: The consequences of undetected or unauthorized modification or - destruction of system maintenance information may depend on the maximum aggregate - sensitivity and criticality of the information and processes associated with the - system. The Recommended Integrity Impact Level can range from low to high to - national security information (outside the scope of this guideline).
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of system maintenance information can be particularly serious because specific modifications to system changes can be difficult to identify. Special Factors Affecting Integrity Impact Determination: The consequences of undetected or unauthorized modification or destruction of system maintenance information may depend on the maximum aggregate sensitivity and criticality of the information and processes associated with the system. The Recommended Integrity Impact Level can range from low to high to national security information (outside the scope of this guideline).
The provisional integrity impact level recommended for system maintenance information - is moderate.
+The provisional integrity impact level recommended for system maintenance information is moderate.
IT infrastructure maintenance involves the planning, design, implementation, and - maintenance of an IT Infrastructure to effectively support automated needs (i.e. - operating systems, applications software, platforms, networks, servers, printers, - etc.). IT infrastructure maintenance also includes information systems configuration - and security policy enforcement information. This information includes password - files, network access rules and implementing files and/or switch setting, hardware - and software configuration settings, and documentation that may affect access to the - information system’s data, programs, and/or processes. The impact levels associated - with IT infrastructure maintenance information are primarily a function of the - information processed in and through that infrastructure. The IT Maintenance - Information type represents a complex set of data elements that are used to secure - the design, implementation, and maintenance of systems and networks. The security of - each of these data elements is dependent on the security of the other data elements. - Security compromise of one data element type will propagate to others.
+IT infrastructure maintenance involves the planning, design, implementation, and maintenance of an IT Infrastructure to effectively support automated needs (i.e. operating systems, applications software, platforms, networks, servers, printers, etc.). IT infrastructure maintenance also includes information systems configuration and security policy enforcement information. This information includes password files, network access rules and implementing files and/or switch setting, hardware and software configuration settings, and documentation that may affect access to the information system’s data, programs, and/or processes. The impact levels associated with IT infrastructure maintenance information are primarily a function of the information processed in and through that infrastructure. The IT Maintenance Information type represents a complex set of data elements that are used to secure the design, implementation, and maintenance of systems and networks. The security of + each of these data elements is dependent on the security of the other data elements. Security compromise of one data element type will propagate to others.
The confidentiality impact level is the effect of unauthorized disclosure of IT - infrastructure maintenance information on the ability of responsible agencies to - plan, design, implement, and maintain an IT Infrastructure to effectively support - automated needs (i.e. operating systems, applications software, platforms, networks, - servers, printers, etc.). [See also Appendices C.3.5.5, IT Security Information and - C.3.5.7, Information Management Information.] IT infrastructure maintenance also - includes information systems configuration and security policy enforcement - information. Unauthorized disclosure of some IT infrastructure maintenance - information can lead to confidentiality compromise of information processed by the - system (e.g., password files, file access tables, cryptographic keying information, - network access rules, and hardware and software configuration settings, and - documentation that may affect access to the information system’s data, programs, - and/or processes). As a result, the confidentiality impact associated with this - information is that of the highest impact information processed by the system. Also, - a higher confidentiality impact may be associated with information in aggregate than - is associated with any single element of information.
+The confidentiality impact level is the effect of unauthorized disclosure of IT infrastructure maintenance information on the ability of responsible agencies to plan, design, implement, and maintain an IT Infrastructure to effectively support automated needs (i.e. operating systems, applications software, platforms, networks, servers, printers, etc.). [See also Appendices C.3.5.5, IT Security Information and C.3.5.7, Information Management Information.] IT infrastructure maintenance also includes information systems configuration and security policy enforcement information. Unauthorized disclosure of some IT infrastructure maintenance information can lead to confidentiality compromise of information processed by the system (e.g., password files, file access tables, cryptographic keying information, network access rules, and hardware and software configuration settings, and documentation that may affect access to the information system’s data, programs, and/or processes). + As a result, the confidentiality impact associated with this information is that of the highest impact information processed by the system. Also, a higher confidentiality impact may be associated with information in aggregate than is associated with any single element of information.
Particularly in the case of passwords and cryptographic keys, the provisional impact - level recommended for IT infrastructure maintenance information depends on the - sensitivity and criticality of system information and processes. Although an - individual organization’s IT infrastructure maintenance information type base may - include data elements that will require a higher rating, the recommended provisional - impact is low.
+Particularly in the case of passwords and cryptographic keys, the provisional impact level recommended for IT infrastructure maintenance information depends on the sensitivity and criticality of system information and processes. Although an individual organization’s IT infrastructure maintenance information type base may include data elements that will require a higher rating, the recommended provisional impact is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to IT - infrastructure maintenance information. Functions and processes supported by most IT - infrastructure maintenance information are not time-critical. Also, disruption of - access will have a limited adverse effect on agency operations (including mission - functions and public confidence in the agency), agency assets, or individuals. - Special Factors Affecting Availability Impact Determination: Exceptions may include - emergency response aspects of disaster management or other high load and time - critical functions (e.g., some systems that support air traffic control functions). - The effects of disruption of access to IT infrastructure maintenance information or - information systems may be to deny mission-critical IT resources to all affected - organizations. The availability impact level associated with denial-of-service to IT - infrastructure maintenance information needed to respond to emergencies or critical - to public safety can be high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to IT infrastructure maintenance information. Functions and processes supported by most IT infrastructure maintenance information are not time-critical. Also, disruption of access will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency response aspects of disaster management or other high load and time critical functions (e.g., some systems that support air traffic control functions). The effects of disruption of access to IT infrastructure maintenance information or information systems may be to deny mission-critical IT resources to all affected organizations. The availability impact level associated with denial-of-service to IT + infrastructure maintenance information needed to respond to emergencies or critical to public safety can be high.
The provisional availability impact level recommended for IT infrastructure - maintenance information is low.
+The provisional availability impact level recommended for IT infrastructure maintenance information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of IT - infrastructure maintenance information usually depends on the urgency with which the - data processed in the IT infrastructure is needed or the time-critical nature of the - data. In most cases, it is unlikely that the information will be needed urgently or - acted upon immediately. In most cases, the consequences of unauthorized modification - of IT infrastructure maintenance information will result in limited damage to agency - operations or assets. Special Factors Affecting Integrity Impact Determination: - Exceptions may include incorrect information used for emergency response aspects of - disaster management, criminal apprehension, air traffic control or other - time-critical missions. In such cases, a moderate or high integrity impact level - might be considered.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of IT infrastructure maintenance information usually depends on the urgency with which the data processed in the IT infrastructure is needed or the time-critical nature of the data. In most cases, it is unlikely that the information will be needed urgently or acted upon immediately. In most cases, the consequences of unauthorized modification of IT infrastructure maintenance information will result in limited damage to agency operations or assets. Special Factors Affecting Integrity Impact Determination: Exceptions may include incorrect information used for emergency response aspects of disaster management, criminal apprehension, air traffic control or other time-critical missions. In such cases, a moderate or high integrity impact + level might be considered.
The provisional integrity impact level recommended for IT infrastructure maintenance - information is low.
+The provisional integrity impact level recommended for IT infrastructure maintenance information is low.
IT Security involves all functions pertaining to the securing of Federal data and - systems through the creation and definition of security policies, procedures and - controls covering such services as identification, authentication, and - non-repudiation.
+IT Security involves all functions pertaining to the securing of Federal data and systems through the creation and definition of security policies, procedures and controls covering such services as identification, authentication, and non-repudiation.
The confidentiality impact level is the effect of unauthorized disclosure of IT - security information on the ability of responsible agencies to secure Federal data - and systems through the creation and definition of security policies, procedures and - controls covering such services as identification, authentication, and - non-repudiation. In most cases, the security policy, procedures, and available - controls are not particularly sensitive. Typically, the security information is used - in initializing and implementing the controls (e.g., passwords, cryptographic keys) - that need to be protected. In general, disclosure of the security policies, - procedures, and controls will result in only limited adverse effects on the - confidentiality of system information and processes.
+The confidentiality impact level is the effect of unauthorized disclosure of IT security information on the ability of responsible agencies to secure Federal data and systems through the creation and definition of security policies, procedures and controls covering such services as identification, authentication, and non-repudiation. In most cases, the security policy, procedures, and available controls are not particularly sensitive. Typically, the security information is used in initializing and implementing the controls (e.g., passwords, cryptographic keys) that need to be protected. In general, disclosure of the security policies, procedures, and controls will result in only limited adverse effects on the confidentiality of system information and processes.
The recommended provisional confidentiality impact level recommended for IT security - information is low.
+The recommended provisional confidentiality impact level recommended for IT security information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to IT - security information. Temporary disruption of access to IT security information can - usually be expected to have a limited adverse effect on agency operations (including - mission functions and public confidence in the agency), agency assets, or - individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to IT security information. Temporary disruption of access to IT security information can usually be expected to have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals.
provisional availability impact level recommended for IT security information is - low.
+provisional availability impact level recommended for IT security information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information.
The provisional integrity impact level recommended for IT security information is - moderate.
+The provisional integrity impact level recommended for IT security information is moderate.
Records Retention involves the operations surrounding the management of the official - documents and records for an agency.
+Records Retention involves the operations surrounding the management of the official documents and records for an agency.
The confidentiality impact level is the effect of unauthorized disclosure of record - retention information on the ability of responsible organizations to store, track, - account for, maintain, retrieve, and disseminate official documents and records. - When the data being retained belongs to one of the information types described in - this guideline, the confidentiality impact assigned the data and system is at least - that of the highest impact information type collected. Typically, the unauthorized - disclosure of most business management information retained will have only a limited - adverse effect on agency operations, assets, or individuals. National security - information and national security systems are outside the scope of this guideline. - Special Factors Affecting Confidentiality Impact Determination: Where more sensitive - information is involved, it will most commonly be personal information subject to - the Privacy Act of 1974 or information that is proprietary to a corporation or other - organization. The Privacy Act Information provisional impact levels are documented - in the Personal Identity and Authentication information type. Such information will - often be assigned a moderate confidentiality impact level. Where any of the - information to be collected can reasonably be expected to have a high - confidentiality impact level, then the record retention system must be assigned a - high confidentiality impact level. In some cases, the impact assessment should - consider that the aggregate of information retained might have a higher - confidentiality impact than any individual information element.
+The confidentiality impact level is the effect of unauthorized disclosure of record retention information on the ability of responsible organizations to store, track, account for, maintain, retrieve, and disseminate official documents and records. When the data being retained belongs to one of the information types described in this guideline, the confidentiality impact assigned the data and system is at least that of the highest impact information type collected. Typically, the unauthorized disclosure of most business management information retained will have only a limited adverse effect on agency operations, assets, or individuals. National security information and national security systems are outside the scope of this guideline. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will most commonly be personal information subject to the Privacy Act of 1974 or information that is proprietary to a + corporation or other organization. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Such information will often be assigned a moderate confidentiality impact level. Where any of the information to be collected can reasonably be expected to have a high confidentiality impact level, then the record retention system must be assigned a high confidentiality impact level. In some cases, the impact assessment should consider that the aggregate of information retained might have a higher confidentiality impact than any individual information element.
The provisional confidentiality impact level recommended for record retention - information is low.
+The provisional confidentiality impact level recommended for record retention information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to record - retention information. Functions and processes supported by most record retention - information are not time-critical. Record retention processes are generally tolerant - of reasonable delays. In most cases, disruption of access to record retention - information can be expected to have only a limited adverse effect on agency - operations, agency assets, or individuals. Not many business management systems - perform functions for which temporary loss of availability can cause significant - degradation in mission capability, place the agency at a significant disadvantage, - result in major damage to assets, or pose a threat to human life.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to record retention information. Functions and processes supported by most record retention information are not time-critical. Record retention processes are generally tolerant of reasonable delays. In most cases, disruption of access to record retention information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Not many business management systems perform functions for which temporary loss of availability can cause significant degradation in mission capability, place the agency at a significant disadvantage, result in major damage to assets, or pose a threat to human life.
The provisional availability impact level recommended for record retention - information is low.
+The provisional availability impact level recommended for record retention information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Special Factors Affecting Integrity Impact Determination: Where - integrity compromise adversely affects the ability of an organization to access its - records or results in erroneous back-up information or archives, the impact on - agency operations can be serious. In such cases, the integrity impact level would be - moderate. In the case of large-scale archives or archives involving key national - assets (e.g., national archives), the integrity impact can be particularly severe - and the impact level would be high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Where integrity compromise adversely affects the ability of an organization to access its records or results in erroneous back-up information or archives, the impact on agency operations can be serious. In such cases, the integrity impact level would be moderate. In the case of large-scale archives or archives involving key national assets (e.g., national archives), the integrity impact can be particularly severe and the impact level would be high.
The provisional integrity impact level recommended for record retention information - is low.
+The provisional integrity impact level recommended for record retention information is low.
Information Management involves the coordination of information collection, storage, - and dissemination, and destruction as well as managing the policies, guidelines, and - standards regarding information management.
+Information Management involves the coordination of information collection, storage, and dissemination, and destruction as well as managing the policies, guidelines, and standards regarding information management.
management information on the ability of responsible agencies to perform the - day-to-day processes of information collection, storage, dissemination, and - destruction and managing the policies, guidelines, and standards regarding - information management. The consequences of unauthorized disclosure depend largely - on the content and use of the information being managed. The unauthorized disclosure - of information management information relevant to most information managed by the - government will have only a limited adverse effect on agency operations, assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: - Information collection and storage involve the day-to-day processes of gathering and - storing data from agency programs, partners, and stakeholders. More sensitive - information being managed is usually personal information subject to the Privacy Act - of 1974 or information that is proprietary to a corporation or other organization. - The Privacy Act Information provisional impact levels are documented in the Personal - Identity and Authentication information type. Such information will often be - assigned a moderate confidentiality impact level Where any of the information to be - managed can be expected to have a high confidentiality, impact level, then the - information management information must be assigned a high confidentiality impact - level. When the data being managed belongs to one of the information types described - in this guideline, the confidentiality impact assigned to the system is that of the - highest impact information type processed by the system. Depending on the agency and - the mission being supported, the sensitivity of the information can range from none - (public information) to high. (National security information and national security - systems are outside the scope of this guideline.)
-Particularly in the case of passwords and cryptographic keys, the provisional impact - level recommended for information management information depends on the sensitivity - and criticality of system information and processes. Although an individual - organization’s IT infrastructure maintenance information type base may include data - elements that will require a higher rating, the recommended provisional impact is - low.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - information management information. The effects of disruption of access to - information management information may temporarily impair agency operations. The - level of impact depends on the sensitivity of the information being managed and the - criticality of the system to the agency mission. Except for information needed by - real-time processes (e.g., information that feeds real-time monitoring or audit - functions), information management processes are generally tolerant of reasonable - delays. In most cases, disruption of access to information management information - can be expected to have only a limited adverse effect on agency operations, agency - assets, or individuals. Not many business management systems perform functions for - which loss of availability can cause significant degradation in mission capability, - place the agency at a significant disadvantage, result in major damage to assets, or - pose a threat to human life.
-The provisional availability impact level recommended for information management - information is low.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - information management information (e.g., configuration settings, passwords, - authorization codes, cryptographic keying material) can compromise the effectiveness - of the system and impair agency operations. The level of impact depends on the - criticality of system functionality to the agency mission Special Factors Affecting - Integrity Impact Determination: The loss of integrity for some information - management information (e.g., encryption keys) can be very serious for agency - operations and can have serious consequences for public confidence in the agency. - The integrity impact level recommended for information management information - associated with highly critical information is high.
-Potentially serious adverse effects can be expected in most government organizations - resulting from the unauthorized modification or deletion of information management - information. Therefore, the provisional integrity impact level recommended for - information management information is moderate.
+management information on the ability of responsible agencies to perform the day-to-day processes of information collection, storage, dissemination, and destruction and managing the policies, guidelines, and standards regarding information management. The consequences of unauthorized disclosure depend largely on the content and use of the information being managed. The unauthorized disclosure of information management information relevant to most information managed by the government will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Information collection and storage involve the day-to-day processes of gathering and storing data from agency programs, partners, and stakeholders. More sensitive information being managed is usually personal information subject to the Privacy Act of 1974 or information that is proprietary to a corporation or other organization. The Privacy Act + Information provisional impact levels are documented in the Personal Identity and Authentication information type. Such information will often be assigned a moderate confidentiality impact level Where any of the information to be managed can be expected to have a high confidentiality, impact level, then the information management information must be assigned a high confidentiality impact level. When the data being managed belongs to one of the information types described in this guideline, the confidentiality impact assigned to the system is that of the highest impact information type processed by the system. Depending on the agency and the mission being supported, the sensitivity of the information can range from none (public information) to high. (National security information and national security systems are outside the scope of this guideline.)
+ +Particularly in the case of passwords and cryptographic keys, the provisional impact level recommended for information management information depends on the sensitivity and criticality of system information and processes. Although an individual organization’s IT infrastructure maintenance information type base may include data elements that will require a higher rating, the recommended provisional impact is low.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to information management information. The effects of disruption of access to information management information may temporarily impair agency operations. The level of impact depends on the sensitivity of the information being managed and the criticality of the system to the agency mission. Except for information needed by real-time processes (e.g., information that feeds real-time monitoring or audit functions), information management processes are generally tolerant of reasonable delays. In most cases, disruption of access to information management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Not many business management systems perform functions for which loss of availability can cause significant degradation in mission capability, place the agency + at a significant disadvantage, result in major damage to assets, or pose a threat to human life.
+The provisional availability impact level recommended for information management information is low.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of information management information (e.g., configuration settings, passwords, authorization codes, cryptographic keying material) can compromise the effectiveness of the system and impair agency operations. The level of impact depends on the criticality of system functionality to the agency mission Special Factors Affecting Integrity Impact Determination: The loss of integrity for some information management information (e.g., encryption keys) can be very serious for agency operations and can have serious consequences for public confidence in the agency. The integrity impact level recommended for information management information associated with highly critical information is high.
+Potentially serious adverse effects can be expected in most government organizations resulting from the unauthorized modification or deletion of information management information. Therefore, the provisional integrity impact level recommended for information management information is moderate.
System and Network Monitoring supports all activities related to the real-time - monitoring of systems and networks for optimal performance. System and network - monitoring describes the use of tools and observation to determine the performance - and status of information systems and is closely tied to other Information and - Technology Management sub-functions. System and network monitoring information type - should be considered broadly to include an agency’s network [performance, health, - and status] and security operations [intrusion monitoring, auditing, etc.] - support.
+System and Network Monitoring supports all activities related to the real-time monitoring of systems and networks for optimal performance. System and network monitoring describes the use of tools and observation to determine the performance and status of information systems and is closely tied to other Information and Technology Management sub-functions. System and network monitoring information type should be considered broadly to include an agency’s network [performance, health, and status] and security operations [intrusion monitoring, auditing, etc.] support.
The confidentiality impact level is the effect of unauthorized disclosure of system - and network monitoring information on the ability of responsible agencies to perform - the day-to-day processes of real-time monitoring of systems and networks for optimal - performance. The consequences of unauthorized disclosure depend largely on the - content and use of the monitoring information gathered, retained, and reported. The - unauthorized disclosure of system and network monitoring containing architectural - information, vulnerabilities, and availability information may have a serious - adverse effect on agency operations, assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: Where the system and network - monitoring information collected can be expected to have a high confidentiality - impact level, then the system and network monitoring information must be assigned a - high confidentiality impact level. When the system and network monitoring data being - collected supports information types described in this guideline, agency personnel - should consider a confidentiality impact assignment of the highest impact - information type processed by the system. Depending on the agency and the mission - being supported, the sensitivity of the information can range from low to high. - (National security information and national security systems are outside the scope - of this guideline.)
-Particularly in the case of architectural information (IP addresses, etc.), - vulnerabilities, and availability information, the provisional impact level - recommended for system and network monitoring information depends on the sensitivity - and criticality of system information and processes. The provisional confidentiality - impact level recommended is Moderate.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to system - and network monitoring information. The effects of disruption of access to system - and network monitoring information may temporarily impair or blind agency operations - personnel from actual network and security performance. The level of impact depends - on the sensitivity of the information and the criticality of the system to the - agency mission. In most cases [the exception dual-fault situations], disruption of - access to system and network monitoring information can be expected to have only a - limited adverse effect on agency operations, agency assets, or individuals. Not many - system and network monitoring systems perform functions for which loss of - availability can cause significant degradation in mission capability, place the - agency at a significant disadvantage, result in major damage to assets, or pose a - threat to human life.
-The provisional availability impact level recommended for system and network - monitoring information is low.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of system - and network monitoring information can compromise the effectiveness of the system - and impair agency network and security operations leading to inaction or incorrect - decisions and actions. The level of impact depends on the criticality of system - functionality to the agency mission Special Factors Affecting Integrity Impact - Determination: The loss of integrity for some system and network monitoring - information can be very serious for agency network and security operations, as well - as, the functionality of the information system. Additionally, a loss of integrity - can have severe consequences for the agency’s mission and critical business - functions. The integrity impact level recommended for system and network monitoring +
The confidentiality impact level is the effect of unauthorized disclosure of system and network monitoring information on the ability of responsible agencies to perform the day-to-day processes of real-time monitoring of systems and networks for optimal performance. The consequences of unauthorized disclosure depend largely on the content and use of the monitoring information gathered, retained, and reported. The unauthorized disclosure of system and network monitoring containing architectural information, vulnerabilities, and availability information may have a serious adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where the system and network monitoring information collected can be expected to have a high confidentiality impact level, then the system and network monitoring information must be assigned a high confidentiality impact level. When the system and network monitoring data being + collected supports information types described in this guideline, agency personnel should consider a confidentiality impact assignment of the highest impact information type processed by the system. Depending on the agency and the mission being supported, the sensitivity of the information can range from low to high. (National security information and national security systems are outside the scope of this guideline.)
+ +Particularly in the case of architectural information (IP addresses, etc.), vulnerabilities, and availability information, the provisional impact level recommended for system and network monitoring information depends on the sensitivity and criticality of system information and processes. The provisional confidentiality impact level recommended is Moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to system and network monitoring information. The effects of disruption of access to system and network monitoring information may temporarily impair or blind agency operations personnel from actual network and security performance. The level of impact depends on the sensitivity of the information and the criticality of the system to the agency mission. In most cases [the exception dual-fault situations], disruption of access to system and network monitoring information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Not many system and network monitoring systems perform functions for which loss of availability can cause significant degradation in mission capability, place the agency at a significant disadvantage, result in major damage to assets, or pose a threat to + human life.
+The provisional availability impact level recommended for system and network monitoring information is low.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of system and network monitoring information can compromise the effectiveness of the system and impair agency network and security operations leading to inaction or incorrect decisions and actions. The level of impact depends on the criticality of system functionality to the agency mission Special Factors Affecting Integrity Impact Determination: The loss of integrity for some system and network monitoring information can be very serious for agency network and security operations, as well as, the functionality of the information system. Additionally, a loss of integrity can have severe consequences for the agency’s mission and critical business functions. The integrity impact level recommended for system and network monitoring information associated with highly critical information is high.
Potentially serious adverse effects can be expected in most government organizations - resulting from the unauthorized modification or deletion of system and network - monitoring information. Therefore, the provisional integrity impact level - recommended for system and network monitoring information is moderate.
+Potentially serious adverse effects can be expected in most government organizations resulting from the unauthorized modification or deletion of system and network monitoring information. Therefore, the provisional integrity impact level recommended for system and network monitoring information is moderate.
The BRM provided in the FEA Consolidated Reference Model Document, Version 2.3, - October 2007 specifies Information Sharing as relating to any method or function, - for a given business area, facilitating: data being received in a usable medium by - one or more departments or agencies as provided by a separate department or agency - or other entity; and data being provided, disseminated or otherwise made available - or accessible by one department or agency for use by one or more separate - departments or agencies, or other entities, as appropriate. Since Information - Sharing, as a function, is receiving and disseminating data [other information - types] from business areas already identified, this BRM information type will not - require its own impact assessment. Therefore, agency personnel should identify the - information sharing information type as a pure resource management support activity - for the evaluated information system. With the information sharing information type - identified, agency personnel can track the flow of information to interfacing - systems.
+The BRM provided in the FEA Consolidated Reference Model Document, Version 2.3, October 2007 specifies Information Sharing as relating to any method or function, for a given business area, facilitating: data being received in a usable medium by one or more departments or agencies as provided by a separate department or agency or other entity; and data being provided, disseminated or otherwise made available or accessible by one department or agency for use by one or more separate departments or agencies, or other entities, as appropriate. Since Information Sharing, as a function, is receiving and disseminating data [other information types] from business areas already identified, this BRM information type will not require its own impact assessment. Therefore, agency personnel should identify the information sharing information type as a pure resource management support activity for the evaluated information system. With the information sharing information type + identified, agency personnel can track the flow of information to interfacing systems.
Border and Transportation Security includes facilitating or deterring entry and exit - of people, goods, and conveyances at and between U.S. ports of entry, as well as - ensuring the security of transportation and infrastructure networks, facilities, - vehicles, and personnel within the United States. Border control involves enforcing - the laws regulating the admission of foreign-born persons (i.e., aliens) to the - United States. This includes patrolling and monitoring borders and deportation of - illegal aliens. Some border control information is also associated with other - mission information types (e.g., criminal apprehension, and criminal investigation - and surveillance information). In such cases, the impact levels of the associated - mission information may determine impact levels associated with border control - information. Some aspects of ensuring security of transportation and infrastructure - networks, facilities, vehicles, and personnel within the United States are also - covered under the information types associated with the transportation mission. In - some cases the border control information may be classified. Any classified - information is treated under separate rules established for national security - information.
+Border and Transportation Security includes facilitating or deterring entry and exit of people, goods, and conveyances at and between U.S. ports of entry, as well as ensuring the security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States. Border control involves enforcing the laws regulating the admission of foreign-born persons (i.e., aliens) to the United States. This includes patrolling and monitoring borders and deportation of illegal aliens. Some border control information is also associated with other mission information types (e.g., criminal apprehension, and criminal investigation and surveillance information). In such cases, the impact levels of the associated mission information may determine impact levels associated with border control information. Some aspects of ensuring security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States are also + covered under the information types associated with the transportation mission. In some cases the border control information may be classified. Any classified information is treated under separate rules established for national security information.
The confidentiality impact level is the effect of unauthorized disclosure of border - control information on the ability of responsible agencies to enforce laws - regulating the admission of foreign-born persons (i.e., aliens) to the United - States. Generally, the effects of unauthorized disclosure of border control - information are usually confined to a single geographic region, immigration case, or - deportation case. Even so, unauthorized disclosure may have a serious adverse effect - on mission functions, cause significant degradation in mission capability, or place - the agency at a significant disadvantage with respect to its border control - responsibilities. Particularly in the case of immigration, naturalization, and - deportation activities, unauthorized disclosure of information can violate privacy - policies. Such unauthorized disclosures can have a serious effect on public - confidence in the agency. Special Factors Affecting Confidentiality Impact - Determination: Where border control information is also associated with other - mission information types (e.g., criminal apprehension, and criminal investigation - and surveillance information), the confidentiality impact level associated with the - information may be high. Where unauthorized disclosure of border control information - may put the physical safety of personnel into serious jeopardy, the confidentiality - impact level associated with the information may be high. Unauthorized disclosure of - confidentiality of information associated with ensuring security of transportation - and infrastructure networks, facilities, vehicles, and personnel within the United - States can result in facilitation of terrorist activities that endanger human life. - In some cases, the consequent threat to critical infrastructures, key national - assets, and human life can be catastrophic. Consequently, the confidentiality impact - level associated with information associated with ensuring security of - transportation and infrastructure networks, facilities, vehicles, and personnel - within the United States is normally high
-The provisional confidentiality impact level recommended for most border control - information is moderate.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to border - control information. Functions and processes supported by most border control - information are not time-critical. Also, disruption of access will have only a - limited adverse effect on agency operations (including mission functions and public - confidence in the agency), agency assets, or individuals. Special Factors Affecting - Availability Impact Determination: There may be time critical cases, for example, - information regarding transport of illegal aliens or information about a physical - threat posed by aliens that border control personnel have been assigned to - interdict. In such cased, the availability impact will be high. The consequences of - disruption of access to information or information systems associated with ensuring - security of transportation and infrastructure networks, facilities, vehicles, and - personnel within the United States may be severe. Also, anti-terrorism missions are - not reliably tolerant of delays. The availability impact level for information - systems that ensure the security of transportation and infrastructure networks, - facilities, vehicles, and personnel within the United States is high.
-Except for such time-critical cases, cases where impact is driven by information - shared with associated missions (e.g., anti-terrorism), the provisional availability - impact level recommended for border control information is normally moderate.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - external communications (e.g., web pages, electronic mail) may adversely affect - operations or public confidence in the agency, but the damage to the mission would - usually be limited. The consequences of unauthorized modification or destruction of - information can be very serious if the information is critical to tactical - operations. Special Factors Affecting Integrity Impact Determination: Unauthorized - modification or destruction of information associated with ensuring security of - transportation and infrastructure networks, facilities, vehicles, and personnel - within the United States may seriously affect mission operations or result in the - loss of human life. Unauthorized modification or destruction of information - affecting anti-terrorism information may adversely affect mission operations in a - manner that results in unacceptable damage to critical infrastructures and/or key - national assets or loss of key national assets and/or human life. Consequently, the - integrity impact level associated with information that ensures the security of - transportation and infrastructure networks, facilities, vehicles, and personnel - within the United States is high.
-The provisional integrity impact level recommended for border control information is - moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of border control information on the ability of responsible agencies to enforce laws regulating the admission of foreign-born persons (i.e., aliens) to the United States. Generally, the effects of unauthorized disclosure of border control information are usually confined to a single geographic region, immigration case, or deportation case. Even so, unauthorized disclosure may have a serious adverse effect on mission functions, cause significant degradation in mission capability, or place the agency at a significant disadvantage with respect to its border control responsibilities. Particularly in the case of immigration, naturalization, and deportation activities, unauthorized disclosure of information can violate privacy policies. Such unauthorized disclosures can have a serious effect on public confidence in the agency. Special Factors Affecting Confidentiality Impact Determination: Where border + control information is also associated with other mission information types (e.g., criminal apprehension, and criminal investigation and surveillance information), the confidentiality impact level associated with the information may be high. Where unauthorized disclosure of border control information may put the physical safety of personnel into serious jeopardy, the confidentiality impact level associated with the information may be high. Unauthorized disclosure of confidentiality of information associated with ensuring security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States can result in facilitation of terrorist activities that endanger human life. In some cases, the consequent threat to critical infrastructures, key national assets, and human life can be catastrophic. Consequently, the confidentiality impact level associated with information associated with ensuring security of transportation and + infrastructure networks, facilities, vehicles, and personnel within the United States is normally high
+ +The provisional confidentiality impact level recommended for most border control information is moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to border control information. Functions and processes supported by most border control information are not time-critical. Also, disruption of access will have only a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: There may be time critical cases, for example, information regarding transport of illegal aliens or information about a physical threat posed by aliens that border control personnel have been assigned to interdict. In such cased, the availability impact will be high. The consequences of disruption of access to information or information systems associated with ensuring security of transportation and infrastructure networks, facilities, vehicles, and personnel + within the United States may be severe. Also, anti-terrorism missions are not reliably tolerant of delays. The availability impact level for information systems that ensure the security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States is high.
+Except for such time-critical cases, cases where impact is driven by information shared with associated missions (e.g., anti-terrorism), the provisional availability impact level recommended for border control information is normally moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. The consequences of unauthorized modification or destruction of information can be very serious if the information is critical to tactical operations. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information associated with ensuring security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States may seriously affect mission operations or result in the loss of human life. Unauthorized modification or destruction of information affecting + anti-terrorism information may adversely affect mission operations in a manner that results in unacceptable damage to critical infrastructures and/or key national assets or loss of key national assets and/or human life. Consequently, the integrity impact level associated with information that ensures the security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States is high.
+The provisional integrity impact level recommended for border control information is moderate.
Key Asset and Critical Infrastructure Protection involves assessing key asset and - critical infrastructure vulnerabilities and taking direct action to mitigate - vulnerabilities, enhance security, and ensure continuity and necessary redundancy in - government operations and personnel. The Critical Infrastructure Information - Protection Act of 2002 (6 U.S.C. 131-134) places specific controls on the - dissemination of critical infrastructure information (see Volume I, 3.5.2.3). Under - the provisions of Executive Order 13292, some anti-terrorism information is subject - to security classification. National security information is outside the scope of - this guideline.
+Key Asset and Critical Infrastructure Protection involves assessing key asset and critical infrastructure vulnerabilities and taking direct action to mitigate vulnerabilities, enhance security, and ensure continuity and necessary redundancy in government operations and personnel. The Critical Infrastructure Information Protection Act of 2002 (6 U.S.C. 131-134) places specific controls on the dissemination of critical infrastructure information (see Volume I, 3.5.2.3). Under the provisions of Executive Order 13292, some anti-terrorism information is subject to security classification. National security information is outside the scope of this guideline.
The confidentiality impact level is the effect of unauthorized disclosure of critical - infrastructure protection information on the ability of responsible agencies to - monitor and assess the leadership, motivations, plans, and intentions of foreign and - domestic terrorist groups and their state and non-state sponsors. The effects of - unauthorized disclosure of this information can reasonably be expected to jeopardize - fulfillment of critical infrastructure protection missions. The consequent threat to - critical infrastructures, key national assets, and human life can be - catastrophic.
+The confidentiality impact level is the effect of unauthorized disclosure of critical infrastructure protection information on the ability of responsible agencies to monitor and assess the leadership, motivations, plans, and intentions of foreign and domestic terrorist groups and their state and non-state sponsors. The effects of unauthorized disclosure of this information can reasonably be expected to jeopardize fulfillment of critical infrastructure protection missions. The consequent threat to critical infrastructures, key national assets, and human life can be catastrophic.
The provisional confidentiality impact level recommended for critical infrastructure - protection information is high.
+The provisional confidentiality impact level recommended for critical infrastructure protection information is high.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to critical - infrastructure protection information. Generally, critical infrastructure protection - missions are not reliably tolerant of delays. Significant degradation in mission - capability and resultant catastrophic consequences for critical infrastructures, key - national assets, and/or human life may occur from disruption of access to critical - infrastructure protection information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to critical infrastructure protection information. Generally, critical infrastructure protection missions are not reliably tolerant of delays. Significant degradation in mission capability and resultant catastrophic consequences for critical infrastructures, key national assets, and/or human life may occur from disruption of access to critical infrastructure protection information.
The provisional availability impact level recommended for critical infrastructure - protection information is high.
+The provisional availability impact level recommended for critical infrastructure protection information is high.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - critical infrastructure protection operations may adversely affect mission - operations and result in unacceptable damage to critical infrastructures, damage to - key national assets, or loss of human life.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting critical infrastructure protection operations may adversely affect mission operations and result in unacceptable damage to critical infrastructures, damage to key national assets, or loss of human life.
The provisional integrity impact level recommended for critical infrastructure - protection information is high.
+The provisional integrity impact level recommended for critical infrastructure protection information is high.
Catastrophic Defense involves the development of technological countermeasures - (chemical, biological, radiological and nuclear [CBRN]) to terrorist threats, - conducting laboratory testing on new and promising devices, and conducting basic and - applied science that can lead to the development of countermeasures. Under the - provisions of Executive Order 13292, some anti-terrorism information is subject to - security classification. National security information is outside the scope of this - guideline.
+Catastrophic Defense involves the development of technological countermeasures (chemical, biological, radiological and nuclear [CBRN]) to terrorist threats, conducting laboratory testing on new and promising devices, and conducting basic and applied science that can lead to the development of countermeasures. Under the provisions of Executive Order 13292, some anti-terrorism information is subject to security classification. National security information is outside the scope of this guideline.
The confidentiality impact level is the effect of unauthorized disclosure of - catastrophic defense information on the ability of responsible agencies to monitor - and assess the leadership, motivations, plans, and intentions of foreign and - domestic terrorist groups and their state and non-state sponsors. The effects of - unauthorized disclosure of this information can reasonably be expected to jeopardize - fulfillment of catastrophic defense missions. The consequent threat to human life, - critical infrastructures, and key national assets can be catastrophic.
+The confidentiality impact level is the effect of unauthorized disclosure of catastrophic defense information on the ability of responsible agencies to monitor and assess the leadership, motivations, plans, and intentions of foreign and domestic terrorist groups and their state and non-state sponsors. The effects of unauthorized disclosure of this information can reasonably be expected to jeopardize fulfillment of catastrophic defense missions. The consequent threat to human life, critical infrastructures, and key national assets can be catastrophic.
The provisional confidentiality impact level recommended for catastrophic defense - information is normally high.
+The provisional confidentiality impact level recommended for catastrophic defense information is normally high.
The effects of disruption of access to or use of catastrophic defense information or - The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - catastrophic defense information. Generally, disruption of access will have a severe - adverse effect on agency operations (including mission functions and public - confidence in the agency), agency assets, or individuals. Also, catastrophic defense - missions are not tolerant of delays, with consequences of significant degradation in - mission capability and resultant catastrophic consequences for human life, critical - infrastructures, and/or key national assets.
+The effects of disruption of access to or use of catastrophic defense information or The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to catastrophic defense information. Generally, disruption of access will have a severe adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Also, catastrophic defense missions are not tolerant of delays, with consequences of significant degradation in mission capability and resultant catastrophic consequences for human life, critical infrastructures, and/or key national assets.
The provisional availability impact level recommended for catastrophic defense - information is high.
+The provisional availability impact level recommended for catastrophic defense information is high.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - catastrophic defense activities may adversely affect mission operations in a manner - that results in loss of human life, unacceptable damage to critical infrastructures, - and/or damage to or loss of key national assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting catastrophic defense activities may adversely affect mission operations in a manner that results in loss of human life, unacceptable damage to critical infrastructures, and/or damage to or loss of key national assets.
The provisional integrity impact level recommended for catastrophic defense - information is high.
+The provisional integrity impact level recommended for catastrophic defense information is high.
The confidentiality impact level associated with the executive information type is - associated with functions of the Executive Office of the President (EOP). The - effects of loss of confidentiality of policies and guidance during the formative - stage can result in attempts by affected entities and other interested parties to - influence and/or impede the policy and guidance development process. Premature - public release of formative policies and guidance before internal coordination and - review can result in unnecessary damage to public confidence in the EOP. These - consequences may occur when the release includes unedited internal commentary and - discussion. Most of the information processed in and by the EOP is classified - national security information and is outside the scope of this guideline. Other - information processed by the EOP is extremely sensitive and applicable to homeland - security and law enforcement. The unauthorized disclosure of this extremely - sensitive information can seriously imperil human life, key national assets, and - critical infrastructures.
+The confidentiality impact level associated with the executive information type is associated with functions of the Executive Office of the President (EOP). The effects of loss of confidentiality of policies and guidance during the formative stage can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guidance development process. Premature public release of formative policies and guidance before internal coordination and review can result in unnecessary damage to public confidence in the EOP. These consequences may occur when the release includes unedited internal commentary and discussion. Most of the information processed in and by the EOP is classified national security information and is outside the scope of this guideline. Other information processed by the EOP is extremely sensitive and applicable to homeland security and law enforcement. The unauthorized disclosure of this extremely sensitive information + can seriously imperil human life, key national assets, and critical infrastructures.
Based on the catastrophic harm that can be suffered by the nation due to unauthorized - disclosure of executive information the provisional confidentiality impact level - recommended for executive functions information is high.
+Based on the catastrophic harm that can be suffered by the nation due to unauthorized disclosure of executive information the provisional confidentiality impact level recommended for executive functions information is high.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to the - executive information. National defense and critical infrastructure protection - aspects of EOP functions are not generally tolerant of delays. Excessive recovery - delays can result in loss of coordination of critical defense and public welfare - processes.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the executive information. National defense and critical infrastructure protection aspects of EOP functions are not generally tolerant of delays. Excessive recovery delays can result in loss of coordination of critical defense and public welfare processes.
The provisional availability impact level recommended for executive functions - information is high.
+The provisional availability impact level recommended for executive functions information is high.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - external communications that contain EOP information (e.g., web pages, electronic - mail) may adversely affect public confidence in the government. In the case of the - EOP, the impact of such a loss of public confidence may be at least moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications that contain EOP information (e.g., web pages, electronic mail) may adversely affect public confidence in the government. In the case of the EOP, the impact of such a loss of public confidence may be at least moderate.
The provisional integrity impact level recommended for executive information is - moderate.
+The provisional integrity impact level recommended for executive information is moderate.
Some agencies are charged with gathering domestic intelligence. Much domestic - intelligence information is classified. Other domestic intelligence information may - not be classified (e.g., some information obtained from state and local government - sources). All classified information is treated under separate rules established for - national security information.
+Some agencies are charged with gathering domestic intelligence. Much domestic intelligence information is classified. Other domestic intelligence information may not be classified (e.g., some information obtained from state and local government sources). All classified information is treated under separate rules established for national security information.
The confidentiality impact level is the effect of unauthorized disclosure of domestic - intelligence information on the ability of responsible agencies to develop and - manage accurate, comprehensive, and timely domestic intelligence on homeland - security topics and other national threats. The consequences of unauthorized - disclosure of domestic intelligence information may include loss of the ability - and/or authorization to collect information necessary to provide warning or to - interdict from major threats (e.g., terrorist threats to critical infrastructures - and/or key national assets).
+The confidentiality impact level is the effect of unauthorized disclosure of domestic intelligence information on the ability of responsible agencies to develop and manage accurate, comprehensive, and timely domestic intelligence on homeland security topics and other national threats. The consequences of unauthorized disclosure of domestic intelligence information may include loss of the ability and/or authorization to collect information necessary to provide warning or to interdict from major threats (e.g., terrorist threats to critical infrastructures and/or key national assets).
Given the criticality of much domestic intelligence information and the severe or - catastrophic consequences to agencies that disclose domestic intelligence - information without proper authorization (e.g., Privacy Act provisions, Fourth - Amendment issues), the provisional confidentiality impact level recommended for the - domestic intelligence information is high.
+Given the criticality of much domestic intelligence information and the severe or catastrophic consequences to agencies that disclose domestic intelligence information without proper authorization (e.g., Privacy Act provisions, Fourth Amendment issues), the provisional confidentiality impact level recommended for the domestic intelligence information is high.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to domestic - intelligence information. Generally, missions supported by domestic intelligence - information are not reliably tolerant of delays. Significant degradation in mission - capability and resultant catastrophic consequences for critical infrastructures, key - national assets, and/or human life may result from disruption of access to domestic - intelligence information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to domestic intelligence information. Generally, missions supported by domestic intelligence information are not reliably tolerant of delays. Significant degradation in mission capability and resultant catastrophic consequences for critical infrastructures, key national assets, and/or human life may result from disruption of access to domestic intelligence information.
The provisional availability impact level recommended for domestic intelligence - information is high.
+The provisional availability impact level recommended for domestic intelligence information is high.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Domestic intelligence information is generally associated with other - mission-related information (e.g., anti-terrorism, firearms and explosive - protection, narcotics interdiction). The consequences of unauthorized modification - or destruction of domestic intelligence information is determined to a large extent - on the missions being supported by the intelligence information and on whether the - intelligence information is time-critical. Unauthorized modification or destruction - of intelligence information may adversely affect mission operations in a manner that - results in unacceptable damage to critical infrastructures, damage to or loss of key - national assets, or loss of human life.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Domestic intelligence information is generally associated with other mission-related information (e.g., anti-terrorism, firearms and explosive protection, narcotics interdiction). The consequences of unauthorized modification or destruction of domestic intelligence information is determined to a large extent on the missions being supported by the intelligence information and on whether the intelligence information is time-critical. Unauthorized modification or destruction of intelligence information may adversely affect mission operations in a manner that results in unacceptable damage to critical infrastructures, damage to or loss of key national assets, or loss of human life.
The provisional integrity impact level recommended for domestic intelligence - information is high.
+The provisional integrity impact level recommended for domestic intelligence information is high.
Disaster monitoring and prediction involves the actions taken to predict when and - where a disaster may take place and communicate that information to affected - parties. [Some disaster management information occurs in humanitarian aid systems - under the International Affairs and Commerce line of business (e.g., State - Department disaster preparedness and planning).]
+Disaster monitoring and prediction involves the actions taken to predict when and where a disaster may take place and communicate that information to affected parties. [Some disaster management information occurs in humanitarian aid systems under the International Affairs and Commerce line of business (e.g., State Department disaster preparedness and planning).]
The confidentiality impact level is the effect of unauthorized disclosure of disaster - monitoring and prediction information on the ability of responsible agencies to - predict when and where a disaster may take place and communicate that information to - affected parties. The purpose of disaster monitoring and prediction activities is - generally to disseminate information. Sharing of raw information by a diverse group - of analysts often improves the quality of predictive analysis. Special Factors - Affecting Confidentiality Impact Determination: The consequences of unauthorized - disclosure of some disaster monitoring and prediction information may include public - panic or other responses that jeopardize public safety, disaster prevention, - emergency response, disaster repair, or restoration missions. For example, attempts - of large populations to evacuate in an endangered area before necessary preparations - are made for evacuation routes can result in a clogging of the routes and failure to - evacuate large parts of the population in time to save them from a life-threatening - event. Most of the disaster monitoring and prediction information is critical in - terms of potential loss of human life and major property damage. The unauthorized - release of this information may interfere with disaster prevention or emergency - response missions. The confidentiality impact level recommended for the information - cited in the example can be moderate or high. The unauthorized disclosure of - disaster monitoring and prediction information to terrorists may reveal weak or - sensitive points to target, the most effective technique(s use in attacking a - target, and information regarding the status, intent, and plans of our adversaries. - Where unauthorized disclosure of disaster monitoring and prediction information is - expected to be of direct use to terrorists, the confidentiality impact level is - recommended to be high.
-The provisional confidentiality impact recommended for most disaster monitoring and - prediction information is low.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to disaster - monitoring and prediction information. Generally, missions supported by disaster - monitoring and prediction information are not reliably tolerant of delays. Delays - may cost lives and irreplaceable property, e.g., degradation in mission capability - and resultant catastrophic consequences for critical infrastructures, key national - assets, and/or human life. For example, a loss of availability of information that - prevents timely and accurate dissemination of tsunami and earthquake predictions can - have life-threatening consequences.
-The provisional availability impact level recommended for disaster monitoring and - prediction information is high.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - disaster monitoring and prediction information usually depends on whether the - information is time-critical. Unauthorized modification or destruction of - information affecting disaster monitoring and prediction information may jeopardize - public safety, disaster prevention, and/or emergency response missions in a manner - that results in unacceptable damage to critical infrastructures, damage to key - national assets, or loss of human life. For example, an integrity compromise that - prevents timely and accurate dissemination of tsunami and earthquake predictions can - have life-threatening consequences.
-The provisional integrity impact level recommended for disaster monitoring and - prediction information is high.
+The confidentiality impact level is the effect of unauthorized disclosure of disaster monitoring and prediction information on the ability of responsible agencies to predict when and where a disaster may take place and communicate that information to affected parties. The purpose of disaster monitoring and prediction activities is generally to disseminate information. Sharing of raw information by a diverse group of analysts often improves the quality of predictive analysis. Special Factors Affecting Confidentiality Impact Determination: The consequences of unauthorized disclosure of some disaster monitoring and prediction information may include public panic or other responses that jeopardize public safety, disaster prevention, emergency response, disaster repair, or restoration missions. For example, attempts of large populations to evacuate in an endangered area before necessary preparations are made for evacuation routes can result in a clogging of the routes and + failure to evacuate large parts of the population in time to save them from a life-threatening event. Most of the disaster monitoring and prediction information is critical in terms of potential loss of human life and major property damage. The unauthorized release of this information may interfere with disaster prevention or emergency response missions. The confidentiality impact level recommended for the information cited in the example can be moderate or high. The unauthorized disclosure of disaster monitoring and prediction information to terrorists may reveal weak or sensitive points to target, the most effective technique(s use in attacking a target, and information regarding the status, intent, and plans of our adversaries. Where unauthorized disclosure of disaster monitoring and prediction information is expected to be of direct use to terrorists, the confidentiality impact level is recommended to be high.
+ +The provisional confidentiality impact recommended for most disaster monitoring and prediction information is low.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to disaster monitoring and prediction information. Generally, missions supported by disaster monitoring and prediction information are not reliably tolerant of delays. Delays may cost lives and irreplaceable property, e.g., degradation in mission capability and resultant catastrophic consequences for critical infrastructures, key national assets, and/or human life. For example, a loss of availability of information that prevents timely and accurate dissemination of tsunami and earthquake predictions can have life-threatening consequences.
+The provisional availability impact level recommended for disaster monitoring and prediction information is high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of disaster monitoring and prediction information usually depends on whether the information is time-critical. Unauthorized modification or destruction of information affecting disaster monitoring and prediction information may jeopardize public safety, disaster prevention, and/or emergency response missions in a manner that results in unacceptable damage to critical infrastructures, damage to key national assets, or loss of human life. For example, an integrity compromise that prevents timely and accurate dissemination of tsunami and earthquake predictions can have life-threatening consequences.
+The provisional integrity impact level recommended for disaster monitoring and prediction information is high.
Disaster preparedness and planning involves the development of response programs to - be used in case of a disaster. This involves the development of emergency management - programs and activities as well as staffing and equipping regional response - centers.
+Disaster preparedness and planning involves the development of response programs to be used in case of a disaster. This involves the development of emergency management programs and activities as well as staffing and equipping regional response centers.
The confidentiality impact level is the effect of unauthorized disclosure of disaster - preparedness and planning information on the ability of responsible agencies to - develop response programs to be used in case of a disaster. This involves the - development of emergency management programs and activities as well as staffing and - equipping regional response centers. The consequences of unauthorized disclosure of - most disaster preparedness and planning information would have, at most, a limited - adverse effect on agency operations, agency assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: The consequences of unauthorized - disclosure of some disaster preparedness and planning information may include - revealing weak or sensitive critical infrastructure characteristics or inadequate - security of U.S. targets to terrorists or other adversaries. Such information may - reveal to an enemy the most effective technique(s) to use in attacking a target, - and/or information regarding the capabilities, intent, and plans of our adversaries. - Where unauthorized disclosure of disaster preparedness and planning information - associated with critical infrastructures, large groups of people, or key national - assets is expected to be of direct use to terrorists, the confidentiality impact - level is recommended to be high.
+The confidentiality impact level is the effect of unauthorized disclosure of disaster preparedness and planning information on the ability of responsible agencies to develop response programs to be used in case of a disaster. This involves the development of emergency management programs and activities as well as staffing and equipping regional response centers. The consequences of unauthorized disclosure of most disaster preparedness and planning information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: The consequences of unauthorized disclosure of some disaster preparedness and planning information may include revealing weak or sensitive critical infrastructure characteristics or inadequate security of U.S. targets to terrorists or other adversaries. Such information may reveal to an enemy the most effective technique(s) to use in attacking a target, + and/or information regarding the capabilities, intent, and plans of our adversaries. Where unauthorized disclosure of disaster preparedness and planning information associated with critical infrastructures, large groups of people, or key national assets is expected to be of direct use to terrorists, the confidentiality impact level is recommended to be high.
The provisional confidentiality impact level recommended for most disaster - preparedness and planning information is low.
+The provisional confidentiality impact level recommended for most disaster preparedness and planning information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to disaster - preparedness and planning information. Generally, missions supported by disaster - preparedness and planning information are not reliably tolerant of delays. Special - Factors Affecting Availability Impact Determination: If emergency responders and - those responsible for repair and restoration activities are unable to access - preparedness and planning information in the event of an actual emergency the - consequences may include confusion and delays. In such cases, the availability - impact level can be moderate or high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to disaster preparedness and planning information. Generally, missions supported by disaster preparedness and planning information are not reliably tolerant of delays. Special Factors Affecting Availability Impact Determination: If emergency responders and those responsible for repair and restoration activities are unable to access preparedness and planning information in the event of an actual emergency the consequences may include confusion and delays. In such cases, the availability impact level can be moderate or high.
The provisional availability impact level recommended for disaster preparedness and - planning information is low.
+The provisional availability impact level recommended for disaster preparedness and planning information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - disaster preparedness and planning information depend on whether the information is - time-critical. Special Factors Affecting Integrity Impact Determination: - Unauthorized modification or destruction of information affecting external - communications (e.g., web pages, electronic mail) may adversely affect operations - and/or public confidence in the agency, but the damage to the mission will usually - be limited. The consequences of unauthorized modification or destruction of - information can be very serious or catastrophic if the data is time-critical - operational information. In such cases, the impact level assigned would be moderate - or high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of disaster preparedness and planning information depend on whether the information is time-critical. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission will usually be limited. The consequences of unauthorized modification or destruction of information can be very serious or catastrophic if the data is time-critical operational information. In such cases, the impact level assigned would be moderate or high.
The provisional integrity impact level recommended for most disaster preparedness and - planning information is low.
+The provisional integrity impact level recommended for most disaster preparedness and planning information is low.
Disaster repair and restoration involves the cleanup and restoration activities that - take place after a disaster. This involves the cleanup and rebuilding of any homes, - buildings, roads, environmental resources, or infrastructure that may be damaged due - to a disaster.
+Disaster repair and restoration involves the cleanup and restoration activities that take place after a disaster. This involves the cleanup and rebuilding of any homes, buildings, roads, environmental resources, or infrastructure that may be damaged due to a disaster.
The confidentiality impact level is the effect of unauthorized disclosure of disaster - repair and restoration information on the ability of responsible agencies to conduct - cleanup and restoration activities that take place after a disaster. This involves - the cleanup and rebuilding of any homes, buildings, roads, environmental resources, - or infrastructure that may be damaged due to a disaster. The consequences of - unauthorized disclosure of most disaster repair and restoration information would - have a limited adverse effect on agency operations, agency assets, or - individuals.
+The confidentiality impact level is the effect of unauthorized disclosure of disaster repair and restoration information on the ability of responsible agencies to conduct cleanup and restoration activities that take place after a disaster. This involves the cleanup and rebuilding of any homes, buildings, roads, environmental resources, or infrastructure that may be damaged due to a disaster. The consequences of unauthorized disclosure of most disaster repair and restoration information would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional confidentiality impact level recommended for disaster repair and - restoration information is low.
+The provisional confidentiality impact level recommended for disaster repair and restoration information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to disaster - repair and restoration information. Generally, missions supported by disaster repair - and restoration information are tolerant of delay.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to disaster repair and restoration information. Generally, missions supported by disaster repair and restoration information are tolerant of delay.
The provisional availability impact level recommended for disaster repair and - restoration information is low.
+The provisional availability impact level recommended for disaster repair and restoration information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - disaster repair and restoration information depends on whether the information is - time-critical. Unauthorized modification or destruction of information affecting - external communications (e.g., web pages, electronic mail) may adversely affect - operations or public confidence in the agency, but the damage to the mission would - usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of disaster repair and restoration information depends on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for most disaster repair and - restoration information is low.
+The provisional integrity impact level recommended for most disaster repair and restoration information is low.
Emergency Response involves the immediate actions taken to respond to a disaster - (e.g., wildfire management). These actions include providing mobile - telecommunications, operational support, power generation, search and rescue, and - medical life saving actions. Impacts to emergency response information and the - information systems that process and store emergency response information could - result in negative impacts on cross-jurisdictional coordination within the critical - emergency services infrastructure and the general effectiveness of organizations - tasked with emergency response missions.
+Emergency Response involves the immediate actions taken to respond to a disaster (e.g., wildfire management). These actions include providing mobile telecommunications, operational support, power generation, search and rescue, and medical life saving actions. Impacts to emergency response information and the information systems that process and store emergency response information could result in negative impacts on cross-jurisdictional coordination within the critical emergency services infrastructure and the general effectiveness of organizations tasked with emergency response missions.
The confidentiality impact level is the effect of unauthorized disclosure of - emergency response information on the ability of responsible agencies to respond to - a disaster. These actions include providing mobile telecommunications, operational - support, power generation, search and rescue, and medical life saving actions. The - consequences of unauthorized disclosure of emergency response information will - usually have little or no adverse effect on agency operations, agency assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: In - cases where an attack is underway, unauthorized disclosure of emergency response - information can provide information that might permit terrorists or other - adversaries to target emergency response assets, thus jeopardizing emergency - response resources and missions and public safety. Given the criticality that much - emergency response information has in terms of potential loss of human life and - major property damage, where unauthorized release of information can reasonably be - expected to facilitate interference with emergency response missions, the - confidentiality impact level may be moderate or high. The unauthorized disclosure of - one agency’s emergency response by another agency could result in negative impacts - on cross-jurisdictional coordination within the critical emergency services - infrastructure and the general effectiveness of organizations tasked with emergency - response missions.
+The confidentiality impact level is the effect of unauthorized disclosure of emergency response information on the ability of responsible agencies to respond to a disaster. These actions include providing mobile telecommunications, operational support, power generation, search and rescue, and medical life saving actions. The consequences of unauthorized disclosure of emergency response information will usually have little or no adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In cases where an attack is underway, unauthorized disclosure of emergency response information can provide information that might permit terrorists or other adversaries to target emergency response assets, thus jeopardizing emergency response resources and missions and public safety. Given the criticality that much emergency response information has in terms of potential loss of human life and major property damage, + where unauthorized release of information can reasonably be expected to facilitate interference with emergency response missions, the confidentiality impact level may be moderate or high. The unauthorized disclosure of one agency’s emergency response by another agency could result in negative impacts on cross-jurisdictional coordination within the critical emergency services infrastructure and the general effectiveness of organizations tasked with emergency response missions.
The provisional confidentiality impact level recommended for emergency response - information is low.
+The provisional confidentiality impact level recommended for emergency response information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - emergency response information. Generally, missions supported by emergency response - information are not tolerant of delays. Delays may cost lives and result in major - property damage. Denial of access to emergency response information may result in - significant degradation in mission capability and resultant catastrophic - consequences for critical infrastructures, key national assets, and/or human - life.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to emergency response information. Generally, missions supported by emergency response information are not tolerant of delays. Delays may cost lives and result in major property damage. Denial of access to emergency response information may result in significant degradation in mission capability and resultant catastrophic consequences for critical infrastructures, key national assets, and/or human life.
The provisional availability impact level recommended for emergency response - information is high.
+The provisional availability impact level recommended for emergency response information is high.
The provisional confidentiality impact level recommended for emergency response - information is low.
+The provisional confidentiality impact level recommended for emergency response information is low.
The provisional integrity impact level recommended for emergency response information - is normally high.
+The provisional integrity impact level recommended for emergency response information is normally high.
Foreign Affairs refers to those activities associated with the implementation of - foreign policy and diplomatic relations, including the operation of embassies, - consulates, and other posts; ongoing membership in international organizations; the - development of cooperative frameworks to improve relations with other Nations; and - the development of treaties and agreements. Conflict resolution involves the - mitigation and prevention of disputes stemming from inter and intra-state - disagreements. Some conflict resolution information is subject to security - classification. This classified information is treated under separate rules - established for national security information and is outside the scope of this - guideline. Treaties and agreements involves the negotiation and implementation of - accords with foreign governments and organizations in efforts related to arms - reduction and regulation, trade matters, criminal investigations and extraditions, - and other various types of foreign policy. When treaties and agreements information - affects intelligence gathering and/or law enforcement cooperation, impacts to such - information and the information systems that process and store the information could - result in negative impacts on protection of a broad range of critical - infrastructures and key national assets. Some information associated with treaties - and agreements is subject to security classification. This classified information is - treated under separate rules established for national security information.
+Foreign Affairs refers to those activities associated with the implementation of foreign policy and diplomatic relations, including the operation of embassies, consulates, and other posts; ongoing membership in international organizations; the development of cooperative frameworks to improve relations with other Nations; and the development of treaties and agreements. Conflict resolution involves the mitigation and prevention of disputes stemming from inter and intra-state disagreements. Some conflict resolution information is subject to security classification. This classified information is treated under separate rules established for national security information and is outside the scope of this guideline. Treaties and agreements involves the negotiation and implementation of accords with foreign governments and organizations in efforts related to arms reduction and regulation, trade matters, criminal investigations and extraditions, and other various types of foreign + policy. When treaties and agreements information affects intelligence gathering and/or law enforcement cooperation, impacts to such information and the information systems that process and store the information could result in negative impacts on protection of a broad range of critical infrastructures and key national assets. Some information associated with treaties and agreements is subject to security classification. This classified information is treated under separate rules established for national security information.
The confidentiality impact level is the effect of unauthorized disclosure of conflict - resolution information on the ability of responsible agencies to mitigate and - prevent disputes stemming from inter and intra-state disagreements. Unauthorized - disclosure of conflict resolution information can reasonably be expected to - jeopardize fulfillment of conflict resolution missions. This is particularly true of - premature release of resolution factors, personnel profiles, and proposed solutions - to adversaries. Some information that has supported a conflict resolution process - may undo the results of successful conflict resolution processes. The loss of public - confidence in the agency may cause a catastrophic adverse effect on an agency’s - mission capability. Where information includes candid opinions of agency personnel, - or involvement of agency personnel in specific prior activities, the effectiveness - of those personnel for many future agency missions may be permanently impaired. The - consequences of failed conflict resolution activities may pose threats to human life - and major property assets The level of confidentiality impact assigned to treaties - and agreements information is determined by the ability of responsible agencies to - negotiate and implement accords with foreign governments and organizations in - efforts related to arms reduction and regulation, trade matters, criminal - investigations and extraditions, and other types of foreign policy. Unauthorized - disclosure of information associated with treaties and agreements can reasonably be - expected to prevent successful negotiation and/or ratification of treaties and - agreements. This is particularly true of prematurely released resolution factors, - personality assessments, and proposed solutions to adversaries. Some information - that has supported a treaty or other international agreement process may undo the - results of a successfully completed treaty or agreement. The subsequent threat to - public confidence in the agency can cause a catastrophic adverse effect on an - agency’s mission capability. When the disclosed information includes candid opinions - of agency personnel, or background information on agency personnel, the - effectiveness of those personnel for future agency missions may be permanently - impaired. The consequences of failure to successfully conclude treaties and other - international agreements often pose threats to human life and major property - assets.
-The provisional confidentiality impact level recommended for foreign affairs - information is high.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to foreign - affairs information. Special Factors Affecting Availability Impact Determination: - Diplomatic missions are often tolerant of delays. Therefore, the availability impact - level assigned to information associated with treaties and agreements that are - associated with diplomatic missions is low. Where this is not the case, the - availability impact for foreign affairs information associated with treaties and - agreements may be high.
-The provisional availability impact level recommended for foreign affairs information - is moderate.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - conflict resolution information depend on whether the information is time-critical. - The consequences of unauthorized modification or destruction of information - associated with treaties and agreements also depend on the time-critical nature of - the information. The unauthorized modification or destruction of information - affecting external communications (e.g., web pages, electronic mail) may affect - operations and/or public confidence in the agency, but the damage to the mission - would usually be limited. The unauthorized modification or destruction of - information affecting conflict resolution information may adversely affect mission - operations in a manner that results in unacceptable consequences such as loss of - human life and/or major property assets. The consequences of unauthorized - modification or destruction of information can be very serious if the modification - is to time-critical operational information.
-The provisional integrity impact level recommended for foreign affairs information is - high.
+The confidentiality impact level is the effect of unauthorized disclosure of conflict resolution information on the ability of responsible agencies to mitigate and prevent disputes stemming from inter and intra-state disagreements. Unauthorized disclosure of conflict resolution information can reasonably be expected to jeopardize fulfillment of conflict resolution missions. This is particularly true of premature release of resolution factors, personnel profiles, and proposed solutions to adversaries. Some information that has supported a conflict resolution process may undo the results of successful conflict resolution processes. The loss of public confidence in the agency may cause a catastrophic adverse effect on an agency’s mission capability. Where information includes candid opinions of agency personnel, or involvement of agency personnel in specific prior activities, the effectiveness of those personnel for many future agency missions may be permanently impaired. + The consequences of failed conflict resolution activities may pose threats to human life and major property assets The level of confidentiality impact assigned to treaties and agreements information is determined by the ability of responsible agencies to negotiate and implement accords with foreign governments and organizations in efforts related to arms reduction and regulation, trade matters, criminal investigations and extraditions, and other types of foreign policy. Unauthorized disclosure of information associated with treaties and agreements can reasonably be expected to prevent successful negotiation and/or ratification of treaties and agreements. This is particularly true of prematurely released resolution factors, personality assessments, and proposed solutions to adversaries. Some information that has supported a treaty or other international agreement process may undo the results of a successfully completed treaty or agreement. The subsequent threat to public + confidence in the agency can cause a catastrophic adverse effect on an agency’s mission capability. When the disclosed information includes candid opinions of agency personnel, or background information on agency personnel, the effectiveness of those personnel for future agency missions may be permanently impaired. The consequences of failure to successfully conclude treaties and other international agreements often pose threats to human life and major property assets.
+ +The provisional confidentiality impact level recommended for foreign affairs information is high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to foreign affairs information. Special Factors Affecting Availability Impact Determination: Diplomatic missions are often tolerant of delays. Therefore, the availability impact level assigned to information associated with treaties and agreements that are associated with diplomatic missions is low. Where this is not the case, the availability impact for foreign affairs information associated with treaties and agreements may be high.
+The provisional availability impact level recommended for foreign affairs information is moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of conflict resolution information depend on whether the information is time-critical. The consequences of unauthorized modification or destruction of information associated with treaties and agreements also depend on the time-critical nature of the information. The unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. The unauthorized modification or destruction of information affecting conflict resolution information may adversely affect mission operations in a manner that results in unacceptable consequences such as loss of human life and/or + major property assets. The consequences of unauthorized modification or destruction of information can be very serious if the modification is to time-critical operational information.
+The provisional integrity impact level recommended for foreign affairs information is high.
International Development and Humanitarian Aid refers to those activities related to - the implementation of development and humanitarian assistance programs to developing - and transitioning countries throughout the world. Development and aid may include - technical assistance (the transfer of knowledge and expertise), and the delivery of - equipment, commodities and humanitarian assistance including food aid. In some - cases, international development and humanitarian aid information is subject to - security classification. This classified information is treated under separate rules - established for national security information.
+International Development and Humanitarian Aid refers to those activities related to the implementation of development and humanitarian assistance programs to developing and transitioning countries throughout the world. Development and aid may include technical assistance (the transfer of knowledge and expertise), and the delivery of equipment, commodities and humanitarian assistance including food aid. In some cases, international development and humanitarian aid information is subject to security classification. This classified information is treated under separate rules established for national security information.
The confidentiality impact level is the effect of unauthorized disclosure of - international development and humanitarian aid information on the ability of - responsible agencies to execute programs relating to debt relief, foreign - investments, poverty alleviation and food relief, foreign market expansion, and - donations, as well as the establishment of policies and procedures to facilitate - economic development. Special Factors Affecting Confidentiality Impact - Determination: The unauthorized disclosure of international development and - humanitarian aid information may not directly jeopardize foreign socio-economic and - political development missions. However, the premature disclosure of this - information may adversely affect agency credibility or give unfair competitive - advantages to some candidates for mission support activities. These secondary - effects may have a negative effect on the intended beneficiaries and can result, in - extreme cases, in threats to human life, major assets, or the ability of the agency - to perform future missions. Some information that has supported an international - development and humanitarian aid process can even undo the results of previously - completed foreign socio-economic and political development processes. Where there is - a possibility of catastrophic consequences such as threats to human life and major - property assets, a high confidentiality impact level must be assigned.
+The confidentiality impact level is the effect of unauthorized disclosure of international development and humanitarian aid information on the ability of responsible agencies to execute programs relating to debt relief, foreign investments, poverty alleviation and food relief, foreign market expansion, and donations, as well as the establishment of policies and procedures to facilitate economic development. Special Factors Affecting Confidentiality Impact Determination: The unauthorized disclosure of international development and humanitarian aid information may not directly jeopardize foreign socio-economic and political development missions. However, the premature disclosure of this information may adversely affect agency credibility or give unfair competitive advantages to some candidates for mission support activities. These secondary effects may have a negative effect on the intended beneficiaries and can result, in extreme cases, in threats to human life, major + assets, or the ability of the agency to perform future missions. Some information that has supported an international development and humanitarian aid process can even undo the results of previously completed foreign socio-economic and political development processes. Where there is a possibility of catastrophic consequences such as threats to human life and major property assets, a high confidentiality impact level must be assigned.
The provisional confidentiality impact level recommended for international - development and humanitarian aid information is moderate.
+The provisional confidentiality impact level recommended for international development and humanitarian aid information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - international development and humanitarian aid information. Special Factors - Affecting Availability Impact Determination: Generally, international development - and humanitarian aid missions are tolerant of delays. Where this is not the case, - the availability impact associated with international development and humanitarian - aid information may be moderate or high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to international development and humanitarian aid information. Special Factors Affecting Availability Impact Determination: Generally, international development and humanitarian aid missions are tolerant of delays. Where this is not the case, the availability impact associated with international development and humanitarian aid information may be moderate or high.
The provisional availability impact level recommended for international development - and humanitarian aid information is low.
+The provisional availability impact level recommended for international development and humanitarian aid information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - international development and humanitarian aid information depend on whether the - information is time-critical. Unauthorized modification or destruction of - information affecting external communications (e.g., web pages, electronic mail) may - adversely affect operations and/or public confidence in the agency, but the damage - to the mission would usually be limited. Special Factors Affecting Integrity Impact - Determination: The consequences of unauthorized modification or destruction of - information can be very serious or catastrophic if the modification is to - time-critical operational information. In such cases, the impact level assigned - would be moderate or high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of international development and humanitarian aid information depend on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: The consequences of unauthorized modification or destruction of information can be very serious or catastrophic if the modification is to time-critical operational information. In such cases, the impact level assigned would be moderate or high.
The provisional integrity impact level recommended for most international development - and humanitarian aid information is low.
+The provisional integrity impact level recommended for most international development and humanitarian aid information is low.
Global Trade refers to those activities the Federal Government undertakes to advance - worldwide economic prosperity by increasing trade through the opening of overseas - markets and freeing the flow of goods, services, and capital. Trade encompasses all - activities associated with the importing and exporting of goods to and from the - United States. This includes goods declaration, fee payments, and delivery/shipment - authorization. Export promotion involves the development of opportunities for the - expansion of U.S. exports. Merchandise inspection includes the verification of goods - and merchandise as well as the surveillance, interdiction, and investigation of - imports/exports in violation of various Customs laws. Tariffs/quotas monitoring - refers to the monitoring and modification of the schedules of items imported and - exported to and from the United States.
+Global Trade refers to those activities the Federal Government undertakes to advance worldwide economic prosperity by increasing trade through the opening of overseas markets and freeing the flow of goods, services, and capital. Trade encompasses all activities associated with the importing and exporting of goods to and from the United States. This includes goods declaration, fee payments, and delivery/shipment authorization. Export promotion involves the development of opportunities for the expansion of U.S. exports. Merchandise inspection includes the verification of goods and merchandise as well as the surveillance, interdiction, and investigation of imports/exports in violation of various Customs laws. Tariffs/quotas monitoring refers to the monitoring and modification of the schedules of items imported and exported to and from the United States.
The confidentiality impact level is the effect of unauthorized disclosure of export - promotion information on the ability of responsible agencies to advance worldwide - economic prosperity by increasing trade through the opening of overseas markets and - freeing the flow of goods, services, and capital. Also, the confidentiality impact - level is the effect of unauthorized disclosure of merchandise inspection information - on the ability of responsible agencies to accurately determine, report, and record - the discovered status of imported or exported merchandise as it bears on violations - of various Customs laws. Generally, the unauthorized disclosure of merchandise - inspection information will not jeopardize the completion of other merchandise - inspection missions, as shipment status is generally information of public record. - The confidentiality impact level is also the effect of unauthorized disclosure of - tariffs/quotas monitoring information on the ability of responsible agencies to - enforce various Customs laws, and preserve statistical data concerning the - historical compliance with such laws. Typically, the unauthorized disclosure of - tariffs/quotas monitoring information will not jeopardize the completion of other - tariffs/quotas monitoring missions because the information is publicly available. - Unauthorized disclosure of information that has supported an export promotion - process may undo the results of successful export promotion processes. The - consequent threat to agency image or reputations can cause a catastrophic adverse - effect on an agency’s mission capability. Consequently, the general confidentiality - impact level associated with export promotion information is high. Some information - that has supported a tariffs/quotas monitoring process might be of higher - sensitivity, such as intelligence information36 that might point to a dumping - situation. The unauthorized disclosure of this information might jeopardize the - success of future tariffs/quotas monitoring processes. Consequently, the - confidentiality impact level associated with tariffs/quotas monitoring information - is high. Intelligence information is included in national security systems. National - security information and national security systems are outside the scope of this - guideline. Some information that has supported a merchandise inspection process - might be of higher sensitivity. The unauthorized disclosure of this information - might jeopardize the success of future merchandise inspection processes. The - consequent threat to agency image or reputations may cause a serious adverse effect - on an agency’s mission capability. Consequently, the general confidentiality impact - level associated with merchandise inspection information is high.
-The provisional confidentiality impact level recommended for global trade information - is high.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to global - trade information. Export promotion and merchandise inspection missions are - generally tolerant of significant delays. If the export promotion and merchandise - inspection information are time-critical, the availability impact may be high. This - would be the case where such an occurrence could result in significant financial - consequences as a result of uncertainty regarding the status of an imported or - exported shipment. Tariffs/quotas monitoring missions are also tolerant of - significant delays. Typically, this information is used in high level policy and - strategic analysis, and denial of access might cause an inconvenience but no - significant mission impact. However, the availability impact associated with - tariffs/quotas monitoring information may be high, if denial of access could result - in serious damage to the image or reputation of an agency resulting from uncertainty - regarding the compliance statistics of a major sovereign trade partner.
-he provisional availability impact level recommended for global trade information is - high.
+The confidentiality impact level is the effect of unauthorized disclosure of export promotion information on the ability of responsible agencies to advance worldwide economic prosperity by increasing trade through the opening of overseas markets and freeing the flow of goods, services, and capital. Also, the confidentiality impact level is the effect of unauthorized disclosure of merchandise inspection information on the ability of responsible agencies to accurately determine, report, and record the discovered status of imported or exported merchandise as it bears on violations of various Customs laws. Generally, the unauthorized disclosure of merchandise inspection information will not jeopardize the completion of other merchandise inspection missions, as shipment status is generally information of public record. The confidentiality impact level is also the effect of unauthorized disclosure of tariffs/quotas monitoring information on the ability of responsible agencies + to enforce various Customs laws, and preserve statistical data concerning the historical compliance with such laws. Typically, the unauthorized disclosure of tariffs/quotas monitoring information will not jeopardize the completion of other tariffs/quotas monitoring missions because the information is publicly available. Unauthorized disclosure of information that has supported an export promotion process may undo the results of successful export promotion processes. The consequent threat to agency image or reputations can cause a catastrophic adverse effect on an agency’s mission capability. Consequently, the general confidentiality impact level associated with export promotion information is high. Some information that has supported a tariffs/quotas monitoring process might be of higher sensitivity, such as intelligence information36 that might point to a dumping situation. The unauthorized disclosure of this information might jeopardize the success of future + tariffs/quotas monitoring processes. Consequently, the confidentiality impact level associated with tariffs/quotas monitoring information is high. Intelligence information is included in national security systems. National security information and national security systems are outside the scope of this guideline. Some information that has supported a merchandise inspection process might be of higher sensitivity. The unauthorized disclosure of this information might jeopardize the success of future merchandise inspection processes. The consequent threat to agency image or reputations may cause a serious adverse effect on an agency’s mission capability. Consequently, the general confidentiality impact level associated with merchandise inspection information is high.
+ +The provisional confidentiality impact level recommended for global trade information is high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to global trade information. Export promotion and merchandise inspection missions are generally tolerant of significant delays. If the export promotion and merchandise inspection information are time-critical, the availability impact may be high. This would be the case where such an occurrence could result in significant financial consequences as a result of uncertainty regarding the status of an imported or exported shipment. Tariffs/quotas monitoring missions are also tolerant of significant delays. Typically, this information is used in high level policy and strategic analysis, and denial of access might cause an inconvenience but no significant mission impact. However, the availability impact associated with tariffs/quotas monitoring information may be high, if denial of access could result in serious damage to the image + or reputation of an agency resulting from uncertainty regarding the compliance statistics of a major sovereign trade partner.
+he provisional availability impact level recommended for global trade information is high.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of global - trade information depends on whether the information is time-critical. Unauthorized - modification or destruction of information affecting export promotion information - may adversely affect mission operations and result in potentially serious economic - repercussions. Trade agreements that have been implemented are generally matters of - public record. Therefore, the specific negotiated terms, etc., must be accurately - recorded. The modification of merchandise inspection information may result in - significant financial consequences to an importer or exporter whose shipment is in - question and may adversely affect mission operations and result in potentially - serious economic repercussions. The results of completed inspections are matters of - public record and must be accurately recorded. For tariffs/quotas monitoring - information, the requirement for adequate means to detect data corruption is high. - This information is used in policy and strategic analysis, and the accuracy of this - statistical information is critical. Unauthorized modification or destruction of - information affecting tariffs/quotas monitoring information may adversely affect - mission operations and result in potentially catastrophic economic - repercussions.
-The provisional integrity impact level recommended for global trade information is - high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of global trade information depends on whether the information is time-critical. Unauthorized modification or destruction of information affecting export promotion information may adversely affect mission operations and result in potentially serious economic repercussions. Trade agreements that have been implemented are generally matters of public record. Therefore, the specific negotiated terms, etc., must be accurately recorded. The modification of merchandise inspection information may result in significant financial consequences to an importer or exporter whose shipment is in question and may adversely affect mission operations and result in potentially serious economic repercussions. The results of completed inspections are + matters of public record and must be accurately recorded. For tariffs/quotas monitoring information, the requirement for adequate means to detect data corruption is high. This information is used in policy and strategic analysis, and the accuracy of this statistical information is critical. Unauthorized modification or destruction of information affecting tariffs/quotas monitoring information may adversely affect mission operations and result in potentially catastrophic economic repercussions.
+ +The provisional integrity impact level recommended for global trade information is high.
Water Resource Management includes all activities that promote the effective use and - management of the nation’s water resources. Notes: Environmental protection of water - resources is included in the Environmental Management Line of Business. - Hydroelectric energy production is included under the Energy Production mission.
+Water Resource Management includes all activities that promote the effective use and management of the nation’s water resources. Notes: Environmental protection of water resources is included in the Environmental Management Line of Business. Hydroelectric energy production is included under the Energy Production mission.
The confidentiality impact level is the effect of unauthorized disclosure of water - resource management information on the ability of responsible agencies to promote - the effective use and management of the nation’s water resources. The consequences - of unauthorized disclosure of most water resource management information would have, - at most, a limited adverse effect on agency operations, agency assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: There - may be some cases for which moderate confidentiality impact is associated with - unauthorized disclosure of business/industry development. For example, unauthorized - disclosure of details of current agency water resource management activities and - plans may focus opposition and/or give an unfair advantage to competing interests. - Consistent premature disclosure of agency plans may cause significant degradation in - mission capability.
+The confidentiality impact level is the effect of unauthorized disclosure of water resource management information on the ability of responsible agencies to promote the effective use and management of the nation’s water resources. The consequences of unauthorized disclosure of most water resource management information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: There may be some cases for which moderate confidentiality impact is associated with unauthorized disclosure of business/industry development. For example, unauthorized disclosure of details of current agency water resource management activities and plans may focus opposition and/or give an unfair advantage to competing interests. Consistent premature disclosure of agency plans may cause significant degradation in mission capability.
The provisional confidentiality impact level recommended for water resource - management information is low.
+The provisional confidentiality impact level recommended for water resource management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to water - resource management information. Generally, missions supported by water resource - management information are tolerant of delay.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to water resource management information. Generally, missions supported by water resource management information are tolerant of delay.
The provisional availability impact level recommended for water resource management - information is low.
+The provisional availability impact level recommended for water resource management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of water - resource management information depends on whether the information is time-critical. - Unauthorized modification or destruction of information affecting external - communications associated with water resource management information (e.g., web - pages, electronic mail) may adversely affect operations and/or public confidence in - the agency, but the damage to the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of water resource management information depends on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications associated with water resource management information (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for most water resource management - information is low.
+The provisional integrity impact level recommended for most water resource management information is low.
Conservation, Marine and Land Management involves the responsibilities of surveying, - maintaining, and operating public lands and monuments, as well as activities devoted - to ensuring the preservation of land, water, wildlife, and natural resources, both - domestically and internationally. It also includes the sustainable stewardship of - natural resources on federally owned/controlled lands for commercial use (mineral - mining, grazing, forestry, fishing, etc.).
+Conservation, Marine and Land Management involves the responsibilities of surveying, maintaining, and operating public lands and monuments, as well as activities devoted to ensuring the preservation of land, water, wildlife, and natural resources, both domestically and internationally. It also includes the sustainable stewardship of natural resources on federally owned/controlled lands for commercial use (mineral mining, grazing, forestry, fishing, etc.).
The confidentiality impact level is the effect of unauthorized disclosure of - conservation, marine, and land management information on the ability of responsible - agencies to survey, maintain, and operate public lands and monuments, as well as to - ensure the preservation of land, water, wildlife, and natural resources, both - domestically and internationally. The consequences of unauthorized disclosure of - most conservation, marine, and land management information would have a limited - adverse effect on agency operations, agency assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: There may be some cases for which - moderate confidentiality impact is associated with unauthorized disclosure of - private or proprietary information associated with use of federally owned/controlled - lands for commercial use (mineral mining, grazing, forestry, fishing, etc.). - Additionally, unauthorized disclosure of details of current agency conservation, - marine, and land management activities and plans may focus opposition and/or give an - unfair advantage to competing interests. Consistent premature disclosure of agency - plans may cause significant degradation in mission capability. Also, conservation, - marine, and land management include enforcement functions (e.g., the policing of - marine fisheries). Confidentiality impacts associated with criminal apprehension, - criminal investigation and surveillance, citizen protection, and property protection - may cause the confidentiality impact of enforcement-related information to be - moderate or high.
+The confidentiality impact level is the effect of unauthorized disclosure of conservation, marine, and land management information on the ability of responsible agencies to survey, maintain, and operate public lands and monuments, as well as to ensure the preservation of land, water, wildlife, and natural resources, both domestically and internationally. The consequences of unauthorized disclosure of most conservation, marine, and land management information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: There may be some cases for which moderate confidentiality impact is associated with unauthorized disclosure of private or proprietary information associated with use of federally owned/controlled lands for commercial use (mineral mining, grazing, forestry, fishing, etc.). Additionally, unauthorized disclosure of details of current agency conservation, marine, and + land management activities and plans may focus opposition and/or give an unfair advantage to competing interests. Consistent premature disclosure of agency plans may cause significant degradation in mission capability. Also, conservation, marine, and land management include enforcement functions (e.g., the policing of marine fisheries). Confidentiality impacts associated with criminal apprehension, criminal investigation and surveillance, citizen protection, and property protection may cause the confidentiality impact of enforcement-related information to be moderate or high.
The provisional confidentiality impact recommended for most conservation, marine, and - land management information is low.
+The provisional confidentiality impact recommended for most conservation, marine, and land management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - conservation, marine, and land management information. Typically, missions supported - by conservation, marine, and land management information are tolerant of delay. - Special Factors Affecting Availability Impact Determination: Conservation, marine, - and land management include enforcement functions (e.g., the policing of marine - fisheries). Availability impacts associated with criminal apprehension, criminal - investigation and surveillance, citizen protection, and property protection may - cause the availability impact of enforcement-related information to be moderate or - high. Particularly during fire season, the availability of land management - information critical to fire-fighting operations can affect the safety of human life - and large-scale property damage. Such information can have a high availability - impact level.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to conservation, marine, and land management information. Typically, missions supported by conservation, marine, and land management information are tolerant of delay. Special Factors Affecting Availability Impact Determination: Conservation, marine, and land management include enforcement functions (e.g., the policing of marine fisheries). Availability impacts associated with criminal apprehension, criminal investigation and surveillance, citizen protection, and property protection may cause the availability impact of enforcement-related information to be moderate or high. Particularly during fire season, the availability of land management information critical to fire-fighting operations can affect the safety of human life and large-scale property damage. Such information can have a high availability impact level.
The provisional availability impact level recommended for most conservation, marine, - and land management information is low.
+The provisional availability impact level recommended for most conservation, marine, and land management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - conservation, marine, and land management information depend on whether the - information is time-critical. Special Factors Affecting Integrity Impact - Determination: Unauthorized modification or destruction of information affecting - external communications associated with conservation, marine, and land management - information (e.g., web pages, electronic mail) may adversely affect operations - and/or public confidence in the agency, but the damage to the mission would usually - be limited. Conservation, marine, and land management include enforcement functions - (e.g., the policing of marine fisheries). Integrity impacts associated with criminal - apprehension, criminal investigation and surveillance, citizen protection, and - property protection may cause the integrity impact of enforcement-related - information to be moderate. Particularly during fire season, the integrity of land - management information critical to fire-fighting operations can affect the safety of - human life and large-scale property damage. Such information can have a high - integrity impact level.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of conservation, marine, and land management information depend on whether the information is time-critical. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications associated with conservation, marine, and land management information (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Conservation, marine, and land management include enforcement functions (e.g., the policing of marine fisheries). Integrity impacts associated with criminal apprehension, criminal investigation and surveillance, citizen protection, and property + protection may cause the integrity impact of enforcement-related information to be moderate. Particularly during fire season, the integrity of land management information critical to fire-fighting operations can affect the safety of human life and large-scale property damage. Such information can have a high integrity impact level.
The provisional integrity impact level recommended for most conservation, marine, and - land management information is low.
+The provisional integrity impact level recommended for most conservation, marine, and land management information is low.
Recreational Resource Management and Tourism involves the management of national - parks, monuments, and tourist attractions as well as visitor centers, campsites, and - park service facilities. Impacts to some information and information systems - associated with tourism management may affect the security of some key national - assets (e.g., some national monuments and icons).
+Recreational Resource Management and Tourism involves the management of national parks, monuments, and tourist attractions as well as visitor centers, campsites, and park service facilities. Impacts to some information and information systems associated with tourism management may affect the security of some key national assets (e.g., some national monuments and icons).
The confidentiality impact level is the effect of unauthorized disclosure of - recreational resource management and tourism information on the ability of - responsible agencies to manage national parks, monuments, and tourist attractions as - well as visitor centers, campsites, and park service facilities. The consequences of - unauthorized disclosure of most recreational resource management and tourism - information would have a limited adverse effect on agency operations, agency assets, - or individuals. Special Factors Affecting Confidentiality Impact Determination: - Recreational resource management and tourism include enforcement functions (e.g., - protective and enforcement functions of the National Park Service). Confidentiality - impacts associated with criminal apprehension, criminal investigation and - surveillance, citizen protection, and property protection may cause the - confidentiality impact of enforcement-related information to be moderate or high. - The consequences of unauthorized disclosure of property and tourist protection - information can be particularly severe in the case of protection of national - monuments and icons.
+The confidentiality impact level is the effect of unauthorized disclosure of recreational resource management and tourism information on the ability of responsible agencies to manage national parks, monuments, and tourist attractions as well as visitor centers, campsites, and park service facilities. The consequences of unauthorized disclosure of most recreational resource management and tourism information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Recreational resource management and tourism include enforcement functions (e.g., protective and enforcement functions of the National Park Service). Confidentiality impacts associated with criminal apprehension, criminal investigation and surveillance, citizen protection, and property protection may cause the confidentiality impact of enforcement-related information to be moderate or high. The consequences of + unauthorized disclosure of property and tourist protection information can be particularly severe in the case of protection of national monuments and icons.
The provisional confidentiality impact level recommended for most recreational - resource management and tourism information is low.
+The provisional confidentiality impact level recommended for most recreational resource management and tourism information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - recreational resource management and tourism information. Generally, missions - supported by recreational resource management and tourism information are tolerant - of delays. Special Factors Affecting Availability Impact Determination: Recreational - resource management and tourism include enforcement functions (e.g., protective and - enforcement functions of the National Park Service). Availability impacts associated - with criminal apprehension, criminal investigation and surveillance, citizen - protection, and property protection may cause the confidentiality impact of - enforcement-related information to be moderate or high. There may also be - time-critical cases associated with protection of people and key national assets - from natural disasters (such as fires, unexpected blizzards, or volcanic eruptions). - In such cased, the availability impact may be high. Except for time-critical - information, the availability impact level recommended for protection-related - information is typically moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to recreational resource management and tourism information. Generally, missions supported by recreational resource management and tourism information are tolerant of delays. Special Factors Affecting Availability Impact Determination: Recreational resource management and tourism include enforcement functions (e.g., protective and enforcement functions of the National Park Service). Availability impacts associated with criminal apprehension, criminal investigation and surveillance, citizen protection, and property protection may cause the confidentiality impact of enforcement-related information to be moderate or high. There may also be time-critical cases associated with protection of people and key national assets from natural disasters (such as fires, unexpected blizzards, or volcanic eruptions). In such cased, the + availability impact may be high. Except for time-critical information, the availability impact level recommended for protection-related information is typically moderate.
Most recreational resource management and tourism information is routine in nature - (not time-critical). Consequently, the provisional availability impact level - recommended for most recreational resource management and tourism information is - low.
+Most recreational resource management and tourism information is routine in nature (not time-critical). Consequently, the provisional availability impact level recommended for most recreational resource management and tourism information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - recreational resource management and tourism information depends on whether the - information is time-critical. Unauthorized modification or destruction of - information affecting external communications associated with recreational resource - management and tourism information (e.g., web pages, electronic mail) may adversely - affect operations and/or public confidence in the agency, but the damage to the - mission would usually be limited. Special Factors Affecting Integrity Impact - Determination: Recreational resource management and tourism include enforcement - functions (e.g., protective and enforcement functions of the National Park Service). - Integrity impacts associated with criminal apprehension, criminal investigation and - surveillance, citizen protection, and property protection may cause the integrity - impact of enforcement-related information to be moderate or high. These types of - enforcement-related information are time-critical. Where terrorists or other - criminals pose a threat to key national assets, or pose a threat to human life, the - integrity impact level recommended for recreational resource management and tourism - enforcement information is high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of recreational resource management and tourism information depends on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications associated with recreational resource management and tourism information (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: Recreational resource management and tourism include enforcement functions (e.g., protective and enforcement functions of the National Park Service). Integrity impacts associated with criminal apprehension, criminal investigation and + surveillance, citizen protection, and property protection may cause the integrity impact of enforcement-related information to be moderate or high. These types of enforcement-related information are time-critical. Where terrorists or other criminals pose a threat to key national assets, or pose a threat to human life, the integrity impact level recommended for recreational resource management and tourism enforcement information is high.
The provisional integrity impact level recommended for most recreational resource - management and tourism information is low.
+The provisional integrity impact level recommended for most recreational resource management and tourism information is low.
Agricultural Innovation and Services involves the creation and dissemination of - better methods for farming and the development of better and healthier crops.
+Agricultural Innovation and Services involves the creation and dissemination of better methods for farming and the development of better and healthier crops.
The confidentiality impact level is the effect of unauthorized disclosure of - agricultural innovation and service information on the ability of responsible - agencies to create and disseminate of better methods for farming and the development - of better and healthier crops. In most cases, unauthorized disclosure of - agricultural innovation and service information will have only a limited adverse - effect on agency operations, assets, or individuals. Special Factors Affecting - Confidentiality Impact Determination: In some cases, unauthorized disclosure of - preliminary findings or policies under consideration regarding proposed agricultural - products may result in domestic or international public relations problems for the - Federal government. In such cases, serious damage can result for agricultural - innovation and service operations. Here, the confidentiality impact level may be - moderate. In other cases, unauthorized disclosure of information regarding creation, - storage, and transportation of dangerous plant disease vectors, animal disease - vectors, pesticides, and herbicides might facilitate malicious activities by - terrorists or other criminals. Here, there is a potential for loss of human life, so - the confidentiality impact level may be high.
+The confidentiality impact level is the effect of unauthorized disclosure of agricultural innovation and service information on the ability of responsible agencies to create and disseminate of better methods for farming and the development of better and healthier crops. In most cases, unauthorized disclosure of agricultural innovation and service information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, unauthorized disclosure of preliminary findings or policies under consideration regarding proposed agricultural products may result in domestic or international public relations problems for the Federal government. In such cases, serious damage can result for agricultural innovation and service operations. Here, the confidentiality impact level may be moderate. In other cases, unauthorized disclosure of information regarding creation, storage, and + transportation of dangerous plant disease vectors, animal disease vectors, pesticides, and herbicides might facilitate malicious activities by terrorists or other criminals. Here, there is a potential for loss of human life, so the confidentiality impact level may be high.
The provisional confidentiality impact level recommended for most agricultural - innovation and service information is low.
+The provisional confidentiality impact level recommended for most agricultural innovation and service information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - agricultural innovation and service information. Loan assistance processes are - generally tolerant of delay. In most cases, disruption of access to agricultural - innovation and service information can be expected to have only a limited adverse - effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to agricultural innovation and service information. Loan assistance processes are generally tolerant of delay. In most cases, disruption of access to agricultural innovation and service information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for agricultural innovation and - service information is low.
+The provisional availability impact level recommended for agricultural innovation and service information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Agricultural innovation and service activities are not generally - time-critical. In most cases, the adverse effects of unauthorized modification to or - destruction of agricultural innovation and service information on agency mission - functions and public confidence in the agency can be expected to be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Agricultural innovation and service activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification to or destruction of agricultural innovation and service information on agency mission functions and public confidence in the agency can be expected to be limited.
The provisional integrity impact level recommended for agricultural innovation and - service information is low.
+The provisional integrity impact level recommended for agricultural innovation and service information is low.
Energy Supply involves all activities devoted to ensuring the availability of an - adequate supply of energy for the United States and its citizens. Energy Supply - includes the sale and transportation of commodity fuels such as coal, oil, natural - gas, and radioactive materials. This function also includes distributing and - transferring power, electric generation, and/or storage located near the point of - use. Impacts to some information and information systems associated with energy - supply may affect the security of critical infrastructures, particularly in the - areas of energy transmission and transport.
+Energy Supply involves all activities devoted to ensuring the availability of an adequate supply of energy for the United States and its citizens. Energy Supply includes the sale and transportation of commodity fuels such as coal, oil, natural gas, and radioactive materials. This function also includes distributing and transferring power, electric generation, and/or storage located near the point of use. Impacts to some information and information systems associated with energy supply may affect the security of critical infrastructures, particularly in the areas of energy transmission and transport.
The confidentiality impact level is the effect of unauthorized disclosure of energy - supply information on the ability of responsible agencies to conduct activities - related to the sale and transportation of commodity fuels such as coal, oil, natural - gas, and radioactive materials. This function also includes distributing and - transferring power, electric generation, and/or storage located near the point of - use. Unauthorized modification or destruction of information affecting external - communications (e.g., web pages, electronic mail) may adversely affect operations - and/or public confidence in the agency, but the damage to the mission would usually - be limited. Special Factors Affecting Confidentiality Impact Determination: The - consequences of unauthorized disclosure of energy supply information can have a - serious economic impact with respect to competitive advantages and financial and - commodity market dynamics. Also, the unauthorized disclosure of supply information - may assist terrorists in the theft of energy products or disruption of energy - distribution channels. Facilitation of theft of nuclear materials is a particularly - catastrophic potential result of unauthorized disclosure of specific types of energy - supply information. In these cases, the confidentiality impact must be considered to - be high. [Some information regarding transportation and storage of nuclear materials - is classified. The classified information is national security related and is - outside the scope of this guideline. Other information, such as Nuclear Regulatory - Commission “SAFEGUARDS” information is not national security information, but must - be treated as having high confidentiality impact.] With respect to possible use by - terrorists of energy distribution information regarding petroleum, natural gas, and - other flammable or explosive products, a realistic impact assessment must include - energy distribution information from private companies. This information is also - susceptible to access by terrorists. Where distribution of hazardous energy products - is involved, there is a potential unauthorized disclosure consequence of loss of - human life and major property. In such cases the confidentiality impact level can be - moderate or high. [Disclosure of transportation routes and storage facilities is - often (i) both authorized and necessary to mission accomplishment and (ii) - authorized, or even mandated, for public safety reasons.] Also, the unauthorized - disclosure of one agency’s energy supply information by another agency could result - in negative impacts on cross-jurisdictional coordination within the energy - distribution infrastructure and the general effectiveness of organizations tasked - with energy supply.
-The provisional confidentiality impact level recommended for most energy supply - information is low.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to energy - supply information. Typically, disruption of access will have a limited adverse - effect on agency operations (including mission, functions, or public confidence in - the agency), agency assets, or individuals. Also, most energy supply information is - not time-critical. Special Factors Affecting Availability Impact Determination: - Mission-critical systems: Functions supported by mission-critical information or - information systems (e.g., electrical power generation, transmission, and/or - distribution; petroleum or gas pipelines) are often adversely impacted by lack of - availability. Loss of availability of the information or information system can - result in severe impacts to the environment, service, major assets and/or human - safety. Consequently, the availability impact level associated with these types of - mission-critical processes/systems may be high. Non mission-critical systems: For - information or information systems that do not directly impact mission-critical - functions, the availability impact level may be downgraded to low.
-The availability impact level recommended for most energy supply information is - moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of energy supply information on the ability of responsible agencies to conduct activities related to the sale and transportation of commodity fuels such as coal, oil, natural gas, and radioactive materials. This function also includes distributing and transferring power, electric generation, and/or storage located near the point of use. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Confidentiality Impact Determination: The consequences of unauthorized disclosure of energy supply information can have a serious economic impact with respect to competitive advantages and financial and commodity market dynamics. Also, the unauthorized disclosure of supply information may + assist terrorists in the theft of energy products or disruption of energy distribution channels. Facilitation of theft of nuclear materials is a particularly catastrophic potential result of unauthorized disclosure of specific types of energy supply information. In these cases, the confidentiality impact must be considered to be high. [Some information regarding transportation and storage of nuclear materials is classified. The classified information is national security related and is outside the scope of this guideline. Other information, such as Nuclear Regulatory Commission “SAFEGUARDS” information is not national security information, but must be treated as having high confidentiality impact.] With respect to possible use by terrorists of energy distribution information regarding petroleum, natural gas, and other flammable or explosive products, a realistic impact assessment must include energy distribution information from private companies. This information is + also susceptible to access by terrorists. Where distribution of hazardous energy products is involved, there is a potential unauthorized disclosure consequence of loss of human life and major property. In such cases the confidentiality impact level can be moderate or high. [Disclosure of transportation routes and storage facilities is often (i) both authorized and necessary to mission accomplishment and (ii) authorized, or even mandated, for public safety reasons.] Also, the unauthorized disclosure of one agency’s energy supply information by another agency could result in negative impacts on cross-jurisdictional coordination within the energy distribution infrastructure and the general effectiveness of organizations tasked with energy supply.
+ +The provisional confidentiality impact level recommended for most energy supply information is low.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to energy supply information. Typically, disruption of access will have a limited adverse effect on agency operations (including mission, functions, or public confidence in the agency), agency assets, or individuals. Also, most energy supply information is not time-critical. Special Factors Affecting Availability Impact Determination: Mission-critical systems: Functions supported by mission-critical information or information systems (e.g., electrical power generation, transmission, and/or distribution; petroleum or gas pipelines) are often adversely impacted by lack of availability. Loss of availability of the information or information system can result in severe impacts to the environment, service, major assets and/or human safety. Consequently, the availability impact level associated with these types of mission-critical + processes/systems may be high. Non mission-critical systems: For information or information systems that do not directly impact mission-critical functions, the availability impact level may be downgraded to low.
+The availability impact level recommended for most energy supply information is moderate.
The integrity impact level is based on the specific mission and the data and systems - supporting that mission, not on the time required to detect the modification to or - destruction of information or information system. The consequences of unauthorized - modification to or destruction of energy supply information or information systems, - usually depends on whether the information is mission-critical. Special Factors - Affecting Integrity Impact Determination: Mission-critical systems: Unauthorized - modification of mission-critical information or information systems (e.g., - electrical power distribution, petroleum or gas pipelines) can result in severe - impacts to the environment, service, major assets and/or human safety. Consequently, - the integrity impact level associated with these types of mission-critical - processes/systems may be high. Non mission-critical systems: For information or - information systems that do not directly impact mission-critical functions, the - integrity impact level may be downgraded to low.
+The integrity impact level is based on the specific mission and the data and systems supporting that mission, not on the time required to detect the modification to or destruction of information or information system. The consequences of unauthorized modification to or destruction of energy supply information or information systems, usually depends on whether the information is mission-critical. Special Factors Affecting Integrity Impact Determination: Mission-critical systems: Unauthorized modification of mission-critical information or information systems (e.g., electrical power distribution, petroleum or gas pipelines) can result in severe impacts to the environment, service, major assets and/or human safety. Consequently, the integrity impact level associated with these types of mission-critical processes/systems may be high. Non mission-critical systems: For information or information systems that do not directly impact mission-critical functions, the integrity + impact level may be downgraded to low.
The provisional integrity impact level recommended for energy supply information is - moderate.
+The provisional integrity impact level recommended for energy supply information is moderate.
Energy Conservation and Preparedness involves protection of energy resources from - over-consumption to ensure the continued availability of fuel resources and to - promote environmental protection. This mission also includes measures taken to - ensure the provision of energy in the event of an emergency.
+Energy Conservation and Preparedness involves protection of energy resources from over-consumption to ensure the continued availability of fuel resources and to promote environmental protection. This mission also includes measures taken to ensure the provision of energy in the event of an emergency.
The confidentiality impact level is the effect of unauthorized disclosure of energy - conservation and preparedness information on the ability of responsible agencies to - protect energy resources from over-consumption to ensure the continued availability - of fuel resources and to promote environmental protection. In most cases, - unauthorized disclosure of energy conservation and preparedness information will - have only a limited adverse effect on agency operations, assets, or individuals. - Special Factors Affecting Confidentiality Impact Determination: In some cases, - unauthorized disclosure of preliminary findings or policies under consideration - regarding proposed conservation measures or the distribution of energy in the event - of an emergency may result in mobilization of special interests. These groups may - successfully oppose necessary conservation measures and be given an unfair advantage - for specific commercial interests. Also, the unauthorized disclosure may cause - domestic or international loss of confidence in the Federal government. In such - cases, serious damage may result for energy conservation and preparedness - operations. Therefore, the confidentiality impact level may be moderate. In other - cases, unauthorized disclosure of information regarding measures taken to ensure the - provision of energy in the event of an emergency may facilitate malicious activities - of terrorists. Here, there is a potential for loss of human life resulting from - extended outages, so the confidentiality impact level may be high.
+The confidentiality impact level is the effect of unauthorized disclosure of energy conservation and preparedness information on the ability of responsible agencies to protect energy resources from over-consumption to ensure the continued availability of fuel resources and to promote environmental protection. In most cases, unauthorized disclosure of energy conservation and preparedness information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, unauthorized disclosure of preliminary findings or policies under consideration regarding proposed conservation measures or the distribution of energy in the event of an emergency may result in mobilization of special interests. These groups may successfully oppose necessary conservation measures and be given an unfair advantage for specific commercial interests. Also, the unauthorized disclosure may cause domestic + or international loss of confidence in the Federal government. In such cases, serious damage may result for energy conservation and preparedness operations. Therefore, the confidentiality impact level may be moderate. In other cases, unauthorized disclosure of information regarding measures taken to ensure the provision of energy in the event of an emergency may facilitate malicious activities of terrorists. Here, there is a potential for loss of human life resulting from extended outages, so the confidentiality impact level may be high.
The provisional confidentiality impact level recommended for most energy conservation - and preparedness information is low.
+The provisional confidentiality impact level recommended for most energy conservation and preparedness information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to energy - conservation and preparedness information. Loan assistance processes are generally - tolerant of delay. In most cases disruption of access to energy conservation and - preparedness information will have only a limited adverse effect on agency - operations, agency assets, or individuals. Special Factors Affecting Availability - Impact Determination: Unavailability of information necessary to mission-critical - procedures ensuring the provision of energy in the event of an emergency may result - in extended outages. There is some potential for a consequent threat to critical - energy infrastructure and to human life. In such cases, the availability impact - level may be high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to energy conservation and preparedness information. Loan assistance processes are generally tolerant of delay. In most cases disruption of access to energy conservation and preparedness information will have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Unavailability of information necessary to mission-critical procedures ensuring the provision of energy in the event of an emergency may result in extended outages. There is some potential for a consequent threat to critical energy infrastructure and to human life. In such cases, the availability impact level may be high.
The provisional availability impact level recommended for energy conservation and - preparedness information is low.
+The provisional availability impact level recommended for energy conservation and preparedness information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In most cases, the adverse effects of unauthorized modification or - destruction of energy conservation and preparedness information on agency mission - functions and public confidence in the agency will be limited Special Factors - Affecting Integrity Impact Determination: Unauthorized modification or destruction - of information necessary to mission-critical procedures ensuring the provision of - energy in the event of an emergency can result in extended outages. There is some - potential for a consequent threat to critical energy infrastructure and to human - life. In such cases, the integrity impact level may be high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effects of unauthorized modification or destruction of energy conservation and preparedness information on agency mission functions and public confidence in the agency will be limited Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information necessary to mission-critical procedures ensuring the provision of energy in the event of an emergency can result in extended outages. There is some potential for a consequent threat to critical energy infrastructure and to human life. In such cases, the integrity impact level may be high.
The provisional integrity impact level recommended for energy conservation and - preparedness information is low.
+The provisional integrity impact level recommended for energy conservation and preparedness information is low.
Energy resource management involves the management of energy producing resources - including facilities, land, and offshore resources.
+Energy resource management involves the management of energy producing resources including facilities, land, and offshore resources.
The confidentiality impact level is the effect of unauthorized disclosure of energy - resource management information on the activities of responsible agencies with - respect to management of energy producing resources including facilities, land, and - offshore resources. Special Factors Affecting Confidentiality Impact Determination: - Unauthorized disclosure of much energy resource management information can result in - major financial consequences and impact financial markets and have a severe adverse - effect on public confidence in the agency. In some cases, the probable consequences - of damage to public confidence in the agency can even be high.
+The confidentiality impact level is the effect of unauthorized disclosure of energy resource management information on the activities of responsible agencies with respect to management of energy producing resources including facilities, land, and offshore resources. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of much energy resource management information can result in major financial consequences and impact financial markets and have a severe adverse effect on public confidence in the agency. In some cases, the probable consequences of damage to public confidence in the agency can even be high.
The consequences of unauthorized disclosure of some energy resource management - information would have only a limited adverse effect on agency operations. However, - the consequences that can be expected to result from unauthorized disclosure of most - energy resource management information justify a moderate provisional - confidentiality impact level.
+The consequences of unauthorized disclosure of some energy resource management information would have only a limited adverse effect on agency operations. However, the consequences that can be expected to result from unauthorized disclosure of most energy resource management information justify a moderate provisional confidentiality impact level.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to energy - resource management information. Generally, missions supported by energy resource - management information are tolerant of delay.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to energy resource management information. Generally, missions supported by energy resource management information are tolerant of delay.
The provisional availability impact level recommended for energy resource management - information is low.
+The provisional availability impact level recommended for energy resource management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of energy - resource management information may depend on the urgency with which the information - is typically needed. Unauthorized modification or destruction of information - affecting external communications (e.g., web pages, electronic mail) may adversely - affect operations and/or public confidence in the agency, but the damage to the - mission would usually be limited Special Factors Affecting Integrity Impact - Determination: If the energy resource management information is mission-critical or - very sensitive, the integrity impact level may be moderate or high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of energy resource management information may depend on the urgency with which the information is typically needed. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited Special Factors Affecting Integrity Impact Determination: If the energy resource management information is mission-critical or very sensitive, the integrity impact level may be moderate or high.
The provisional integrity impact level recommended for most energy resource - management information is low.
+The provisional integrity impact level recommended for most energy resource management information is low.
Energy production involves the transformation of raw energy resources into useable, - deliverable energy. Impacts to some information and information systems associated - with energy production may affect the security of the critical energy - infrastructure.
+Energy production involves the transformation of raw energy resources into useable, deliverable energy. Impacts to some information and information systems associated with energy production may affect the security of the critical energy infrastructure.
The confidentiality impact level is the effect of unauthorized disclosure of energy - production information on the activities of responsible agencies with respect to - transformation of raw energy resources into useable, deliverable energy. The - consequences of unauthorized disclosure of most energy production information would - have only a limited adverse effect on agency operations, agency assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: - Unauthorized disclosure of some energy production information can result in major - financial consequences. In some cases, premature disclosure of this information can - impact financial markets. Unauthorized disclosure to a single institution could - damage faith in government institutions, result in adverse financial events, and - have a serious adverse effect on public confidence in the agency. Therefore, the - confidentiality impact should be at least moderate for this energy production - information.
+The confidentiality impact level is the effect of unauthorized disclosure of energy production information on the activities of responsible agencies with respect to transformation of raw energy resources into useable, deliverable energy. The consequences of unauthorized disclosure of most energy production information would have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some energy production information can result in major financial consequences. In some cases, premature disclosure of this information can impact financial markets. Unauthorized disclosure to a single institution could damage faith in government institutions, result in adverse financial events, and have a serious adverse effect on public confidence in the agency. Therefore, the confidentiality impact should be at least moderate for this energy production information.
The provisional confidentiality impact level recommended for most energy production - information is low.
+The provisional confidentiality impact level recommended for most energy production information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to energy - production information. Missions supported by energy production information are - generally tolerant of delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to energy production information. Missions supported by energy production information are generally tolerant of delays.
The provisional availability impact level recommended for energy production - information is low.
+The provisional availability impact level recommended for energy production information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of energy - production information may depend on the urgency with which the information is - typically needed. Unauthorized modification or destruction of information affecting - external communications (e.g., web pages, electronic mail) may adversely affect - operations or public confidence in the agency, but the damage to the mission would - usually be limited. Special Factors Affecting Integrity Impact Determination: If the - energy production information is time-critical or very sensitive, the integrity - impact level may be moderate or high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of energy production information may depend on the urgency with which the information is typically needed. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: If the energy production information is time-critical or very sensitive, the integrity impact level may be moderate or high.
The provisional integrity impact level recommended for most energy production - information is low.
+The provisional integrity impact level recommended for most energy production information is low.
Environmental Monitoring and Forecasting involves the observation and prediction of - environmental conditions. This includes b the monitoring and forecasting of water - quality, water levels, ice sheets, air quality, regulated and non-regulated - emissions, as well as the observation and prediction of weather patterns and - conditions.
+Environmental Monitoring and Forecasting involves the observation and prediction of environmental conditions. This includes b the monitoring and forecasting of water quality, water levels, ice sheets, air quality, regulated and non-regulated emissions, as well as the observation and prediction of weather patterns and conditions.
The confidentiality impact level is the effect of unauthorized disclosure of - environmental monitoring and forecasting information on the ability of responsible - agencies to observe and predict environmental conditions. The consequences of - unauthorized disclosure of most environmental monitoring information are unlikely to - have a serious adverse effect on agency operations. Special Factors Affecting - Confidentiality Impact Determination: The most serious adverse effects are likely to - involve exposure of information that is proprietary to an organization or result in - damaging publicity for an organization. [Unauthorized disclosure of some information - can have serious economic impact on both individual companies and the broader market - place. The consequences of such unauthorized disclosures may have an adverse effect - on public confidence in the agency.] In such cases, the potential confidentiality - impacts may be at least moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of environmental monitoring and forecasting information on the ability of responsible agencies to observe and predict environmental conditions. The consequences of unauthorized disclosure of most environmental monitoring information are unlikely to have a serious adverse effect on agency operations. Special Factors Affecting Confidentiality Impact Determination: The most serious adverse effects are likely to involve exposure of information that is proprietary to an organization or result in damaging publicity for an organization. [Unauthorized disclosure of some information can have serious economic impact on both individual companies and the broader market place. The consequences of such unauthorized disclosures may have an adverse effect on public confidence in the agency.] In such cases, the potential confidentiality impacts may be at least moderate.
The provisional confidentiality impact level recommended for most environmental - monitoring and forecasting information is low.
+The provisional confidentiality impact level recommended for most environmental monitoring and forecasting information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - environmental monitoring and forecasting information. Except for cases of emergency - bulletins necessary to correct existing threats to public safety, the nature of - environmental monitoring and forecasting processes is usually tolerant of reasonable - delays
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to environmental monitoring and forecasting information. Except for cases of emergency bulletins necessary to correct existing threats to public safety, the nature of environmental monitoring and forecasting processes is usually tolerant of reasonable delays
The provisional availability impact level recommended for environmental monitoring - and forecasting information is low.
+The provisional availability impact level recommended for environmental monitoring and forecasting information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - environmental monitoring information and forecasting can be serious if the public is - exposed to harmful emissions, polluted water, etc. Special Factors Affecting - Integrity Impact Determination: Unauthorized modification or destruction of - information affecting external communications (e.g., web pages, electronic mail) may - adversely affect operations and public confidence in the agency, but also the agency - mission. In some cases, unauthorized modification or destruction of information can - result in loss of human life - a high-impact potential.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of environmental monitoring information and forecasting can be serious if the public is exposed to harmful emissions, polluted water, etc. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency, but also the agency mission. In some cases, unauthorized modification or destruction of information can result in loss of human life - a high-impact potential.
The provisional integrity impact level recommended for environmental monitoring and - forecasting information is moderate.
+The provisional integrity impact level recommended for environmental monitoring and forecasting information is moderate.
Environmental remediation supports the immediate and long-term activities associated - with the correcting and offsetting of environmental deficiencies or imbalances, - including restoration activities.
+Environmental remediation supports the immediate and long-term activities associated with the correcting and offsetting of environmental deficiencies or imbalances, including restoration activities.
The confidentiality impact level is the effect of unauthorized disclosure of - environmental remediation information on the immediate and long-term activities of - responsible agencies with respect to correcting and offsetting environmental - deficiencies or imbalances. Serious adverse effects are likely to result from 1) - exposure of information that is premature and not fully checked for accuracy and - that can damage public confidence in an organization targeted for remedial action, - 2) unauthorized disclosure of information that is proprietary to an organization, 3) - unauthorized disclosure of information concerning proposed remediation that may be - used by organizations opposing particular remedial actions, and 4) disclosure of an - agency’s tactics for enforcing remediation that will have an adverse effect on the - enforcement action. The consequences of such unauthorized disclosures may have a - serious adverse effect on public confidence in the agency, have a serious adverse +
The confidentiality impact level is the effect of unauthorized disclosure of environmental remediation information on the immediate and long-term activities of responsible agencies with respect to correcting and offsetting environmental deficiencies or imbalances. Serious adverse effects are likely to result from 1) exposure of information that is premature and not fully checked for accuracy and that can damage public confidence in an organization targeted for remedial action, 2) unauthorized disclosure of information that is proprietary to an organization, 3) unauthorized disclosure of information concerning proposed remediation that may be used by organizations opposing particular remedial actions, and 4) disclosure of an agency’s tactics for enforcing remediation that will have an adverse effect on the enforcement action. The consequences of such unauthorized disclosures may have a serious adverse effect on public confidence in the agency, have a serious adverse effect on agency operations, and place the agency at a significant disadvantage.
The provisional confidentiality impact level recommended for environmental - remediation information is moderate.
+The provisional confidentiality impact level recommended for environmental remediation information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - pollution prevention and control information. Except for cases of emergency - bulletins necessary to correct existing threats to public safety, pollution - prevention and control processes are usually tolerant of delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to pollution prevention and control information. Except for cases of emergency bulletins necessary to correct existing threats to public safety, pollution prevention and control processes are usually tolerant of delays.
The provisional availability impact level recommended for pollution prevention and - control information is low.
+The provisional availability impact level recommended for pollution prevention and control information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - environmental remediation information may depend on the urgency with which the - information is typically needed. Unauthorized modification or destruction of - information affecting external communications (e.g., web pages, electronic mail) may - adversely affect operations, public confidence in the agency, and the agency - mission.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of environmental remediation information may depend on the urgency with which the information is typically needed. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations, public confidence in the agency, and the agency mission.
The provisional integrity impact level recommended for pollution prevention and - control information is low.
+The provisional integrity impact level recommended for pollution prevention and control information is low.
Business and industry development supports activities related to the creation of - economic and business opportunities and stimulus, and the promotion of financial and - economic stability for corporations and citizens involved in different types of - business.
+Business and industry development supports activities related to the creation of economic and business opportunities and stimulus, and the promotion of financial and economic stability for corporations and citizens involved in different types of business.
The confidentiality impact level is the effect of unauthorized disclosure of business - and industry development information on the ability of responsible agencies to - create economic and business opportunities and stimulus, and promote financial and - economic stability for corporations and citizens involved in different types of - business. The consequences of unauthorized disclosure of most business and industry - development information would have, at most, a limited adverse effect on agency - operations, agency assets, or individuals. Special Factors Affecting Confidentiality - Impact Determination: There may be some cases for which moderate confidentiality - impact is associated with unauthorized disclosure of business/industry development. - For example, unauthorized disclosure of private information concerning individuals - or businesses can result in legal expense and serious effects on public confidence - in the agency. Similarly, unauthorized disclosure of details of current agency - business and industry development activities and plans can serve to focus opposition - and/or give an unfair advantage to competing interests. Additionally, there are - legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade - secrets will generally be assigned a moderate confidentiality impact level.
+The confidentiality impact level is the effect of unauthorized disclosure of business and industry development information on the ability of responsible agencies to create economic and business opportunities and stimulus, and promote financial and economic stability for corporations and citizens involved in different types of business. The consequences of unauthorized disclosure of most business and industry development information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: There may be some cases for which moderate confidentiality impact is associated with unauthorized disclosure of business/industry development. For example, unauthorized disclosure of private information concerning individuals or businesses can result in legal expense and serious effects on public confidence in the agency. Similarly, unauthorized disclosure of details of current + agency business and industry development activities and plans can serve to focus opposition and/or give an unfair advantage to competing interests. Additionally, there are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade secrets will generally be assigned a moderate confidentiality impact level.
The provisional confidentiality impact level recommended for business/industry - development information is low.
+The provisional confidentiality impact level recommended for business/industry development information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to business - and industry development information. Missions supported by business and industry - development information are generally tolerant of delay.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to business and industry development information. Missions supported by business and industry development information are generally tolerant of delay.
The provisional availability impact level recommended for business and industry - development information is low.
+The provisional availability impact level recommended for business and industry development information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - business and industry development information may depend on the urgency with which - the information is typically needed. Unauthorized modification or destruction of - information affecting external communications (e.g., web pages, electronic mail) may - adversely affect operations and/or public confidence in the agency, but the damage - to the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of business and industry development information may depend on the urgency with which the information is typically needed. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for most business and industry - development information is low.
+The provisional integrity impact level recommended for most business and industry development information is low.
The provisional availability impact level recommended for business and industry - development information is low.
+The provisional availability impact level recommended for business and industry development information is low.
The confidentiality impact level is the effect of unauthorized disclosure of - intellectual property protection information on the abilities of responsible - agencies to enforce intellectual property including inventions, literary and - artistic works, and symbols, names, images, and designs used in commerce. The - consequences of unauthorized disclosure of the majority of intellectual property - protection information will result in, at most, a limited adverse effect on agency - operations, agency assets, or individuals. Special Factors Affecting Confidentiality - Impact Determination: There are legislative mandates prohibiting unauthorized - disclosure of trade secrets. Trade secrets will generally be assigned a moderate - confidentiality impact level. In the case of patent activities, technical details of - applications involving inventions with military applications and with deliberations - concerning withholding patents as a result of national security considerations may - be sensitive. (In some cases, the patent application information may be classified - or to contain information concerning weapons or weapons systems. In such cases, the - information would be national security information, and outside the scope of this - guideline.)
+The confidentiality impact level is the effect of unauthorized disclosure of intellectual property protection information on the abilities of responsible agencies to enforce intellectual property including inventions, literary and artistic works, and symbols, names, images, and designs used in commerce. The consequences of unauthorized disclosure of the majority of intellectual property protection information will result in, at most, a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: There are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade secrets will generally be assigned a moderate confidentiality impact level. In the case of patent activities, technical details of applications involving inventions with military applications and with deliberations concerning withholding patents as a result of national security considerations may be sensitive. + (In some cases, the patent application information may be classified or to contain information concerning weapons or weapons systems. In such cases, the information would be national security information, and outside the scope of this guideline.)
The provisional confidentiality impact level recommended for intellectual property - protection information is low.
+The provisional confidentiality impact level recommended for intellectual property protection information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - intellectual property protection information. The nature of intellectual property - protection processes is tolerant of reasonable delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to intellectual property protection information. The nature of intellectual property protection processes is tolerant of reasonable delays.
The provisional availability impact level recommended for intellectual property - protection information is low.
+The provisional availability impact level recommended for intellectual property protection information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - intellectual property protection information depends on the criticality of the - information with respect to agency mission capability, protection of agency assets, - and safety of individuals. The effects of modification or deletion of this - information are generally limited with respect to agency mission capabilities or - assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of intellectual property protection information depends on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. The effects of modification or deletion of this information are generally limited with respect to agency mission capabilities or assets.
The provisional integrity impact level recommended for intellectual property - protection information is low.
+The provisional integrity impact level recommended for intellectual property protection information is low.
Financial Sector Oversight involves the regulation of private sector firms and - markets (stock exchanges, corporations, etc.) to protect investors from fraud, - monopolies, and illegal behavior. This also includes deposit protection.
+Financial Sector Oversight involves the regulation of private sector firms and markets (stock exchanges, corporations, etc.) to protect investors from fraud, monopolies, and illegal behavior. This also includes deposit protection.
The confidentiality impact level is the effect of unauthorized disclosure of - financial sector oversight information on the ability of responsible agencies to - regulate private sector firms and markets (stock exchanges, corporations, etc.) to - protect investors from fraud, monopolies, and illegal behavior. This also includes - deposit protection, creation, regulation, and control of the nation’s currency and - coinage supply and demand. Special Factors Affecting Confidentiality Impact - Determination: While the consequences of unauthorized disclosure of some financial - sector oversight information would have only a limited adverse effect on agency - operations, agency assets, or individuals, there are significant exceptions. - Unauthorized disclosure of much financial sector oversight information can result in - major financial consequences. This can result in assignment of a high impact level - to such information. In some cases, premature disclosure of regulatory information - can impact major financial markets and damage national banking and finance - infrastructures. For example, unauthorized disclosure of a decision to increase the - money supply or of an ongoing securities fraud investigation can have a dramatic - effect on financial markets. This can result in assignment of a high impact level to - such information. Unauthorized disclosure to a single institution (e.g., a major - banking institution or brokerage house), could damage faith in regulatory - institutions and result in even more market disruption and have a severe or - catastrophic adverse effect on public confidence in the agency. This can result in - assignment of a high impact level to such information. Even where the consequences - are limited to giving an unfair market advantage to a single financial or commercial - institution, unauthorized disclosure can have a serious adverse effect on public - confidence in the agency and its staff. This can result in assignment of a high - impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of financial sector oversight information on the ability of responsible agencies to regulate private sector firms and markets (stock exchanges, corporations, etc.) to protect investors from fraud, monopolies, and illegal behavior. This also includes deposit protection, creation, regulation, and control of the nation’s currency and coinage supply and demand. Special Factors Affecting Confidentiality Impact Determination: While the consequences of unauthorized disclosure of some financial sector oversight information would have only a limited adverse effect on agency operations, agency assets, or individuals, there are significant exceptions. Unauthorized disclosure of much financial sector oversight information can result in major financial consequences. This can result in assignment of a high impact level to such information. In some cases, premature disclosure of regulatory information can impact + major financial markets and damage national banking and finance infrastructures. For example, unauthorized disclosure of a decision to increase the money supply or of an ongoing securities fraud investigation can have a dramatic effect on financial markets. This can result in assignment of a high impact level to such information. Unauthorized disclosure to a single institution (e.g., a major banking institution or brokerage house), could damage faith in regulatory institutions and result in even more market disruption and have a severe or catastrophic adverse effect on public confidence in the agency. This can result in assignment of a high impact level to such information. Even where the consequences are limited to giving an unfair market advantage to a single financial or commercial institution, unauthorized disclosure can have a serious adverse effect on public confidence in the agency and its staff. This can result in assignment of a high impact level to such + information.
The provisional confidentiality impact level recommended for financial sector - oversight information is moderate.
+The provisional confidentiality impact level recommended for financial sector oversight information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - financial sector oversight information. Missions supported by financial sector - oversight information are generally tolerant of delay.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to financial sector oversight information. Missions supported by financial sector oversight information are generally tolerant of delay.
The provisional availability impact level recommended for financial sector oversight - information is low.
+The provisional availability impact level recommended for financial sector oversight information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. T he consequences of unauthorized modification or destruction of - financial sector oversight information depends on whether the information is - time-critical. Unauthorized modification or destruction of information affecting - external communications (e.g., web pages, electronic mail) may adversely affect - operations or public confidence in the agency, but the damage to the mission would - usually be limited. Special Factors Affecting Integrity Impact Determination: Where - unauthorized modification or destruction of financial sector oversight information - facilitates or enables catastrophic consequences, the integrity impact level may be - high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. T he consequences of unauthorized modification or destruction of financial sector oversight information depends on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: Where unauthorized modification or destruction of financial sector oversight information facilitates or enables catastrophic consequences, the integrity impact level may be high.
The provisional integrity impact level recommended for most financial sector - oversight information is low.
+The provisional integrity impact level recommended for most financial sector oversight information is low.
Industry Sector Income Stabilization involves all programs and activities devoted to - assisting adversely impacted industrial sectors (farming, commercial transportation, - etc.) to ensure the continued availability of their services for the American public - and the long-term economic stability of these sectors.
+Industry Sector Income Stabilization involves all programs and activities devoted to assisting adversely impacted industrial sectors (farming, commercial transportation, etc.) to ensure the continued availability of their services for the American public and the long-term economic stability of these sectors.
The confidentiality impact level is the effect of unauthorized disclosure of industry - sector income stabilization information on the ability of responsible agencies to - assist adversely impacted industrial sectors (farming, commercial transportation, - etc.) to ensure the continued availability of their services for the American public - and the long-term economic stability of these sectors. In most cases, unauthorized - disclosure of industry sector income stabilization information will have only a - limited adverse effect on agency operations, assets, or individuals. However, - unauthorized premature disclosure of Federal government plans for industry sector - income stabilization actions (e.g., grants or subsidies) as well as of government - economic forecasts and commentary preliminary to formulation of plans may result in - major financial consequences. Unauthorized and premature disclosure to a single - institution (e.g., a major manufacturing institution, a major agribusiness - institution, or a commodity brokerage house), could damage confidence in economic - stabilization institutions and have a severe adverse effect on public confidence in - the government.
+The confidentiality impact level is the effect of unauthorized disclosure of industry sector income stabilization information on the ability of responsible agencies to assist adversely impacted industrial sectors (farming, commercial transportation, etc.) to ensure the continued availability of their services for the American public and the long-term economic stability of these sectors. In most cases, unauthorized disclosure of industry sector income stabilization information will have only a limited adverse effect on agency operations, assets, or individuals. However, unauthorized premature disclosure of Federal government plans for industry sector income stabilization actions (e.g., grants or subsidies) as well as of government economic forecasts and commentary preliminary to formulation of plans may result in major financial consequences. Unauthorized and premature disclosure to a single institution (e.g., a major manufacturing institution, a major agribusiness + institution, or a commodity brokerage house), could damage confidence in economic stabilization institutions and have a severe adverse effect on public confidence in the government.
The provisional confidentiality impact level recommended for industry sector income - stabilization information is moderate.
+The provisional confidentiality impact level recommended for industry sector income stabilization information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to industry - sector income stabilization information. Industry sector income stabilization - processes are generally tolerant of delay. In most cases, disruption of access to - industry sector income stabilization information can be expected to have only a - limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to industry sector income stabilization information. Industry sector income stabilization processes are generally tolerant of delay. In most cases, disruption of access to industry sector income stabilization information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for industry sector income - stabilization information is low.
+The provisional availability impact level recommended for industry sector income stabilization information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Industry sector income stabilization activities are not generally - time-critical. In most cases, the adverse effects of unauthorized modification or - destruction of industry sector income stabilization information on agency mission - functions and public confidence in the agency will be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Industry sector income stabilization activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of industry sector income stabilization information on agency mission functions and public confidence in the agency will be limited.
The provisional integrity impact level recommended for industry sector income - stabilization information is low.
+The provisional integrity impact level recommended for industry sector income stabilization information is low.
Homeownership Promotion includes activities devoted to assisting citizens interested - in buying homes and educating the public as to the benefits of homeownership. Note: - Activities devoted to the provision of housing to low-income members of the public - are covered under the Housing Assistance mission.
+Home-ownership Promotion includes activities devoted to assisting citizens interested in buying homes and educating the public as to the benefits of home-ownership. Note: Activities devoted to the provision of housing to low-income members of the public are covered under the Housing Assistance mission.
The confidentiality impact level is the effect of unauthorized disclosure of - homeownership promotion information on the ability of responsible agencies to assist - citizens interested in buying homes and educating the public as to the benefits of - homeownership. The consequences of unauthorized disclosure of most homeownership - promotion information would have a limited adverse effect on agency operations, - agency assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: Exceptions that might have a potential for more serious consequences - are based on privacy information processed in training and employment systems (e.g., - information required by the Privacy Act of 1974 or other statutes and executive - orders to receive special handling to protect the privacy of individuals). The - Privacy Act Information provisional impact levels are documented in the Personal - Identity and Authentication information type. This can result in assignment of a - moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of home-ownership promotion information on the ability of responsible agencies to assist citizens interested in buying homes and educating the public as to the benefits of home-ownership. The consequences of unauthorized disclosure of most home-ownership promotion information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information processed in training and employment systems (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate + impact level to such information.
The provisional confidentiality impact level recommended for homeownership promotion - information is low.
+The provisional confidentiality impact level recommended for home-ownership promotion information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - homeownership promotion information. The effects of disruption of access to most - homeownership promotion information or information systems would have a limited - adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to home-ownership promotion information. The effects of disruption of access to most home-ownership promotion information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for homeownership promotion - information is low.
+The provisional availability impact level recommended for home-ownership promotion information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - homeownership promotion information would have, at most, a limited adverse effect on - agency operations, agency assets, or individuals. Unauthorized modification or - destruction of information affecting external communications (e.g., web pages, - electronic mail) may adversely affect operations and/or public confidence in the - agency, but the damage to the mission would usually be limited
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of home-ownership promotion information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited
The provisional integrity impact level recommended most homeownership promotion - information is low.
+The provisional integrity impact level recommended most home-ownership promotion information is low.
The Community and Regional Development mission involves activities designed to assist - communities in preventing and eliminating blight and deterioration, assist - economically distressed communities, and encourage and foster economic development - through improved public facilities and resources.
+The Community and Regional Development mission involves activities designed to assist communities in preventing and eliminating blight and deterioration, assist economically distressed communities, and encourage and foster economic development through improved public facilities and resources.
The confidentiality impact level is the effect of unauthorized disclosure of - community and regional development information on the ability of responsible - agencies to assist communities in preventing and eliminating blight and - deterioration, assist economically distressed communities, and encourage and foster - economic development through improved public facilities and resources. The - consequences of unauthorized disclosure of most community and regional development - information would have a limited adverse effect on agency operations, agency assets, - or individuals. Special Factors Affecting Confidentiality Impact Determination: - Exceptions that might have a potential for more serious consequences are based on - privacy information processed in training and employment systems (e.g., information - required by the Privacy Act of 1974 or other statutes and executive orders to - receive special handling to protect the privacy of individuals). The Privacy Act - Information provisional impact levels are documented in the Personal Identity and - Authentication information type. Another exception might be unauthorized disclosure - of information that gives an individual or corporate entity an unfair competitive - advantage in obtaining contracts or other funding for development activities. This - can result in assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of community and regional development information on the ability of responsible agencies to assist communities in preventing and eliminating blight and deterioration, assist economically distressed communities, and encourage and foster economic development through improved public facilities and resources. The consequences of unauthorized disclosure of most community and regional development information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information processed in training and employment systems (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional + impact levels are documented in the Personal Identity and Authentication information type. Another exception might be unauthorized disclosure of information that gives an individual or corporate entity an unfair competitive advantage in obtaining contracts or other funding for development activities. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for community and regional - development information is low.
+The provisional confidentiality impact level recommended for community and regional development information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - community and regional development information. The effects of disruption of access - to most community and regional development information or information systems would - have a limited adverse effect on agency operations, agency assets, or - individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to community and regional development information. The effects of disruption of access to most community and regional development information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for community and regional - development information is low.
+The provisional availability impact level recommended for community and regional development information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - community and regional development information would have, at most, a limited - adverse effect on agency operations, agency assets, or individuals. Unauthorized - modification or destruction of information affecting external communications (e.g., - web pages, electronic mail) may adversely affect operations and/or public confidence - in the agency, but the damage to the mission would usually be limited
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of community and regional development information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited
The provisional integrity impact level recommended for most community and regional - development information is low.
+The provisional integrity impact level recommended for most community and regional development information is low.
Social Services are designed to provide meaningful opportunities for social and - economic growth of the disadvantaged sector of the population in order to develop - individuals into productive and self-reliant citizens and promote social equity. - Included in this category are social welfare services extended to children and - adults with special needs, such as the orphaned, neglected, abandoned, disabled, - etc. Such services include family life education and counseling, adoption, - guardianship, foster family care, rehabilitation services, etc. Note: This mission - does not include services that are primarily for income support (Income Security) or - are an integral part of some other mission area (e.g., Health, Workforce Management, - etc.).
+Social Services are designed to provide meaningful opportunities for social and economic growth of the disadvantaged sector of the population in order to develop individuals into productive and self-reliant citizens and promote social equity. Included in this category are social welfare services extended to children and adults with special needs, such as the orphaned, neglected, abandoned, disabled, etc. Such services include family life education and counseling, adoption, guardianship, foster family care, rehabilitation services, etc. Note: This mission does not include services that are primarily for income support (Income Security) or are an integral part of some other mission area (e.g., Health, Workforce Management, etc.).
The confidentiality impact level is the effect of unauthorized disclosure of social - services information on the ability of responsible agencies to provide meaningful - opportunities for social and economic growth of the disadvantaged sector of the - population in order to develop individuals into productive and self-reliant citizens - and promote social equity. The consequences of unauthorized disclosure of most - social services information would have a limited adverse effect on agency - operations, agency assets, or individuals. Special Factors Affecting Confidentiality - Impact Determination: Exceptions that might have a potential for more serious - consequences include privacy information processed in training and employment - systems (e.g., information required by the Privacy Act of 1974 or other statutes and - executive orders to receive special handling to protect the privacy of individuals). - The Privacy Act Information provisional impact levels are documented in the Personal - Identity and Authentication information type. Other exceptions include unauthorized - disclosure of information that might assist criminals to perpetrate fraud, - particularly with respect to income security disbursements. This can result in - assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of social services information on the ability of responsible agencies to provide meaningful opportunities for social and economic growth of the disadvantaged sector of the population in order to develop individuals into productive and self-reliant citizens and promote social equity. The consequences of unauthorized disclosure of most social services information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences include privacy information processed in training and employment systems (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal + Identity and Authentication information type. Other exceptions include unauthorized disclosure of information that might assist criminals to perpetrate fraud, particularly with respect to income security disbursements. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for social services - information is low.
+The provisional confidentiality impact level recommended for social services information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to social - services information. The effects of disruption of access to most social services - information or information systems would have, at most, a limited adverse effect on - agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to social services information. The effects of disruption of access to most social services information or information systems would have, at most, a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for social services information - is low.
+The provisional availability impact level recommended for social services information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of social - services information would have, at most, a limited adverse effect on agency - operations, agency assets, or individuals. Unauthorized modification or destruction - of information affecting external communications (e.g., web pages, electronic mail) - may adversely affect operations and/or public confidence in the agency, but the - damage to the mission would usually be limited. Another threat is that of - unauthorized modification of information to support fraudulent activities. This - might result in harm to individuals, but not to agency operations or missions.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of social services information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Another threat is that of unauthorized modification of information to support fraudulent activities. This might result in harm to individuals, but not to agency operations or missions.
The provisional integrity impact level recommended for most social services - information is low.
+The provisional integrity impact level recommended for most social services information is low.
Postal Services provide for the timely and consistent exchange and delivery of mail - and packages between businesses, organizations, and residents of the United States - or between businesses, organizations, and residents of the United States and the - rest of the world. It also includes the nation-wide retail infrastructure required - to make Postal Services easily accessible to customers. (Note: The commercial - function of mail is more closely aligned with the “Business and Industry - Development” mission in the “Economic Development mission area.” The international - commercial function of mail is more closely aligned with the “Global Trade” mission - in the “International Affairs” mission area).
+Postal Services provide for the timely and consistent exchange and delivery of mail and packages between businesses, organizations, and residents of the United States or between businesses, organizations, and residents of the United States and the rest of the world. It also includes the nation-wide retail infrastructure required to make Postal Services easily accessible to customers. (Note: The commercial function of mail is more closely aligned with the “Business and Industry Development” mission in the “Economic Development mission area.” The international commercial function of mail is more closely aligned with the “Global Trade” mission in the “International Affairs” mission area).
The confidentiality impact level is the effect of unauthorized disclosure of postal - services information on the ability of responsible agencies to provide for the - timely and consistent exchange and delivery of mail and packages between businesses, - organizations, and residents of the United States or between businesses, - organizations, and residents of the United States and the rest of the world. The - consequences of unauthorized disclosure of most postal services information would - have a limited adverse effect on agency operations, agency assets, or individuals. - Special Factors Affecting Confidentiality Impact Determination: Exceptions that - might have a potential for more serious consequences include privacy information - (e.g., information required by the Privacy Act of 1974 or other statutes and - executive orders to receive special handling to protect the privacy of individuals). - The Privacy Act Information provisional impact levels are documented in the Personal - Identity and Authentication information type. Other exceptions include unauthorized - disclosure of information that might assist criminals to perpetrate fraud, - particularly with respect to income security disbursements. Because registered mail - can be employed to transmit classified information, information regarding some - registered mail can facilitate unauthorized access to national security information. - This can result in assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of postal services information on the ability of responsible agencies to provide for the timely and consistent exchange and delivery of mail and packages between businesses, organizations, and residents of the United States or between businesses, organizations, and residents of the United States and the rest of the world. The consequences of unauthorized disclosure of most postal services information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences include privacy information (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal Identity + and Authentication information type. Other exceptions include unauthorized disclosure of information that might assist criminals to perpetrate fraud, particularly with respect to income security disbursements. Because registered mail can be employed to transmit classified information, information regarding some registered mail can facilitate unauthorized access to national security information. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for most postal services - information is low.
+The provisional confidentiality impact level recommended for most postal services information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to postal - services information. The effects of disruption of access to most postal services - information or information systems would have an adverse effect on agency - operations. Because most postal services information is time critical, extended - widespread outages could seriously affect the commerce of the United States.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to postal services information. The effects of disruption of access to most postal services information or information systems would have an adverse effect on agency operations. Because most postal services information is time critical, extended widespread outages could seriously affect the commerce of the United States.
The provisional availability impact level recommended for postal services information - is moderate.
+The provisional availability impact level recommended for postal services information is moderate.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of postal - services information would have, at most, a limited adverse effect on agency - operations, agency assets, or individuals. Unauthorized modification or destruction - of information affecting external communications (e.g., web pages, electronic mail) - may adversely affect operations and/or public confidence in the agency, but the - damage to the mission would usually be limited. Special Factors Affecting Integrity - Impact Determination: The consequences of unauthorized modification or destruction - of postal information might provide terrorists the tools to carry out an attack. The - consequences in terms of critical infrastructure protection and risk to human life - may be severe. In such cases, the integrity impact of compromise would be high. - Another threat is that of unauthorized modification of information to support - fraudulent activities (e.g., misdirection of monetary instruments, execution of - fraudulent financial transactions). This might result in harm to individuals, but - not to agency operations or missions.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of postal services information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: The consequences of unauthorized modification or destruction of postal information might provide terrorists the tools to carry out an attack. The consequences in terms of critical infrastructure protection and risk to human life may be severe. In such cases, the integrity impact of compromise would be + high. Another threat is that of unauthorized modification of information to support fraudulent activities (e.g., misdirection of monetary instruments, execution of fraudulent financial transactions). This might result in harm to individuals, but not to agency operations or missions.
The provisional integrity impact level recommended for most postal services - information is moderate.
+The provisional integrity impact level recommended for most postal services information is moderate.
Ground Transportation involves the activities related to ensuring the availability of - transit and the safe passage of passengers and goods over land. Water and fuel - pipelines are included among ground transportation assets. Note: The protection of - ground transportation from deliberate attack is included in the Transportation - Security information type under the Homeland Security mission area.
+Ground Transportation involves the activities related to ensuring the availability of transit and the safe passage of passengers and goods over land. Water and fuel pipelines are included among ground transportation assets. Note: The protection of ground transportation from deliberate attack is included in the Transportation Security information type under the Homeland Security mission area.
The confidentiality impact level is the effect of unauthorized disclosure of ground - transportation information on the ability of responsible agencies to ensure the - availability of transit and the safe passage of passengers and goods over land. The - protection of ground transportation from deliberate attack is included in the - Transportation Security information type under the Homeland Security mission area. - For most cases, unauthorized disclosure of ground transportation information will - have only a limited adverse effect on agency operations, assets, or individuals. - Special Factors Affecting Confidentiality Impact Determination: Some regulatory and - tariff enforcement functions associated with the safe passage of passengers and - goods over land involve relatively sensitive information. These are included in Law - Enforcement. Unauthorized disclosure of accident investigation information that has - not yet been adequately researched, coordinated, or edited can result in serious - economic harm to individuals and to corporations. Loss in public confidence is a - further potential consequence. Additionally, some information associated with ground - transportation functions is proprietary to corporations or subject to privacy laws - (e.g., the Privacy Act of 1974). (The Privacy Act Information provisional impact - levels are documented in the Personal Identity and Authentication information type.) - In such cases, the confidentiality impact resulting from unauthorized disclosure may - be moderate. Some military ground transportation information is national security - information and is outside the scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of ground transportation information on the ability of responsible agencies to ensure the availability of transit and the safe passage of passengers and goods over land. The protection of ground transportation from deliberate attack is included in the Transportation Security information type under the Homeland Security mission area. For most cases, unauthorized disclosure of ground transportation information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Some regulatory and tariff enforcement functions associated with the safe passage of passengers and goods over land involve relatively sensitive information. These are included in Law Enforcement. Unauthorized disclosure of accident investigation information that has not yet been adequately researched, coordinated, or edited can result in serious + economic harm to individuals and to corporations. Loss in public confidence is a further potential consequence. Additionally, some information associated with ground transportation functions is proprietary to corporations or subject to privacy laws (e.g., the Privacy Act of 1974). (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) In such cases, the confidentiality impact resulting from unauthorized disclosure may be moderate. Some military ground transportation information is national security information and is outside the scope of this guideline.
The provisional confidentiality impact level recommended for ground transportation - information is low.
+The provisional confidentiality impact level recommended for ground transportation information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to ground - transportation information. Most ground transportation processes are tolerant of - reasonable delays. In most cases, disruption of access to ground transportation - information can be expected to have only a limited adverse effect on agency - operations, agency assets, or individuals. Special Factors Affecting Availability - Impact Determination: Some ground transportation functions are time-critical (e.g., - track switching functions associated with rail travel). Loss of availability of - time-critical information necessary to these functions can result in large-scale - property loss and in loss of human lives. Such information will have a high - integrity impact level.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to ground transportation information. Most ground transportation processes are tolerant of reasonable delays. In most cases, disruption of access to ground transportation information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Some ground transportation functions are time-critical (e.g., track switching functions associated with rail travel). Loss of availability of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. Such information will have a high integrity impact level.
The provisional availability impact level recommended for ground transportation - information is low.
+The provisional availability impact level recommended for ground transportation information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In most cases, the adverse effects of unauthorized modification or - destruction of ground transportation information on agency mission functions and - public confidence in the agency will be limited. Special Factors Affecting Integrity - Impact Determination: Some ground transportation functions are time-critical (e.g., - track switching functions associated with rail travel). Unauthorized modification or - destruction of time-critical information necessary to these functions can result in - large-scale property loss and in loss of human lives. Such information will have a - high integrity impact level.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effects of unauthorized modification or destruction of ground transportation information on agency mission functions and public confidence in the agency will be limited. Special Factors Affecting Integrity Impact Determination: Some ground transportation functions are time-critical (e.g., track switching functions associated with rail travel). Unauthorized modification or destruction of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. Such information will have a high integrity impact level.
The provisional integrity impact level recommended for ground transportation - information is low.
+The provisional integrity impact level recommended for ground transportation information is low.
Water Transportation involves the activities related to ensuring the availability of - transit and the safe passage of passengers and goods over sea and water. Note: The - protection of maritime transportation from deliberate attack is included in the - Transportation Security information type under the Homeland Security mission - area.
+Water Transportation involves the activities related to ensuring the availability of transit and the safe passage of passengers and goods over sea and water. Note: The protection of maritime transportation from deliberate attack is included in the Transportation Security information type under the Homeland Security mission area.
The confidentiality impact level is the effect of unauthorized disclosure of water - transportation information on the ability of responsible agencies to ensure the - availability of transit and the safe passage of passengers and goods over sea and - water. The protection of water transportation from deliberate attack is included in - the Transportation Security information type under the Homeland Security mission - area. Some regulatory and tariff enforcement functions associated with the safe - passage of passengers and goods over sea and water involve relatively sensitive - information. These are included in Law Enforcement. In most cases, unauthorized - disclosure of water transportation information will have only a limited adverse - effect on agency operations, assets, or individuals. Special Factors Affecting - Confidentiality Impact Determination: Unauthorized disclosure of accident - investigation information that has not been adequately researched, coordinated, or - edited can result in serious economic harm to individuals and to corporations. Loss - in public confidence is a further potential consequence. Additionally, some - information associated with water transportation functions is proprietary to - corporations or subject to privacy laws. In such cases, the confidentiality impact - resulting from unauthorized disclosure can be moderate. Some military sea and water - transportation information is national security information and is outside the scope - of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of water transportation information on the ability of responsible agencies to ensure the availability of transit and the safe passage of passengers and goods over sea and water. The protection of water transportation from deliberate attack is included in the Transportation Security information type under the Homeland Security mission area. Some regulatory and tariff enforcement functions associated with the safe passage of passengers and goods over sea and water involve relatively sensitive information. These are included in Law Enforcement. In most cases, unauthorized disclosure of water transportation information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of accident investigation information that has not been adequately researched, coordinated, or edited can result + in serious economic harm to individuals and to corporations. Loss in public confidence is a further potential consequence. Additionally, some information associated with water transportation functions is proprietary to corporations or subject to privacy laws. In such cases, the confidentiality impact resulting from unauthorized disclosure can be moderate. Some military sea and water transportation information is national security information and is outside the scope of this guideline.
The provisional confidentiality impact level recommended for water transportation - information is low.
+The provisional confidentiality impact level recommended for water transportation information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to water - transportation information. Most water transportation processes are tolerant of - reasonable delays. In most cases, disruption of access to water transportation - information can be expected to have only a limited adverse effect on agency - operations, agency assets, or individuals. Special Factors Affecting Availability - Impact Determination: Some water and sea transportation functions are time-critical - (e.g., distress signals, docking operations, collision avoidance, warnings of - hazardous weather or sea conditions). Loss of availability of time-critical - information necessary to these functions can result in large-scale property loss and - in loss of human lives. Such information would have a high integrity impact - level.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to water transportation information. Most water transportation processes are tolerant of reasonable delays. In most cases, disruption of access to water transportation information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Some water and sea transportation functions are time-critical (e.g., distress signals, docking operations, collision avoidance, warnings of hazardous weather or sea conditions). Loss of availability of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. Such information would have a high integrity impact level.
The provisional availability impact level recommended for water transportation - information is low.
+The provisional availability impact level recommended for water transportation information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. In most cases, the adverse effects of unauthorized modification or - destruction of water transportation information on agency mission functions and - public confidence in the agency will be limited. Special Factors Affecting Integrity - Impact Determination: Some water and sea transportation functions are time-critical - (e.g., distress signals, docking operations, collision avoidance, warnings of - hazardous weather or sea conditions). Unauthorized modification or destruction of - time-critical information necessary to these functions can result in large-scale - property loss and in loss of human lives. Such information would have a high - integrity impact level. Communications management (e.g., frequency management) - information also needs to be included in water transportation integrity impact - considerations. There may be circumstances when errors in frequency assignment - information can result in an inability for Federal government agencies to - communicate with state or local government activities. The subsequent loss of - communications capabilities can result in life-threatening situations. Such - information would have a high integrity impact level.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effects of unauthorized modification or destruction of water transportation information on agency mission functions and public confidence in the agency will be limited. Special Factors Affecting Integrity Impact Determination: Some water and sea transportation functions are time-critical (e.g., distress signals, docking operations, collision avoidance, warnings of hazardous weather or sea conditions). Unauthorized modification or destruction of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. Such information would have a high integrity impact level. Communications management (e.g., frequency management) information also needs to be included in water transportation integrity impact + considerations. There may be circumstances when errors in frequency assignment information can result in an inability for Federal government agencies to communicate with state or local government activities. The subsequent loss of communications capabilities can result in life-threatening situations. Such information would have a high integrity impact level.
The provisional integrity impact level recommended for water transportation - information is low.
+The provisional integrity impact level recommended for water transportation information is low.
Air Transportation involves the activities related to the safe passage of passengers - or goods through the air. It also includes command and control activities related to - the safe movement of aircraft through all phases of flight for commercial and - military operations. Note: The protection of air transportation from deliberate - attack is included in the Transportation Security information type under the - Homeland Security mission area.
-The confidentiality impact level is the effect of unauthorized disclosure of air - transportation information on the ability of responsible agencies to ensure the safe - passage of passengers and goods through the air. The protection of air - transportation from deliberate attack is included in the Transportation Security - information type under the Homeland Security mission area. Some regulatory and - tariff enforcement functions associated with the safe passage of passengers and - goods over land involve sensitive information. These are treated under Law - Enforcement. In most cases, unauthorized disclosure of air transportation - information will have only a limited adverse effect on agency operations, assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: - Unauthorized disclosure of information (e.g., investigations, maintenance) that has - not been adequately researched, coordinated, or edited can result in serious - economic harm to individuals and to corporations. Loss in public confidence is a - further potential consequence. Additionally, some information associated with air - transportation functions is proprietary to corporations or subject to privacy laws. - In such cases, the confidentiality impact resulting from unauthorized disclosure can - be moderate. The sensitivity of air transportation information (e.g., aircraft - positioning data)can be time or event-driven. For example, passenger lists are not - releasable to the general public before a flight takes off, but are placed in the - public domain in the event of a crash. In such cases, the confidentiality impact - resulting from unauthorized disclosure can be moderate. Also, much military air - transport information is national security information and is outside the scope of - this guideline.
-The provisional confidentiality impact level recommended for air transportation - information is low.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to air - transportation information. Special Factors Affecting Availability Impact - Determination: Some air transportation functions are time-critical (e.g., air - traffic control instructions, position reports, situational awareness, separation, - weather reports for the terminal area, microburst tracking, maintenance trouble - reports). Loss of availability of time-critical information necessary to these - functions can result in large-scale property loss and in loss of human lives. Timing - plays a large part in the availability impact of air transportation information. For - example, the time criticality of weather information may be measured in minutes or - hours in the case of pre-flight and mid-flight operations. However, on final landing - approach, up to the second availability may be required (e.g., detection of - microbursts in the terminal area). Air operations are not tolerant of information - loss. The Wide Area Augmentation System (WAAS) supplements the availability of - information available from the Department of Defense's Global Positioning Systems - (GPS). Because of the potential system-wide impacts from a loss of availability of - this system, it would be appropriately categorized as having a high availability - impact. The following example illustrates the use of controls to address a high - integrity impact level: The systems designed for command and control for air traffic - control (e.g., the NAS systems) have been designed for robust operations. However, - in general, loss of availability for the majority of systems does not cause - derogation in safety. The impacts of a loss of availability (or the loss of - availability due to the loss of integrity) include local or system-wide air traffic - delays, diversion of traffic to alternate airports, etc., and the economic losses - related to those delays, diversions, etc. Severe impacts are not the norm because - the loss of availability is inevitable, and the systems have been designed to - accommodate failures. In light of the above, the Recommended Availability Impact - Level is moderate.
-The provisional availability impact level recommended for most air transportation - information is low.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Many air transportation functions do not process time-critical - information. Special Factors Affecting Integrity Impact Determination: Some air - transportation functions are time-critical (e.g., air traffic control instructions, - position reports, situational awareness, separation, weather reports for the - terminal area, microburst tracking, maintenance trouble reports). Communications - management (e.g., frequency management) information also needs to be included in air - transportation integrity impact considerations. There may be circumstances under - which erroneous frequency assignment information can result in a loss of - communications with aircraft that are affected by hazardous conditions (e.g., loss - of communications with an aircraft in a crowded air space.) Unauthorized - modification or destruction of time-critical information necessary to these - functions can result in large-scale property loss and in loss of human lives. The - Wide Area Augmentation System (WAAS) supplements the availability and integrity of - position information available from the DoD's Global Positioning Systems (GPS). - Because of the potential system-wide impacts from a loss of integrity of this - system, a high integrity impact level is recommended. The following example - illustrates the use of controls to address a high integrity impact level: Systems - designed for command and control for air traffic control (e.g., the NAS systems) - have been designed for robust operations. In the NAS, integrity and availability - issues are closely linked. The loss of integrity in a system is monitored - continuously, and the loss of integrity is treated as a loss of availability, and in - general, loss of availability for the majority of systems does not cause derogation - in safety. That is, if the operational parameters for an Instrument Landing System - are detected to be out of established tolerances, the system is immediately removed - from service - it is powered down and users are notified that the particular service - is not available. In most cases, a loss of availability is preferred to continued - availability with degraded integrity. The impacts of the loss of availability due to - the loss of integrity include system-wide air traffic delays, diversion of traffic - to alternate airports - and the economic losses related to those delays, diversions, - etc. Severe impacts are not the norm because the loss of availability is assumed to - be inevitable, and the systems have been designed to accommodate failures. In light - of the above, the Recommended Integrity Impact Level is moderate.
-The provisional integrity impact level recommended for most air transportation - information is low.
+Air Transportation involves the activities related to the safe passage of passengers or goods through the air. It also includes command and control activities related to the safe movement of aircraft through all phases of flight for commercial and military operations. Note: The protection of air transportation from deliberate attack is included in the Transportation Security information type under the Homeland Security mission area.
+ +The confidentiality impact level is the effect of unauthorized disclosure of air transportation information on the ability of responsible agencies to ensure the safe passage of passengers and goods through the air. The protection of air transportation from deliberate attack is included in the Transportation Security information type under the Homeland Security mission area. Some regulatory and tariff enforcement functions associated with the safe passage of passengers and goods over land involve sensitive information. These are treated under Law Enforcement. In most cases, unauthorized disclosure of air transportation information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of information (e.g., investigations, maintenance) that has not been adequately researched, coordinated, or edited can result in serious economic harm to individuals and to + corporations. Loss in public confidence is a further potential consequence. Additionally, some information associated with air transportation functions is proprietary to corporations or subject to privacy laws. In such cases, the confidentiality impact resulting from unauthorized disclosure can be moderate. The sensitivity of air transportation information (e.g., aircraft positioning data)can be time or event-driven. For example, passenger lists are not releasable to the general public before a flight takes off, but are placed in the public domain in the event of a crash. In such cases, the confidentiality impact resulting from unauthorized disclosure can be moderate. Also, much military air transport information is national security information and is outside the scope of this guideline.
+The provisional confidentiality impact level recommended for air transportation information is low.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to air transportation information. Special Factors Affecting Availability Impact Determination: Some air transportation functions are time-critical (e.g., air traffic control instructions, position reports, situational awareness, separation, weather reports for the terminal area, microburst tracking, maintenance trouble reports). Loss of availability of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. Timing plays a large part in the availability impact of air transportation information. For example, the time criticality of weather information may be measured in minutes or hours in the case of pre-flight and mid-flight operations. However, on final landing approach, up to the second availability may be required (e.g., detection of microbursts in the + terminal area). Air operations are not tolerant of information loss. The Wide Area Augmentation System (WAAS) supplements the availability of information available from the Department of Defense's Global Positioning Systems (GPS). Because of the potential system-wide impacts from a loss of availability of this system, it would be appropriately categorized as having a high availability impact. The following example illustrates the use of controls to address a high integrity impact level: The systems designed for command and control for air traffic control (e.g., the NAS systems) have been designed for robust operations. However, in general, loss of availability for the majority of systems does not cause derogation in safety. The impacts of a loss of availability (or the loss of availability due to the loss of integrity) include local or system-wide air traffic delays, diversion of traffic to alternate airports, etc., and the economic losses related to those delays, + diversions, etc. Severe impacts are not the norm because the loss of availability is inevitable, and the systems have been designed to accommodate failures. In light of the above, the Recommended Availability Impact Level is moderate.
+The provisional availability impact level recommended for most air transportation information is low.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Many air transportation functions do not process time-critical information. Special Factors Affecting Integrity Impact Determination: Some air transportation functions are time-critical (e.g., air traffic control instructions, position reports, situational awareness, separation, weather reports for the terminal area, microburst tracking, maintenance trouble reports). Communications management (e.g., frequency management) information also needs to be included in air transportation integrity impact considerations. There may be circumstances under which erroneous frequency assignment information can result in a loss of communications with aircraft that are affected by hazardous conditions (e.g., loss of communications with an aircraft in a crowded air space.) Unauthorized modification or + destruction of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. The Wide Area Augmentation System (WAAS) supplements the availability and integrity of position information available from the DoD's Global Positioning Systems (GPS). Because of the potential system-wide impacts from a loss of integrity of this system, a high integrity impact level is recommended. The following example illustrates the use of controls to address a high integrity impact level: Systems designed for command and control for air traffic control (e.g., the NAS systems) have been designed for robust operations. In the NAS, integrity and availability issues are closely linked. The loss of integrity in a system is monitored continuously, and the loss of integrity is treated as a loss of availability, and in general, loss of availability for the majority of systems does not cause derogation in safety. That is, if the operational + parameters for an Instrument Landing System are detected to be out of established tolerances, the system is immediately removed from service - it is powered down and users are notified that the particular service is not available. In most cases, a loss of availability is preferred to continued availability with degraded integrity. The impacts of the loss of availability due to the loss of integrity include system-wide air traffic delays, diversion of traffic to alternate airports - and the economic losses related to those delays, diversions, etc. Severe impacts are not the norm because the loss of availability is assumed to be inevitable, and the systems have been designed to accommodate failures. In light of the above, the Recommended Integrity Impact Level is moderate.
+The provisional integrity impact level recommended for most air transportation information is low.
Space Operations involves the activities related to the safe launches/missions of - passengers or goods into aerospace and includes commercial, scientific, and military - operations.
+Space Operations involves the activities related to the safe launches/missions of passengers or goods into aerospace and includes commercial, scientific, and military operations.
The confidentiality impact level is the effect of unauthorized disclosure of space - operations information on the ability of responsible agencies to conduct safe - launches/missions of passengers or goods into space and includes commercial, - scientific, and military operations. The protection of space operations from - deliberate attack involves military operations (D.1), homeland security operations - (D.2), and law enforcement operations (D.16). In most cases, unauthorized disclosure - of space operations information will have only a limited adverse effect on agency - operations, assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: Civilian space operations are intended to be conducted in the open. - Administrative and business functions associated with space operations may involve - proprietary, procurement-sensitive, and Privacy Act information. The Privacy Act - Information provisional impact levels are documented in the Personal Identity and - Authentication information type. In such cases, the confidentiality impact resulting - from unauthorized disclosure can be moderate. Some information regarding space - operations (particularly military operations) is classified national security - information and is outside the scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of space operations information on the ability of responsible agencies to conduct safe launches/missions of passengers or goods into space and includes commercial, scientific, and military operations. The protection of space operations from deliberate attack involves military operations (D.1), homeland security operations (D.2), and law enforcement operations (D.16). In most cases, unauthorized disclosure of space operations information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Civilian space operations are intended to be conducted in the open. Administrative and business functions associated with space operations may involve proprietary, procurement-sensitive, and Privacy Act information. The Privacy Act Information provisional impact levels are documented in the Personal Identity and + Authentication information type. In such cases, the confidentiality impact resulting from unauthorized disclosure can be moderate. Some information regarding space operations (particularly military operations) is classified national security information and is outside the scope of this guideline.
The provisional confidentiality impact level recommended for space operations - information is low.
+The provisional confidentiality impact level recommended for space operations information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to space - operations information. Space operations are typically characterized by critical - operational timing and safety parameters and low tolerance for error. Loss of - availability of time-critical information necessary to these functions can result in - large-scale property loss and in loss of human lives. Also, air operations are not - tolerant of information loss.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to space operations information. Space operations are typically characterized by critical operational timing and safety parameters and low tolerance for error. Loss of availability of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. Also, air operations are not tolerant of information loss.
The provisional availability impact level recommended for space operations - information is high.
+The provisional availability impact level recommended for space operations information is high.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Space operations are typically characterized by critical operational - timing and safety parameters, and low tolerance for error. Unauthorized modification - or destruction of time-critical information necessary to these functions may result - in significant property loss and loss of human lives. Communications management - (e.g., frequency management) information also needs to be included in integrity - impact determination for space operations. Erroneous frequency assignment - information can result in loss of communications with spacecraft that can endanger - mission operations and human safety.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Space operations are typically characterized by critical operational timing and safety parameters, and low tolerance for error. Unauthorized modification or destruction of time-critical information necessary to these functions may result in significant property loss and loss of human lives. Communications management (e.g., frequency management) information also needs to be included in integrity impact determination for space operations. Erroneous frequency assignment information can result in loss of communications with spacecraft that can endanger mission operations and human safety.
The provisional integrity impact level recommended for space operations information - is high.
+The provisional integrity impact level recommended for space operations information is high.
Elementary, secondary, and vocational education refers to the provision of education - in elementary subjects (reading and writing and arithmetic); education provided by a - high school or college preparatory school; and vocational and technical education - and training.
+Elementary, secondary, and vocational education refers to the provision of education in elementary subjects (reading and writing and arithmetic); education provided by a high school or college preparatory school; and vocational and technical education and training.
The confidentiality impact level is the effect of unauthorized disclosure of - elementary, secondary, and vocational education information on the ability of - responsible agencies to provide guidance and consultative services. The consequences - of unauthorized disclosure of most elementary, secondary, and vocational education - information would have a limited adverse effect on agency operations, agency assets, - or individuals.
+The confidentiality impact level is the effect of unauthorized disclosure of elementary, secondary, and vocational education information on the ability of responsible agencies to provide guidance and consultative services. The consequences of unauthorized disclosure of most elementary, secondary, and vocational education information would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional confidentiality impact level recommended for elementary, secondary, - and vocational education information is low.
+The provisional confidentiality impact level recommended for elementary, secondary, and vocational education information is low.
The effects of disruption of access to most elementary, secondary, and vocational - education information or information systems would have a limited adverse effect on - agency operations, agency assets, or individuals.
+The effects of disruption of access to most elementary, secondary, and vocational education information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for elementary, secondary, and - vocational education information is low.
+The provisional availability impact level recommended for elementary, secondary, and vocational education information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - elementary, secondary, and vocational education information would have a limited - adverse effect on agency operations, agency assets, or individuals. Unauthorized - modification or destruction of information affecting external communications (e.g., - web pages, electronic mail) may adversely affect operations and/or public confidence - in the agency, but the damage to the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of elementary, secondary, and vocational education information would have a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for elementary, secondary, and - vocational education information is low.
+The provisional integrity impact level recommended for elementary, secondary, and vocational education information is low.
Higher Education refers to education beyond the secondary level; specifically, - education provided by a college or university. It includes external higher - educational activities performed by the government (e.g., Military Academies, ROTC, - and USDA Graduate School).
+Higher Education refers to education beyond the secondary level; specifically, education provided by a college or university. It includes external higher educational activities performed by the government (e.g., Military Academies, ROTC, and USDA Graduate School).
The confidentiality impact level is the effect of unauthorized disclosure of higher - education information on the ability of responsible agencies to support education - beyond the secondary level (e.g., Military Academies, ROTC, USDA Graduate School, - and other public and private universities and colleges). The consequences of - unauthorized disclosure of most higher education information would have a limited - adverse effect on agency operations, agency assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: Exceptions are based on the mission - supported by the external training and education activity. In such cases, the impact - on the system is defined by the information associated with the supported mission. - This can result in assignment of a moderate or high impact level to such - information.
+The confidentiality impact level is the effect of unauthorized disclosure of higher education information on the ability of responsible agencies to support education beyond the secondary level (e.g., Military Academies, ROTC, USDA Graduate School, and other public and private universities and colleges). The consequences of unauthorized disclosure of most higher education information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions are based on the mission supported by the external training and education activity. In such cases, the impact on the system is defined by the information associated with the supported mission. This can result in assignment of a moderate or high impact level to such information.
The provisional confidentiality impact level recommended for higher education - information is low.
+The provisional confidentiality impact level recommended for higher education information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to higher - education information. The effects of disruption of access to most higher education - information or information systems would have a limited adverse effect on agency - operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to higher education information. The effects of disruption of access to most higher education information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for higher education - information is low.
+The provisional availability impact level recommended for higher education information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of higher - education information would have, at most, a limited adverse effect on agency - operations, agency assets, or individuals. Unauthorized modification or destruction - of information affecting external communications (e.g., web pages, electronic mail) - may adversely affect operations and/or public confidence in the agency, but the - damage to the mission would usually be limited. Special Factors Affecting Integrity - Impact Determination: Exceptions that might result in more serious consequences are - based on the mission supported by the higher education activity (e.g., undetected - modification of weapons training information at a service academy where the - modification could result in harm to the student or other individuals). In such - cases, the impact is determined by the information associated with the supported - mission. This can result in assignment of a moderate or high impact level to such - information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of higher education information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: Exceptions that might result in more serious consequences are based on the mission supported by the higher education activity (e.g., undetected modification of weapons training information at a service academy where the modification could result in harm to the student or other individuals). In such + cases, the impact is determined by the information associated with the supported mission. This can result in assignment of a moderate or high impact level to such information.
The provisional integrity impact level recommended for higher education information - is low.
+The provisional integrity impact level recommended for higher education information is low.
Cultural and Historic Preservation involves all activities performed by the Federal - Government to collect and preserve information and artifacts important to the - culture and history of the United States and its citizenry and the education of U.S. - citizens and the world.
+Cultural and Historic Preservation involves all activities performed by the Federal Government to collect and preserve information and artifacts important to the culture and history of the United States and its citizenry and the education of U.S. citizens and the world.
The confidentiality impact level is the effect of unauthorized disclosure of cultural - and historic preservation information on the ability of responsible agencies to - collect and preserve information and artifacts important to the culture and history - of the United States and its citizenry and the education of U.S. citizens and the - world. The consequences of unauthorized disclosure of most cultural and historic - preservation information would have a limited adverse effect on agency operations, - agency assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: In cases where disclosure of information might be useful to an - individual or organization intent on destruction of historical materials, the - potential consequences to key national assets could be serious to severe. In such - cases, the confidentiality impact could be moderate to high.
+The confidentiality impact level is the effect of unauthorized disclosure of cultural and historic preservation information on the ability of responsible agencies to collect and preserve information and artifacts important to the culture and history of the United States and its citizenry and the education of U.S. citizens and the world. The consequences of unauthorized disclosure of most cultural and historic preservation information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In cases where disclosure of information might be useful to an individual or organization intent on destruction of historical materials, the potential consequences to key national assets could be serious to severe. In such cases, the confidentiality impact could be moderate to high.
The provisional confidentiality impact level recommended for cultural and historic - preservation information is low.
+The provisional confidentiality impact level recommended for cultural and historic preservation information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to cultural - and historic preservation information. The effects of disruption of access to most - cultural and historic preservation information or information systems would have a - limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to cultural and historic preservation information. The effects of disruption of access to most cultural and historic preservation information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for cultural and historic - preservation information is low.
+The provisional availability impact level recommended for cultural and historic preservation information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - cultural and historic preservation information would have, at most, a limited - adverse effect on agency operations, agency assets, or individuals. Unauthorized - modification or destruction of information affecting external communications (e.g., - web pages, electronic mail) may adversely affect operations and/or public confidence - in the agency, but the damage to the mission would usually be limited. Special - Factors Affecting Integrity Impact Determination: In cases where undetected - modification of information might be useful to an individual or organization intent - on destruction of historical materials, the potential consequences to key national - assets could be serious to severe. Consequently, the integrity impact could be - moderate to high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of cultural and historic preservation information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: In cases where undetected modification of information might be useful to an individual or organization intent on destruction of historical materials, the potential consequences to key national assets could be serious to severe. Consequently, the integrity impact could be moderate to + high.
The provisional integrity impact level recommended for cultural and historic - preservation information is low.
+The provisional integrity impact level recommended for cultural and historic preservation information is low.
Cultural and Historic Exhibition includes all activities undertaken by the U.S. - government to promote education through the exhibition of cultural, historical, and - other information, archives, art, etc.
+Cultural and Historic Exhibition includes all activities undertaken by the U.S. government to promote education through the exhibition of cultural, historical, and other information, archives, art, etc.
The confidentiality impact level is the effect of unauthorized disclosure of cultural - and historic exhibition information on the ability of responsible agencies to - promote education through the exhibition of cultural, historical, and other - information, archives, art, etc. The consequences of unauthorized disclosure of most - cultural and historic exhibition information would have a limited adverse effect on - agency operations, agency assets, or individuals. Special Factors Affecting - Confidentiality Impact Determination: In cases where disclosure of information might - be useful to an individual or organization intent on destruction of historical - materials or archives, the potential consequences to key national assets could be - serious to severe. Consequently, the confidentiality impact could be moderate to - high.
+The confidentiality impact level is the effect of unauthorized disclosure of cultural and historic exhibition information on the ability of responsible agencies to promote education through the exhibition of cultural, historical, and other information, archives, art, etc. The consequences of unauthorized disclosure of most cultural and historic exhibition information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In cases where disclosure of information might be useful to an individual or organization intent on destruction of historical materials or archives, the potential consequences to key national assets could be serious to severe. Consequently, the confidentiality impact could be moderate to high.
The provisional confidentiality impact level recommended for cultural and historic - exhibition information is low.
+The provisional confidentiality impact level recommended for cultural and historic exhibition information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to cultural - and historic exhibition information. The effects of disruption of access to most - cultural and historic exhibition information or information systems would have a - limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to cultural and historic exhibition information. The effects of disruption of access to most cultural and historic exhibition information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for cultural and historic - exhibition information is low.
+The provisional availability impact level recommended for cultural and historic exhibition information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - cultural and historic exhibition information would have, at most, a limited adverse - effect on agency operations, agency assets, or individuals. Unauthorized - modification or destruction of information affecting external communications (e.g., - web pages, electronic mail) may adversely affect operations and/or public confidence - in the agency, but the damage to the mission would usually be limited. Special - Factors Affecting Integrity Impact Determination: In cases where undetected - modification of information might be useful to an individual or organization intent - on the destruction of historical materials or archives, the potential consequences - to key national assets could be serious to severe. Consequently, the integrity - impact could be moderate to high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of cultural and historic exhibition information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: In cases where undetected modification of information might be useful to an individual or organization intent on the destruction of historical materials or archives, the potential consequences to key national assets could be serious to severe. Consequently, the integrity impact could + be moderate to high.
The provisional integrity impact level recommended for cultural and historic - exhibition information is low.
+The provisional integrity impact level recommended for cultural and historic exhibition information is low.
Training and Employment includes programs of job or skill training, employment - services and placement, and programs to promote the hiring of marginal, unemployed, - or low-income workers. Additionally, training information can include special - training for personnel involved in Federal government operations (e.g., astronaut - training).
+Training and Employment includes programs of job or skill training, employment services and placement, and programs to promote the hiring of marginal, unemployed, or low-income workers. Additionally, training information can include special training for personnel involved in Federal government operations (e.g., astronaut training).
The confidentiality impact level is the effect of unauthorized disclosure of training - and employment information on the ability of responsible agencies to provide job or - skill training, employment services and placement, and programs to promote the - hiring of marginal, unemployed, or low-income workers. The consequences of - unauthorized disclosure of most training and employment information would have a - limited adverse effect on agency operations, agency assets, or individuals. Special - Factors Affecting Confidentiality Impact Determination: Exceptions that might have a - potential for more serious consequences are based on privacy information processed - in training and employment systems (e.g., information required by the Privacy Act of - 1974 or other statutes and executive orders to receive special handling to protect - the privacy of individuals). The Privacy Act Information provisional impact levels - are documented in the Personal Identity and Authentication information type. This - can result in assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of training and employment information on the ability of responsible agencies to provide job or skill training, employment services and placement, and programs to promote the hiring of marginal, unemployed, or low-income workers. The consequences of unauthorized disclosure of most training and employment information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information processed in training and employment systems (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. + This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for training and employment - information is low.
+The provisional confidentiality impact level recommended for training and employment information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to training - and employment information. The effects of disruption of access to most training and - employment information or information systems would have a limited adverse effect on - agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to training and employment information. The effects of disruption of access to most training and employment information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for training and employment - information is low.
+The provisional availability impact level recommended for training and employment information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - training and employment information would have, at most, a limited adverse effect on - agency operations, agency assets, or individuals. Unauthorized modification or - destruction of information affecting external communications (e.g., web pages, - electronic mail) may adversely affect operations and/or public confidence in the - agency, but the damage to the mission would usually be limited. Special Factors - Affecting Confidentiality Impact Determination: In the case of training aimed at - achieving or improving proficiency in specialty occupations (e.g., astronaut - training), the consequences of integrity compromises can threaten missions, or even - human safety. In such cases, the integrity impact level can range from moderate to - high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of training and employment information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Confidentiality Impact Determination: In the case of training aimed at achieving or improving proficiency in specialty occupations (e.g., astronaut training), the consequences of integrity compromises can threaten missions, or even human safety. In such cases, the integrity impact level can range from moderate to high.
The provisional integrity impact level recommended for training and employment - information is low.
+The provisional integrity impact level recommended for training and employment information is low.
Labor Rights Management refers to those activities undertaken to ensure that - employees and employers are aware of and comply with all statutes and regulations - concerning labor rights, including those pertaining to wages, benefits, safety and - health, whistleblower, and nondiscrimination policies.
+Labor Rights Management refers to those activities undertaken to ensure that employees and employers are aware of and comply with all statutes and regulations concerning labor rights, including those pertaining to wages, benefits, safety and health, whistleblower, and nondiscrimination policies.
The confidentiality impact level is the effect of unauthorized disclosure of labor - rights management information on the ability of responsible agencies to ensure that - employees and employers are aware of and comply with all statutes and regulations - concerning labor rights, including those pertaining to wages, benefits, safety and - health, whistleblower, and nondiscrimination policies. In some cases, premature - release of draft labor rights bulletins might adversely affect the effectiveness of - agency operations. In general, the consequences of unauthorized disclosure of most - labor rights management information would have, a limited adverse effect on agency - operations, agency assets, or individuals.
+The confidentiality impact level is the effect of unauthorized disclosure of labor rights management information on the ability of responsible agencies to ensure that employees and employers are aware of and comply with all statutes and regulations concerning labor rights, including those pertaining to wages, benefits, safety and health, whistleblower, and nondiscrimination policies. In some cases, premature release of draft labor rights bulletins might adversely affect the effectiveness of agency operations. In general, the consequences of unauthorized disclosure of most labor rights management information would have, a limited adverse effect on agency operations, agency assets, or individuals.
The provisional confidentiality impact level recommended for labor rights management - information is low.
+The provisional confidentiality impact level recommended for labor rights management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to labor - rights management information. The effects of disruption of access to most labor - rights management information or information systems would have a limited adverse - effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to labor rights management information. The effects of disruption of access to most labor rights management information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for labor rights management - information is low.
+The provisional availability impact level recommended for labor rights management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - external communications (e.g., web pages, electronic mail) may adversely affect - operations and/or public confidence in the agency, but the damage to the mission - would usually be limited. The consequences of unauthorized modification or - destruction of labor rights management information would have, at most, a limited - adverse effect on agency operations, agency assets, or individuals.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. The consequences of unauthorized modification or destruction of labor rights management information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals.
The provisional integrity impact level recommended for labor rights management - information is low.
+The provisional integrity impact level recommended for labor rights management information is low.
Worker Safety refers to those activities undertaken to save lives, prevent injuries, - and protect the health of America's workers.
+Worker Safety refers to those activities undertaken to save lives, prevent injuries, and protect the health of America's workers.
The confidentiality impact level is the effect of unauthorized disclosure of worker - safety information on the ability of responsible agencies to protect the health and - safety of America’s workers. In some cases, premature release of draft worker safety - bulletins might adversely affect the effectiveness of agency operations. In general, - the consequences of unauthorized disclosure of worker safety information would have - a limited adverse effect on agency operations, agency assets, or individuals.
+The confidentiality impact level is the effect of unauthorized disclosure of worker safety information on the ability of responsible agencies to protect the health and safety of America’s workers. In some cases, premature release of draft worker safety bulletins might adversely affect the effectiveness of agency operations. In general, the consequences of unauthorized disclosure of worker safety information would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional confidentiality impact level recommended for worker safety - information is low.
+The provisional confidentiality impact level recommended for worker safety information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to worker - safety information. The effects of disruption of access to most worker safety - information or information systems would have a limited adverse effect on agency - operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to worker safety information. The effects of disruption of access to most worker safety information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for worker safety information - is low.
+The provisional availability impact level recommended for worker safety information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of worker - safety information would have, at most, a limited adverse effect on agency - operations, agency assets, or individuals. Unauthorized modification or destruction - of information affecting external communications (e.g., web pages, electronic mail) - may adversely affect operations and/or public confidence in the agency, but the - damage to the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of worker safety information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for worker safety information is - low.
+The provisional integrity impact level recommended for worker safety information is low.
Access to Care focuses on the access to appropriate care. This includes streamlining - efforts to receive care; ensuring care is appropriate in terms of type, care, - intensity, location and availability; providing seamless access to health knowledge, - enrolling providers; performing eligibility determination, and managing patient - movement.
+Access to Care focuses on the access to appropriate care. This includes streamlining efforts to receive care; ensuring care is appropriate in terms of type, care, intensity, location and availability; providing seamless access to health knowledge, enrolling providers; performing eligibility determination, and managing patient movement.
The confidentiality impact level is the effect of unauthorized disclosure of access - to care information on the ability of responsible agencies to focus on the access to - appropriate care. This includes streamlining efforts to receive care; ensuring care - is appropriate in terms of type, care, intensity, location and availability; - providing seamless access to health knowledge, enrolling providers; performing - eligibility determination, and managing patient movement will have only a limited - adverse effect on agency operations, assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: Some information associated with - health care involves confidential patient information subject to the Privacy Act and - to HIPAA. The Privacy Act Information provisional impact levels are documented in - the Personal Identity and Authentication information type. Other information (e.g., - information proprietary to hospitals, pharmaceutical companies, insurers, and care - givers) must be protected under rules governing proprietary information and - procurement management. In some cases, unauthorized disclosure of this information - such as privacy-protected medical records can have serious consequences for agency - operations. In such cases, the confidentiality impact level may be moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of access to care information on the ability of responsible agencies to focus on the access to appropriate care. This includes streamlining efforts to receive care; ensuring care is appropriate in terms of type, care, intensity, location and availability; providing seamless access to health knowledge, enrolling providers; performing eligibility determination, and managing patient movement will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Some information associated with health care involves confidential patient information subject to the Privacy Act and to HIPAA. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Other information (e.g., information proprietary to hospitals, pharmaceutical companies, insurers, and care + givers) must be protected under rules governing proprietary information and procurement management. In some cases, unauthorized disclosure of this information such as privacy-protected medical records can have serious consequences for agency operations. In such cases, the confidentiality impact level may be moderate.
The provisional confidentiality impact level recommended for disclosure of access to - care information is low.
+The provisional confidentiality impact level recommended for disclosure of access to care information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to care. - Access to care is generally tolerant of delay. Typically, disruption of access to - care information can be expected to have only a limited adverse effect on agency - operations, agency assets, or individuals. Special Factors Affecting Availability - Impact Determination: Some access to care information could be deemed time-critical - and is dependent on the severity of the health issue requiring immediate access to - care, patient movements, etc.. Delays in the communication of specific situations - may cause serious impacts to the patient or care provide. This can result in - assignment of a moderate impact level to such information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to care. Access to care is generally tolerant of delay. Typically, disruption of access to care information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Some access to care information could be deemed time-critical and is dependent on the severity of the health issue requiring immediate access to care, patient movements, etc.. Delays in the communication of specific situations may cause serious impacts to the patient or care provide. This can result in assignment of a moderate impact level to such information.
The provisional availability impact level recommended for access to care information - is low.
+The provisional availability impact level recommended for access to care information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Many activities associated with access to care information are not time - critical and the adverse effects of unauthorized modification or destruction of - health care information on agency mission functions and/or public confidence in the - agency will be limited. However, the consequences of unauthorized modification or - destruction of health care information may result in incorrect, inappropriate, or - excessively delayed treatment of patients. In these cases, serious adverse effects - can include legal actions and danger to human life. Unauthorized modification or - destruction of information affecting external communications that contain health - care information (e.g., web pages, electronic mail) may adversely affect operations - and public confidence in the agency and the agency mission.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Many activities associated with access to care information are not time critical and the adverse effects of unauthorized modification or destruction of health care information on agency mission functions and/or public confidence in the agency will be limited. However, the consequences of unauthorized modification or destruction of health care information may result in incorrect, inappropriate, or excessively delayed treatment of patients. In these cases, serious adverse effects can include legal actions and danger to human life. Unauthorized modification or destruction of information affecting external communications that contain health care information (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency and the agency mission.
The provisional integrity impact level recommended for access to care information is - moderate.
+The provisional integrity impact level recommended for access to care information is moderate.
Population Health Management and Consumer Safety assesses health indicators and - consumer products as a means to protect and promote the health of the general - population. This includes monitoring of health, health planning, and health - management of humans, animals, animal products, and plants, as well as tracking the - spread of diseases and pests. It also includes evaluation of consumer products, - drug, and foods to assess the potential risks and dangers; education of the consumer - and the general population; and facilitation of health promotion and disease and - injury prevention.
+Population Health Management and Consumer Safety assesses health indicators and consumer products as a means to protect and promote the health of the general population. This includes monitoring of health, health planning, and health management of humans, animals, animal products, and plants, as well as tracking the spread of diseases and pests. It also includes evaluation of consumer products, drug, and foods to assess the potential risks and dangers; education of the consumer and the general population; and facilitation of health promotion and disease and injury prevention.
The confidentiality impact level is the effect of unauthorized disclosure of - population health management and consumer safety information on the ability of - responsible agencies to assess health indicators and consumer products as a means to - protect and promote the health of the general population that will have only a - limited adverse effect on agency operations, assets, or individuals. The basic - nature of this information type is to support the public and consumer market with - information and supporting education. Special Factors Affecting Confidentiality - Impact Determination: The most serious adverse effects are likely to involve - premature release of health planning and management information, disclosure of - sensitive mission support information [agencies’ means to combat spread of diseases - or reacting to terrorist attacks on food, water, and other public consumables], or - the exposure of information that is proprietary to an organization being evaluated - by the agency [Unauthorized disclosure of some information can have serious economic - impact on both individual companies and the broader market place. The consequences - of such unauthorized disclosures may have an adverse effect on public confidence in - the agency.] This can result in assignment of a moderate impact level to such - information.
+The confidentiality impact level is the effect of unauthorized disclosure of population health management and consumer safety information on the ability of responsible agencies to assess health indicators and consumer products as a means to protect and promote the health of the general population that will have only a limited adverse effect on agency operations, assets, or individuals. The basic nature of this information type is to support the public and consumer market with information and supporting education. Special Factors Affecting Confidentiality Impact Determination: The most serious adverse effects are likely to involve premature release of health planning and management information, disclosure of sensitive mission support information [agencies’ means to combat spread of diseases or reacting to terrorist attacks on food, water, and other public consumables], or the exposure of information that is proprietary to an organization being evaluated by the agency + [Unauthorized disclosure of some information can have serious economic impact on both individual companies and the broader market place. The consequences of such unauthorized disclosures may have an adverse effect on public confidence in the agency.] This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for disclosure of Health - Management and Consumer Safety information is low.
+The provisional confidentiality impact level recommended for disclosure of Health Management and Consumer Safety information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish population health - management and consumer safety. Population health management and consumer safety are - generally tolerant of delay. Typically, disruption of population health management - and consumer safety information can be expected to have only a limited adverse - effect on agency operations, agency assets, or individuals. Special Factors - Affecting Availability Impact Determination: Delays in the communication of product - deficiencies or issues associated with food, plant and animal sources may be life - threatening. Delays in agency response to public health issues involving humans, - animals, animal products, and plants, as well as tracking the spread of diseases and - pests may also be life threatening or significantly degrade public safety. This can - result in assignment of a high impact level to such information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish population health management and consumer safety. Population health management and consumer safety are generally tolerant of delay. Typically, disruption of population health management and consumer safety information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Delays in the communication of product deficiencies or issues associated with food, plant and animal sources may be life threatening. Delays in agency response to public health issues involving humans, animals, animal products, and plants, as well as tracking the spread of diseases and pests may also be life threatening or significantly degrade public safety. This can result in assignment of a high impact level to such information.
The provisional availability impact level recommended for population health - management and consumer safety information is low.
+The provisional availability impact level recommended for population health management and consumer safety information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - population health management and consumer safety information can be serious if the - public is exposed to mislabeled, tainted, or otherwise harmful food, drugs, or - consumer products. Special Factors Affecting Integrity Impact Determination: Impacts - to some population health management and consumer safety information and supporting - information systems associated with quality assurance of food, animal, plant and - pharmaceuticals may affect the security of critical agriculture and food and public - health infrastructures. Additionally, unauthorized modification or destruction of - information affecting external communications (e.g., web pages, electronic mail) may - adversely affect operations and public confidence in the agency and the agency - mission. In such cases, unauthorized modification or destruction of information can - result in loss of human life. This can result in assignment of a high impact level - to such information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of population health management and consumer safety information can be serious if the public is exposed to mislabeled, tainted, or otherwise harmful food, drugs, or consumer products. Special Factors Affecting Integrity Impact Determination: Impacts to some population health management and consumer safety information and supporting information systems associated with quality assurance of food, animal, plant and pharmaceuticals may affect the security of critical agriculture and food and public health infrastructures. Additionally, unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency and the + agency mission. In such cases, unauthorized modification or destruction of information can result in loss of human life. This can result in assignment of a high impact level to such information.
The provisional integrity impact level recommended for population health management - and consumer safety information is moderate.
+The provisional integrity impact level recommended for population health management and consumer safety information is moderate.
Health Care Administration assures that federal health care resources are expended - effectively to ensure quality, safety, and efficiency. This includes managing health - care quality, cost, workload, utilization, and fraud/abuse efforts.
+Health Care Administration assures that federal health care resources are expended effectively to ensure quality, safety, and efficiency. This includes managing health care quality, cost, workload, utilization, and fraud/abuse efforts.
The confidentiality impact level is the effect of unauthorized disclosure of Health - Care Administration on the ability of responsible agencies to assure that federal - health care resources are expended effectively to ensure quality, safety, and - efficiency will have only a limited adverse effect on agency operations, assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: Much - information associated with public health monitoring involves confidential patient - information subject to the Privacy Act and to HIPAA. The Privacy Act Information - provisional impact levels are documented in the Personal Identity and Authentication - information type. In some cases, unauthorized disclosure of this information such as - privacy-protected medical records can have serious consequences for agency - operations. In such cases, the confidentiality impact level may be moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of Health Care Administration on the ability of responsible agencies to assure that federal health care resources are expended effectively to ensure quality, safety, and efficiency will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Much information associated with public health monitoring involves confidential patient information subject to the Privacy Act and to HIPAA. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. In some cases, unauthorized disclosure of this information such as privacy-protected medical records can have serious consequences for agency operations. In such cases, the confidentiality impact level may be moderate.
The provisional confidentiality impact level recommended for disclosure of Health - Care Administration information is low.
+The provisional confidentiality impact level recommended for disclosure of Health Care Administration information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish Health Care - Administration information. Health Care Administration information is generally - tolerant of delay. Typically, disruption of Health Care Administration information - can be expected to have only a limited adverse effect on agency operations, agency - assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish Health Care Administration information. Health Care Administration information is generally tolerant of delay. Typically, disruption of Health Care Administration information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for Health Care Administration - information is low.
+The provisional availability impact level recommended for Health Care Administration information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - external communications that contain Health Care Administration information (e.g., - web pages, electronic mail) may adversely affect operations and public confidence in - the agency and also the agency mission. Special Factors Affecting Integrity Impact - Determination: Unauthorized modification or destruction of Health Care - Administration information can result in inappropriate allocation or deployment of - health care services and possible loss of human life. This can result in assignment - of a high impact level to such information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications that contain Health Care Administration information (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency and also the agency mission. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of Health Care Administration information can result in inappropriate allocation or deployment of health care services and possible loss of human life. This can result in assignment of a high impact level to such information.
The provisional integrity impact level recommended for Health Care Administration - information is Moderate.
+The provisional integrity impact level recommended for Health Care Administration information is Moderate.
Health Care Delivery Services provides and supports the delivery of health care to - its beneficiaries. This includes assessing health status; planning health services; - ensuring quality of services and continuity of care; and managing clinical - information and documentation.
+Health Care Delivery Services provides and supports the delivery of health care to its beneficiaries. This includes assessing health status; planning health services; ensuring quality of services and continuity of care; and managing clinical information and documentation.
The confidentiality impact level is the effect of unauthorized disclosure of health - care delivery services on the ability of responsible agencies to provide and support - the delivery of health care to its beneficiaries will have only a limited adverse - effect on agency operations, assets, or individuals. Special Factors Affecting - Confidentiality Impact Determination: Some information associated with health care - involves confidential patient information subject to the Privacy Act and to HIPAA. - The Privacy Act Information provisional impact levels are documented in the Personal - Identity and Authentication information type. Other information (e.g., information - proprietary to hospitals, pharmaceutical companies, insurers, and care givers) must - be protected under rules governing proprietary information and procurement - management. In some cases, unauthorized disclosure of this information such as - privacy-protected medical records can have serious consequences for agency +
The confidentiality impact level is the effect of unauthorized disclosure of health care delivery services on the ability of responsible agencies to provide and support the delivery of health care to its beneficiaries will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Some information associated with health care involves confidential patient information subject to the Privacy Act and to HIPAA. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Other information (e.g., information proprietary to hospitals, pharmaceutical companies, insurers, and care givers) must be protected under rules governing proprietary information and procurement management. In some cases, unauthorized disclosure of this information such as privacy-protected medical records can have serious consequences for agency operations. In such cases, the confidentiality impact level may be moderate.
The provisional confidentiality impact level recommended for disclosure of health - care delivery services information is low.
+The provisional confidentiality impact level recommended for disclosure of health care delivery services information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish Health Care - Administration information. Except for cases of emergency actions necessary to - correct urgent threats to patient health, health care processes are usually tolerant - of reasonable delays. Special Factors Affecting Availability Impact Determination: - Some health care delivery services information is time-critical and is dependent on - the severity of the health threat(s) and the rapidity with which the threat is - spreading/ growing. Delays in the communication of specific situations may be life - threatening. This can result in assignment of a moderate or high impact level to - such information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish Health Care Administration information. Except for cases of emergency actions necessary to correct urgent threats to patient health, health care processes are usually tolerant of reasonable delays. Special Factors Affecting Availability Impact Determination: Some health care delivery services information is time-critical and is dependent on the severity of the health threat(s) and the rapidity with which the threat is spreading/ growing. Delays in the communication of specific situations may be life threatening. This can result in assignment of a moderate or high impact level to such information.
The provisional availability impact level recommended for health care delivery - services information is low.
+The provisional availability impact level recommended for health care delivery services information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Many activities associated with health care delivery services are not - time critical and the adverse effects of unauthorized modification or destruction of - health care information on agency mission functions and/or public confidence in the - agency will be limited. However, the consequences of unauthorized modification or - destruction of health care information may result in incorrect, inappropriate, or - excessively delayed treatment of patients. In these cases, serious adverse effects - can include legal actions and danger to human life. Unauthorized modification or - destruction of information affecting external communications that contain health - care information (e.g., web pages, electronic mail) may adversely affect operations - and public confidence in the agency and the agency mission.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Many activities associated with health care delivery services are not time critical and the adverse effects of unauthorized modification or destruction of health care information on agency mission functions and/or public confidence in the agency will be limited. However, the consequences of unauthorized modification or destruction of health care information may result in incorrect, inappropriate, or excessively delayed treatment of patients. In these cases, serious adverse effects can include legal actions and danger to human life. Unauthorized modification or destruction of information affecting external communications that contain health care information (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency and the agency mission.
Because of the potential for the loss of human life, the provisional integrity impact - level recommended for health care delivery services information is high.
+Because of the potential for the loss of human life, the provisional integrity impact level recommended for health care delivery services information is high.
Health Care Research and Practitioner Education fosters advancement in health - discovery and knowledge. This includes developing new strategies to handle diseases; - promoting health knowledge advancement; identifying new means for delivery of - services, methods, decision models and practices; making strides in quality - improvement; managing clinical trials and research quality; and providing for - practitioner education.
+Health Care Research and Practitioner Education fosters advancement in health discovery and knowledge. This includes developing new strategies to handle diseases; promoting health knowledge advancement; identifying new means for delivery of services, methods, decision models and practices; making strides in quality improvement; managing clinical trials and research quality; and providing for practitioner education.
The confidentiality impact level is the effect of unauthorized disclosure of health - care research and practitioner education on the ability of responsible agencies to - fosters advancement in health discovery and knowledge will have only a limited - adverse effect on agency operations, assets, or individuals.
+The confidentiality impact level is the effect of unauthorized disclosure of health care research and practitioner education on the ability of responsible agencies to fosters advancement in health discovery and knowledge will have only a limited adverse effect on agency operations, assets, or individuals.
The provisional confidentiality impact level recommended for disclosure of health - care research and practitioner education information is low.
+The provisional confidentiality impact level recommended for disclosure of health care research and practitioner education information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish health care - research and practitioner education. Health care research and practitioner education - information are generally tolerant of delay. Typically, disruption of health care - research and practitioner education information can be expected to have only a - limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish health care research and practitioner education. Health care research and practitioner education information are generally tolerant of delay. Typically, disruption of health care research and practitioner education information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for health care research and - practitioner education information is low.
+The provisional availability impact level recommended for health care research and practitioner education information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - external communications that contain health care research and practitioner education - information (e.g., web pages, electronic mail) may adversely affect operations and - public confidence in the agency and also the agency mission.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications that contain health care research and practitioner education information (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency and also the agency mission.
The provisional integrity impact level recommended for health care research and - practitioner education information is moderate.
+The provisional integrity impact level recommended for health care research and practitioner education information is moderate.
General Retirement and Disability involves the development and management of - retirement benefits, pensions, and income security for those who are retired or - disabled. Related information types affecting qualification and disbursement of - benefits are discussed in Appendix C’s Sections C.2.8.8, C.2.8.9, C.2.8.10, - C.2.8.11, and C.3.2.5.
+General Retirement and Disability involves the development and management of retirement benefits, pensions, and income security for those who are retired or disabled. Related information types affecting qualification and disbursement of benefits are discussed in Appendix C’s Sections C.2.8.8, C.2.8.9, C.2.8.10, C.2.8.11, and C.3.2.5.
The confidentiality impact level is the effect of unauthorized disclosure of general - retirement and disability information on the ability of responsible agencies to - develop and manage retirement benefits, pensions, and income security for those who - are retired or disabled. The consequences of limited unauthorized disclosure of - retirement and disability information would have a limited adverse effect on agency - operations, agency assets, or individuals. The disclosure of privacy information - (e.g., information required by the Privacy Act of 1974 or other statutes and - executive orders to receive special handling to protect the privacy of individuals) - may have serious consequences. The Privacy Act Information provisional impact levels - are documented in the Personal Identity and Authentication information type. - Unauthorized disclosure of large amounts of general retirement and disability - information may result in significant damage to an agency’s image or operation.
+The confidentiality impact level is the effect of unauthorized disclosure of general retirement and disability information on the ability of responsible agencies to develop and manage retirement benefits, pensions, and income security for those who are retired or disabled. The consequences of limited unauthorized disclosure of retirement and disability information would have a limited adverse effect on agency operations, agency assets, or individuals. The disclosure of privacy information (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals) may have serious consequences. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Unauthorized disclosure of large amounts of general retirement and disability information may result in significant damage to an agency’s image or operation.
The confidentiality impact recommended for general retirement and disability - information is moderate.
+The confidentiality impact recommended for general retirement and disability information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to general - retirement and disability information. The effects of disruption of access to - general retirement and disability information or information systems would have, in - many cases, a limited adverse effect on agency operations, agency assets, or - individuals. Special Factors Affecting Availability Impact Determination: Where - provision of retirement and/or disability benefits is a primary agency service - delivery mission, the consequences can be more severe. Availability compromises may - result in reduction of benefits – and in extreme cases can be life threatening. This - can result in assignment of a high impact level to such information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to general retirement and disability information. The effects of disruption of access to general retirement and disability information or information systems would have, in many cases, a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Where provision of retirement and/or disability benefits is a primary agency service delivery mission, the consequences can be more severe. Availability compromises may result in reduction of benefits – and in extreme cases can be life threatening. This can result in assignment of a high impact level to such information.
The provisional availability impact level recommended for general retirement and - disability information is moderate.
+The provisional availability impact level recommended for general retirement and disability information is moderate.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Unauthorized modification or destruction of information affecting - external communications (e.g., web pages, electronic mail) may adversely affect - operations and/or public confidence in the agency, but the damage to the mission - would usually be limited. Generally, the consequences of unauthorized modification - or destruction of general retirement and disability information would have a limited - adverse effect on agency operations, agency assets, or individuals. However, where - provision of retirement and/or disability benefits is a primary agency service - delivery mission, the consequences can be more severe. Special Factors Affecting - Integrity Impact Determination: Integrity compromises may result in reduction of - benefits– and in extreme cases can be life threatening. This can result in - assignment of a high impact level to such information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Generally, the consequences of unauthorized modification or destruction of general retirement and disability information would have a limited adverse effect on agency operations, agency assets, or individuals. However, where provision of retirement and/or disability benefits is a primary agency service delivery mission, the consequences can be more severe. Special Factors Affecting Integrity Impact Determination: Integrity compromises may result in reduction of benefits– and in extreme cases can be life threatening. This can result in assignment + of a high impact level to such information.
The provisional integrity impact level recommended for general retirement and - disability information is moderate.
+The provisional integrity impact level recommended for general retirement and disability information is moderate.
Unemployment Compensation provides income security to those who are no longer - employed, while they seek new employment.
+Unemployment Compensation provides income security to those who are no longer employed, while they seek new employment.
The confidentiality impact level is the effect of unauthorized disclosure of - unemployment compensation information on the ability of responsible agencies to - provide income security to those who are no longer employed, while they seek new - employment. The consequences of unauthorized disclosure of most unemployment - compensation information would have a limited adverse effect on agency operations, - agency assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: Exceptions that might have a potential for more serious consequences - are based on privacy information (e.g., information required by the Privacy Act of - 1974 or other statutes and executive orders to receive special handling to protect - the privacy of individuals). The Privacy Act Information provisional impact levels - are documented in the Personal Identity and Authentication information type. This - can result in assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of unemployment compensation information on the ability of responsible agencies to provide income security to those who are no longer employed, while they seek new employment. The consequences of unauthorized disclosure of most unemployment compensation information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for unemployment - compensation information is low.
+The provisional confidentiality impact level recommended for unemployment compensation information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - unemployment compensation information. The effects of disruption of access to - unemployment compensation information or information systems would have, at most, a - limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to unemployment compensation information. The effects of disruption of access to unemployment compensation information or information systems would have, at most, a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for unemployment compensation - information is low.
+The provisional availability impact level recommended for unemployment compensation information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - unemployment compensation information would have, at most, a limited adverse effect - on agency operations, agency assets, or individuals. Unauthorized modification or - destruction of information affecting external communications (e.g., web pages, - electronic mail) may adversely affect operations and/or public confidence in the - agency, but the damage to the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of unemployment compensation information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for unemployment compensation - information is low.
+The provisional integrity impact level recommended for unemployment compensation information is low.
Housing Assistance involves the development and management programs that provide - housing to those who are unable to provide housing for themselves including the - rental of single-family or multifamily properties, and the management and operation - of federally supported housing properties.
+Housing Assistance involves the development and management programs that provide housing to those who are unable to provide housing for themselves including the rental of single-family or multifamily properties, and the management and operation of federally supported housing properties.
The confidentiality impact level is the effect of unauthorized disclosure of housing - assistance information on the ability of responsible agencies to develop and manage - programs that provide housing to those who are unable to provide housing for - themselves including the rental of single-family or multifamily properties, and the - management and operation of federally supported housing properties. The consequences - of unauthorized disclosure of most housing assistance information would have a - limited adverse effect on agency operations, agency assets, or individuals. Special - Factors Affecting Confidentiality Impact Determination: Exceptions that might have a - potential for more serious consequences are based on privacy information (e.g., - information required by the Privacy Act of 1974 or other statutes and executive - orders to receive special handling to protect the privacy of individuals). The - Privacy Act Information provisional impact levels are documented in the Personal - Identity and Authentication information type. This can result in assignment of a - moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of housing assistance information on the ability of responsible agencies to develop and manage programs that provide housing to those who are unable to provide housing for themselves including the rental of single-family or multifamily properties, and the management and operation of federally supported housing properties. The consequences of unauthorized disclosure of most housing assistance information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal + Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for housing assistance - information is low.
+The provisional confidentiality impact level recommended for housing assistance information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to housing - assistance information. The effects of disruption of access to most housing - assistance information or information systems would have a limited adverse effect on - agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to housing assistance information. The effects of disruption of access to most housing assistance information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for housing assistance - information is low.
+The provisional availability impact level recommended for housing assistance information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of housing - assistance information would have, at most, a limited adverse effect on agency - operations, agency assets, or individuals. Unauthorized modification or destruction - of information affecting external communications (e.g., web pages, electronic mail) - may adversely affect operations and/or public confidence in the agency, but the - damage to the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of housing assistance information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for housing assistance information - is low.
+The provisional integrity impact level recommended for housing assistance information is low.
Food and Nutrition Assistance involves the development and management of programs - that provide food and nutrition assistance to those members of the public who are - unable to provide for these needs themselves.
+Food and Nutrition Assistance involves the development and management of programs that provide food and nutrition assistance to those members of the public who are unable to provide for these needs themselves.
The confidentiality impact level is the effect of unauthorized disclosure of food and - nutrition assistance information on the ability of responsible agencies to develop - and manage of programs that provide food and nutrition assistance to those members - of the public who are unable to provide for these needs themselves. The consequences - of unauthorized disclosure of most food and nutrition assistance information would - have a limited adverse effect on agency operations, agency assets, or individuals. - Special Factors Affecting Confidentiality Impact Determination: Exceptions that - might have a potential for more serious consequences are based on privacy - information (e.g., information required by the Privacy Act of 1974 or other statutes - and executive orders to receive special handling to protect the privacy of - individuals). The Privacy Act Information provisional impact levels are documented - in the Personal Identity and Authentication information type. This can result in +
The confidentiality impact level is the effect of unauthorized disclosure of food and nutrition assistance information on the ability of responsible agencies to develop and manage of programs that provide food and nutrition assistance to those members of the public who are unable to provide for these needs themselves. The consequences of unauthorized disclosure of most food and nutrition assistance information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact recommended for food and nutrition assistance - information is low.
+The provisional confidentiality impact recommended for food and nutrition assistance information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to food and - nutrition assistance information. The effects of disruption of access to most food - and nutrition assistance information or information systems would have a limited - adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to food and nutrition assistance information. The effects of disruption of access to most food and nutrition assistance information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for food and nutrition - assistance information is low.
+The provisional availability impact level recommended for food and nutrition assistance information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of food - and nutrition assistance information would have, at most, a limited adverse effect - on agency operations, agency assets, or individuals. Unauthorized modification or - destruction of information affecting external communications (e.g., web pages, - electronic mail) may adversely affect operations and/or public confidence in the - agency, but the damage to the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of food and nutrition assistance information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for food and nutrition assistance - information is low.
+The provisional integrity impact level recommended for food and nutrition assistance information is low.
Survivor Compensation provides compensation to the survivors of individuals currently - receiving or eligible to receive benefits from the Federal Government. This includes - survivors such as spouses or children of veterans or wage earners eligible for - social security payments.
+Survivor Compensation provides compensation to the survivors of individuals currently receiving or eligible to receive benefits from the Federal Government. This includes survivors such as spouses or children of veterans or wage earners eligible for social security payments.
The confidentiality impact level is the effect of unauthorized disclosure of survivor - compensation information on the ability of responsible agencies to provide - compensation to the survivors of individuals currently receiving or eligible to - receive benefits from the Federal Government. The consequences of unauthorized - disclosure of most survivor compensation information would have a limited adverse - effect on agency operations, agency assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: Exceptions that might have a - potential for more serious consequences are based on privacy information (e.g., - information required by the Privacy Act of 1974 or other statutes and executive - orders to receive special handling to protect the privacy of individuals). The - Privacy Act Information provisional impact levels are documented in the Personal - Identity and Authentication information type. This can result in assignment of a - moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of survivor compensation information on the ability of responsible agencies to provide compensation to the survivors of individuals currently receiving or eligible to receive benefits from the Federal Government. The consequences of unauthorized disclosure of most survivor compensation information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such + information.
The provisional confidentiality impact level recommended for survivor compensation - information is low.
+The provisional confidentiality impact level recommended for survivor compensation information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to survivor - compensation information. The effects of disruption of access to most survivor - compensation information or information systems would have a limited adverse effect - on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to survivor compensation information. The effects of disruption of access to most survivor compensation information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for survivor compensation - information is low.
+The provisional availability impact level recommended for survivor compensation information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - survivor compensation information would have, at most, a limited adverse effect on - agency operations, agency assets, or individuals. Unauthorized modification or - destruction of information affecting external communications (e.g., web pages, - electronic mail) may adversely affect operations and/or public confidence in the - agency, but the damage to the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of survivor compensation information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for survivor compensation - information is low.
+The provisional integrity impact level recommended for survivor compensation information is low.
Criminal apprehension supports activities associated with the tracking and capture of - groups or individuals believed to be responsible for committing Federal crimes.
+Criminal apprehension supports activities associated with the tracking and capture of groups or individuals believed to be responsible for committing Federal crimes.
The confidentiality impact level is the effect of unauthorized disclosure of criminal - apprehension information on the ability of responsible agencies to track and capture - groups or individuals believed to be responsible for committing Federal crimes, on - public safety, and on the safety of law enforcement officers. The consequences of - unauthorized disclosure of criminal apprehension information depend 1) on the - seriousness of the crime involved, 2) on the capability and predisposition of the - criminal to injure or kill civilians or law enforcement officials, 3) timing (e.g., - the ability of the criminal to access the information and use it to facilitate a - crime or evade capture), and 4) statutory and regulatory requirements which vary by - violation. Special Factors Affecting Confidentiality Impact Determination: In cases - where 1) the crimes are not violent and do not involve large property losses, and 2) - there is no history of violence on the part of the criminal, the confidentiality - impact may be low or moderate. For many crimes that are the responsibility of - Federal law enforcement agencies, the consequences associated with unauthorized - disclosure of criminal apprehension information must often be assumed to pose a - threat to human life or result in a loss of major assets. In such cases, - confidentiality impact level is high.
+The confidentiality impact level is the effect of unauthorized disclosure of criminal apprehension information on the ability of responsible agencies to track and capture groups or individuals believed to be responsible for committing Federal crimes, on public safety, and on the safety of law enforcement officers. The consequences of unauthorized disclosure of criminal apprehension information depend 1) on the seriousness of the crime involved, 2) on the capability and predisposition of the criminal to injure or kill civilians or law enforcement officials, 3) timing (e.g., the ability of the criminal to access the information and use it to facilitate a crime or evade capture), and 4) statutory and regulatory requirements which vary by violation. Special Factors Affecting Confidentiality Impact Determination: In cases where 1) the crimes are not violent and do not involve large property losses, and 2) there is no history of violence on the part of the criminal, the + confidentiality impact may be low or moderate. For many crimes that are the responsibility of Federal law enforcement agencies, the consequences associated with unauthorized disclosure of criminal apprehension information must often be assumed to pose a threat to human life or result in a loss of major assets. In such cases, confidentiality impact level is high.
For most Federal law enforcement systems that support criminal apprehension - activities the harm that results from unauthorized disclosure will be limited. - Therefore, the provisional confidentiality impact level recommended for criminal - apprehension information is low.
+For most Federal law enforcement systems that support criminal apprehension activities the harm that results from unauthorized disclosure will be limited. Therefore, the provisional confidentiality impact level recommended for criminal apprehension information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to criminal - apprehension information. Missions supported by criminal apprehension information - are not typically tolerant of delay. While there are many cases in which elements of - criminal apprehension information are not urgent, there are many in which relatively - short periods of unavailability can pose a threat to human life and/or result in a - loss of major assets.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to criminal apprehension information. Missions supported by criminal apprehension information are not typically tolerant of delay. While there are many cases in which elements of criminal apprehension information are not urgent, there are many in which relatively short periods of unavailability can pose a threat to human life and/or result in a loss of major assets.
The provisional availability impact level recommended for most criminal apprehension - information is moderate.
+The provisional availability impact level recommended for most criminal apprehension information is moderate.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - criminal apprehension information may depend on the urgency with which the - information is needed and on the success of subsequent prosecution of the - apprehended criminal(s). Unauthorized modification or destruction of information - affecting external communications (e.g., web pages, electronic mail) may adversely - affect operations and/or public confidence in the agency, but the damage to the - mission would usually be limited. Special Factors Affecting Integrity Impact - Determination: Unauthorized modification or destruction of criminal apprehension - information may have an adverse effect on the subsequent prosecution of the - apprehended criminal. Consequently, a serious adverse effect on agency operations - can result. This can place the agency at a significant disadvantage. In such cases, - the integrity impact level recommended for criminal apprehension information is at - least moderate. When the criminal apprehension information is time-critical, the - unauthorized modification or destruction of this information may have a severe or - catastrophic effect on public confidence in the agency, pose a significant threat to - major assets, and/or pose a threat to human life. This is applicable for many crimes - that are the responsibility of Federal law enforcement agencies. For this criminal - apprehension information, the Recommended Integrity Impact Level is high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of criminal apprehension information may depend on the urgency with which the information is needed and on the success of subsequent prosecution of the apprehended criminal(s). Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of criminal apprehension information may have an adverse effect on the subsequent prosecution of the apprehended criminal. Consequently, a serious adverse effect on agency operations can result. This can place the + agency at a significant disadvantage. In such cases, the integrity impact level recommended for criminal apprehension information is at least moderate. When the criminal apprehension information is time-critical, the unauthorized modification or destruction of this information may have a severe or catastrophic effect on public confidence in the agency, pose a significant threat to major assets, and/or pose a threat to human life. This is applicable for many crimes that are the responsibility of Federal law enforcement agencies. For this criminal apprehension information, the Recommended Integrity Impact Level is high.
For most Federal law enforcement systems that support criminal apprehension - activities the harm that results from unauthorized modification or destruction will - be limited. Therefore, the provisional integrity impact level recommended for - criminal apprehension information is low.
+For most Federal law enforcement systems that support criminal apprehension activities the harm that results from unauthorized modification or destruction will be limited. Therefore, the provisional integrity impact level recommended for criminal apprehension information is low.
Criminal investigation and surveillance includes the collection of evidence required - to determine responsibility for a crime and the monitoring and questioning of - affected parties.
+Criminal investigation and surveillance includes the collection of evidence required to determine responsibility for a crime and the monitoring and questioning of affected parties.
The confidentiality impact level is the effect of unauthorized disclosure of criminal - investigation and surveillance information on the ability of responsible agencies to - collect evidence required to determine responsibility for a crime, to monitor and - question affected parties, and to protect the safety of witnesses and law - enforcement officers. The consequences of unauthorized disclosure of criminal - investigation and surveillance information depend 1] on the seriousness of the crime - involved, 2] timing (e.g., the ability of the criminal39 to access the information - and use it to facilitate a crime, to evade detection or surveillance, or eliminate - probable cause for searches and warrants), and 3] on the capability and - predisposition of the criminal to injure witnesses or law enforcement officials. - Special Factors Affecting Confidentiality Impact Determination: In cases where 1) - the crimes are not violent and do not involve large property losses, and 2) there is - no history of violence on the part of the criminal, the confidentiality impact may - be low or moderate. Given the nature of many of the crimes that are the - responsibility of Federal law enforcement agencies, the consequences associated with - unauthorized disclosure of criminal investigation and surveillance information must - often be assumed to pose a threat to human life or result in a loss of major assets. - Information that reveals the identity and/or location of informants may be of - particular concern. In such cases, the confidentiality impact level is high.
-The provisional confidentiality impact level recommended for criminal investigation - and surveillance information is moderate.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to criminal - investigation and surveillance information. Missions supported by criminal - investigation and surveillance information are not always tolerant of delay. Special - Factors Affecting Availability Impact Determination: There are some cases in which - relatively short periods of unavailability of criminal investigation and - surveillance information may result in lost surveillance opportunities or - opportunities to make an arrest. Where the crimes involved pose a threat to human - life and/or result in a loss of major assets, the availability impact level - recommended for criminal investigation and surveillance information is high.
-The provisional availability impact level recommended for criminal investigation and - surveillance information is moderate.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - criminal investigation and surveillance information depends on the urgency with - which the information is needed and on the success of subsequent prosecution of the - apprehended criminal(s). Unauthorized modification or destruction of information - affecting external communications (e.g., web pages, electronic mail) may adversely - affect operations or public confidence in the agency, but the damage to the mission - would usually be limited. Where unauthorized modification or destruction of criminal - investigation and surveillance information can have an adverse effect on the - granting or execution of a search or wiretap warrant or on the success of subsequent - prosecution of the apprehended criminal a serious adverse effect on agency - operations can result. This can place the agency at a significant disadvantage. - Special Factors Affecting Integrity Impact Determination: In some cases, major - investigations can be jeopardized when the time-critical criminal investigation and - surveillance information is modified or destroyed. Where the criminal case under - investigation involves major property losses, large-scale financial frauds that have - serious implications for financial markets, poses a threat to key national assets or - human life, the Recommended Integrity Impact Level is high. In international - matters, such as trade enforcement, tariff agreements, etc., or where foreign - nationals might be involved, the integrity impact level for criminal investigation - and surveillance information will be high. Any compromise of such information could - result in catastrophic adverse effects on future operations, individual and agency - reputations, and on human life.
-The provisional integrity impact level recommended for criminal investigation and - surveillance information is moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of criminal investigation and surveillance information on the ability of responsible agencies to collect evidence required to determine responsibility for a crime, to monitor and question affected parties, and to protect the safety of witnesses and law enforcement officers. The consequences of unauthorized disclosure of criminal investigation and surveillance information depend 1] on the seriousness of the crime involved, 2] timing (e.g., the ability of the criminal39 to access the information and use it to facilitate a crime, to evade detection or surveillance, or eliminate probable cause for searches and warrants), and 3] on the capability and predisposition of the criminal to injure witnesses or law enforcement officials. Special Factors Affecting Confidentiality Impact Determination: In cases where 1) the crimes are not violent and do not involve large property losses, and 2) there is no + history of violence on the part of the criminal, the confidentiality impact may be low or moderate. Given the nature of many of the crimes that are the responsibility of Federal law enforcement agencies, the consequences associated with unauthorized disclosure of criminal investigation and surveillance information must often be assumed to pose a threat to human life or result in a loss of major assets. Information that reveals the identity and/or location of informants may be of particular concern. In such cases, the confidentiality impact level is high.
+ +The provisional confidentiality impact level recommended for criminal investigation and surveillance information is moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to criminal investigation and surveillance information. Missions supported by criminal investigation and surveillance information are not always tolerant of delay. Special Factors Affecting Availability Impact Determination: There are some cases in which relatively short periods of unavailability of criminal investigation and surveillance information may result in lost surveillance opportunities or opportunities to make an arrest. Where the crimes involved pose a threat to human life and/or result in a loss of major assets, the availability impact level recommended for criminal investigation and surveillance information is high.
+The provisional availability impact level recommended for criminal investigation and surveillance information is moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of criminal investigation and surveillance information depends on the urgency with which the information is needed and on the success of subsequent prosecution of the apprehended criminal(s). Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Where unauthorized modification or destruction of criminal investigation and surveillance information can have an adverse effect on the granting or execution of a search or wiretap warrant or on the success of subsequent prosecution of the apprehended criminal a serious adverse effect on agency + operations can result. This can place the agency at a significant disadvantage. Special Factors Affecting Integrity Impact Determination: In some cases, major investigations can be jeopardized when the time-critical criminal investigation and surveillance information is modified or destroyed. Where the criminal case under investigation involves major property losses, large-scale financial frauds that have serious implications for financial markets, poses a threat to key national assets or human life, the Recommended Integrity Impact Level is high. In international matters, such as trade enforcement, tariff agreements, etc., or where foreign nationals might be involved, the integrity impact level for criminal investigation and surveillance information will be high. Any compromise of such information could result in catastrophic adverse effects on future operations, individual and agency reputations, and on human life.
+The provisional integrity impact level recommended for criminal investigation and surveillance information is moderate.
Citizen protection involves all activities performed to protect the general - population of the United States from criminal activity.
+Citizen protection involves all activities performed to protect the general population of the United States from criminal activity.
The confidentiality impact level is the effect of unauthorized disclosure of citizen - protection information on the ability of responsible agencies to protect the general - population of the United States from criminal activity. In some cases, the criminal - activity is terrorist activity intended to cause mass casualties. While the results - of unauthorized disclosure of most citizen protection information are unlikely to - have a serious adverse effect on agency operations, the exceptions can have - catastrophic consequences. Special Factors Affecting Confidentiality Impact - Determination: The consequences of unauthorized disclosure of citizen protection - information could be severe. If detailed intelligence information regarding a - planned terrorist act was disclosed, the terrorists might succeed in countering the - protection measures and carry out a devastating attack. The confidentiality impacts - associated with information concerning defensive dispositions would be high. While - the adverse effects of unauthorized disclosure of some citizen protection - information on law enforcement operations, assets, and individuals are limited; the - stakes are usually higher. Federal citizen protection activities often seek to - protect the public against life-threatening situations or against loss of major - assets.
+The confidentiality impact level is the effect of unauthorized disclosure of citizen protection information on the ability of responsible agencies to protect the general population of the United States from criminal activity. In some cases, the criminal activity is terrorist activity intended to cause mass casualties. While the results of unauthorized disclosure of most citizen protection information are unlikely to have a serious adverse effect on agency operations, the exceptions can have catastrophic consequences. Special Factors Affecting Confidentiality Impact Determination: The consequences of unauthorized disclosure of citizen protection information could be severe. If detailed intelligence information regarding a planned terrorist act was disclosed, the terrorists might succeed in countering the protection measures and carry out a devastating attack. The confidentiality impacts associated with information concerning defensive dispositions would be high. While the + adverse effects of unauthorized disclosure of some citizen protection information on law enforcement operations, assets, and individuals are limited; the stakes are usually higher. Federal citizen protection activities often seek to protect the public against life-threatening situations or against loss of major assets.
The provisional confidentiality impact level recommended for most citizen protection - information is moderate.
+The provisional confidentiality impact level recommended for most citizen protection information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to citizen - protection information. Many citizen protection missions are usually tolerant of - reasonable delays. Most criminal activity against citizen protection information is - not life threatening but can result in serious property loss. Special Factors - Affecting Availability Impact Determination: Emergency situations or elevated - terrorist threat conditions are not tolerant of delays. Where systems support - time-sensitive operations for life-threatening situations, the availability impact - level for citizen protection information is high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to citizen protection information. Many citizen protection missions are usually tolerant of reasonable delays. Most criminal activity against citizen protection information is not life threatening but can result in serious property loss. Special Factors Affecting Availability Impact Determination: Emergency situations or elevated terrorist threat conditions are not tolerant of delays. Where systems support time-sensitive operations for life-threatening situations, the availability impact level for citizen protection information is high.
In the case of most systems that support delivery of citizen protection services, the - provisional availability impact level recommended for citizen protection information - is moderate.
+In the case of most systems that support delivery of citizen protection services, the provisional availability impact level recommended for citizen protection information is moderate.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of citizen - protection information may pose a potential threat to public safety particularly if - the protective measures are compromised. Special Factors Affecting Integrity Impact - Determination: In some cases (e.g., terrorist threats), unauthorized modification or - destruction of citizen protection information can result in loss of human life - a - high-impact potential.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of citizen protection information may pose a potential threat to public safety particularly if the protective measures are compromised. Special Factors Affecting Integrity Impact Determination: In some cases (e.g., terrorist threats), unauthorized modification or destruction of citizen protection information can result in loss of human life - a high-impact potential.
The provisional integrity impact level recommended for citizen protection information - is moderate.
+The provisional integrity impact level recommended for citizen protection information is moderate.
Leadership protection involves all activities performed to protect the health and - well being of the president, vice-president, their families, and other high-level - government officials. Some leadership protection information may be classified. All - classified information is treated under separate rules established for national - security information and is outside the scope of this guideline.
+Leadership protection involves all activities performed to protect the health and well being of the president, vice-president, their families, and other high-level government officials. Some leadership protection information may be classified. All classified information is treated under separate rules established for national security information and is outside the scope of this guideline.
The confidentiality impact level is the effect of unauthorized disclosure of - leadership protection information on the abilities of responsible agencies to - protect the health and well being of the president, vice-president, their families, - and other high-level government officials. The consequences of unauthorized - disclosure of most leadership protection information are not directly - life-threatening but can have serious consequences. Special Factors Affecting - Confidentiality Impact Determination: For the unauthorized disclosure of information - that can facilitate efforts to assassinate Federal leadership, the consequences not - only pose a threat to human life, but can also have a disruptive effect on the - continuity of Federal government operations. In such cases, the confidentiality - impact level is high.
+The confidentiality impact level is the effect of unauthorized disclosure of leadership protection information on the abilities of responsible agencies to protect the health and well being of the president, vice-president, their families, and other high-level government officials. The consequences of unauthorized disclosure of most leadership protection information are not directly life-threatening but can have serious consequences. Special Factors Affecting Confidentiality Impact Determination: For the unauthorized disclosure of information that can facilitate efforts to assassinate Federal leadership, the consequences not only pose a threat to human life, but can also have a disruptive effect on the continuity of Federal government operations. In such cases, the confidentiality impact level is high.
Given the nature of most leadership protection information, the provisional - confidentiality impact level recommended for the information is moderate.
+Given the nature of most leadership protection information, the provisional confidentiality impact level recommended for the information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - leadership protection information. Special Factors Affecting Integrity Impact - Determination: In the case of Secret Service operations, missions supported by - leadership protection information are not tolerant of delays with resultant - catastrophic consequences for mission capability and human life. In such cases, the - availability impact level is high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to leadership protection information. Special Factors Affecting Integrity Impact Determination: In the case of Secret Service operations, missions supported by leadership protection information are not tolerant of delays with resultant catastrophic consequences for mission capability and human life. In such cases, the availability impact level is high.
The provisional availability impact level recommended for most leadership protection - information is low.
+The provisional availability impact level recommended for most leadership protection information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. That is, the consequences of unauthorized modification or destruction - of leadership protection information may be determined by the specific operation(s) - supported by the information. In addition, the consequences may depend on the - urgency with which the intelligence information is needed. Special Factors Affecting - Integrity Impact Determination: In the case of Secret Service operations, - unauthorized modification or destruction of information affecting leadership - protection information may adversely affect mission operations in a manner that - results in loss of human life and disruption of government operations. In such - cases, the integrity impact level is high.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. That is, the consequences of unauthorized modification or destruction of leadership protection information may be determined by the specific operation(s) supported by the information. In addition, the consequences may depend on the urgency with which the intelligence information is needed. Special Factors Affecting Integrity Impact Determination: In the case of Secret Service operations, unauthorized modification or destruction of information affecting leadership protection information may adversely affect mission operations in a manner that results in loss of human life and disruption of government operations. In such cases, the integrity impact level is high.
The provisional integrity impact level recommended for most leadership protection - information is low.
+The provisional integrity impact level recommended for most leadership protection information is low.
Property protection entails all activities performed to ensure the security of - civilian and government property.
+Property protection entails all activities performed to ensure the security of civilian and government property.
The confidentiality impact level is the effect of unauthorized disclosure of property - protection information on the ability of responsible agencies to ensure the security - of civilian and government property. The consequences of unauthorized disclosure of - property protection information are generally dependent on the nature of the - property being protected. Where the property being protected is neither critical to - agency operations nor of such value that its loss would degrade mission capability - or place the agency at a significant disadvantage, unauthorized disclosure would - have a limited adverse effect. Special Factors Affecting Confidentiality Impact - Determination: Where critical infrastructure facilities or key national assets are - being protected, the consequences of unauthorized disclosure of property protection - information might reveal vulnerabilities in protection measures to terrorists or - other adversaries. Where unauthorized disclosure of property protection information - associated with critical infrastructures, large groups of people, or key national - assets is expected to be of direct use to terrorists, the confidentiality impact - level is high. Most protected facilities are not part of national security, the - critical infrastructure, or key national asset categories. If unauthorized - disclosure of property protection information resulted in damage to these - facilities, serious adverse effects on agency operations and assets could reasonably - be expected to result. This can result in assignment of a moderate or high impact - level to such information. Where the property being protected involves classified - information, the property protection information itself might be classified. Some - examples include command and control and other military facilities, foreign - intelligence collection or processing facilities, weapons or weapons facilities, and - cryptographic activities. National security information is outside the scope of this +
The confidentiality impact level is the effect of unauthorized disclosure of property protection information on the ability of responsible agencies to ensure the security of civilian and government property. The consequences of unauthorized disclosure of property protection information are generally dependent on the nature of the property being protected. Where the property being protected is neither critical to agency operations nor of such value that its loss would degrade mission capability or place the agency at a significant disadvantage, unauthorized disclosure would have a limited adverse effect. Special Factors Affecting Confidentiality Impact Determination: Where critical infrastructure facilities or key national assets are being protected, the consequences of unauthorized disclosure of property protection information might reveal vulnerabilities in protection measures to terrorists or other adversaries. Where unauthorized disclosure of property protection + information associated with critical infrastructures, large groups of people, or key national assets is expected to be of direct use to terrorists, the confidentiality impact level is high. Most protected facilities are not part of national security, the critical infrastructure, or key national asset categories. If unauthorized disclosure of property protection information resulted in damage to these facilities, serious adverse effects on agency operations and assets could reasonably be expected to result. This can result in assignment of a moderate or high impact level to such information. Where the property being protected involves classified information, the property protection information itself might be classified. Some examples include command and control and other military facilities, foreign intelligence collection or processing facilities, weapons or weapons facilities, and cryptographic activities. National security information is outside the scope of this guideline.
The confidentiality impact level is the effect of unauthorized disclosure of property - protection information on the ability of responsible agencies to ensure the security - of civilian and government property. The consequences of unauthorized disclosure of - property protection information are generally dependent on the nature of the - property being protected. Where the property being protected is neither critical to - agency operations nor of such value that its loss would degrade mission capability - or place the agency at a significant disadvantage, unauthorized disclosure would - have a limited adverse effect. Special Factors Affecting Confidentiality Impact - Determination: Where critical infrastructure facilities or key national assets are - being protected, the consequences of unauthorized disclosure of property protection - information might reveal vulnerabilities in protection measures to terrorists or - other adversaries. Where unauthorized disclosure of property protection information - associated with critical infrastructures, large groups of people, or key national - assets is expected to be of direct use to terrorists, the confidentiality impact - level is high. Most protected facilities are not part of national security, the - critical infrastructure, or key national asset categories. If unauthorized - disclosure of property protection information resulted in damage to these - facilities, serious adverse effects on agency operations and assets could reasonably - be expected to result. This can result in assignment of a moderate or high impact - level to such information. Where the property being protected involves classified - information, the property protection information itself might be classified. Some - examples include command and control and other military facilities, foreign - intelligence collection or processing facilities, weapons or weapons facilities, and - cryptographic activities. National security information is outside the scope of this +
The confidentiality impact level is the effect of unauthorized disclosure of property protection information on the ability of responsible agencies to ensure the security of civilian and government property. The consequences of unauthorized disclosure of property protection information are generally dependent on the nature of the property being protected. Where the property being protected is neither critical to agency operations nor of such value that its loss would degrade mission capability or place the agency at a significant disadvantage, unauthorized disclosure would have a limited adverse effect. Special Factors Affecting Confidentiality Impact Determination: Where critical infrastructure facilities or key national assets are being protected, the consequences of unauthorized disclosure of property protection information might reveal vulnerabilities in protection measures to terrorists or other adversaries. Where unauthorized disclosure of property protection + information associated with critical infrastructures, large groups of people, or key national assets is expected to be of direct use to terrorists, the confidentiality impact level is high. Most protected facilities are not part of national security, the critical infrastructure, or key national asset categories. If unauthorized disclosure of property protection information resulted in damage to these facilities, serious adverse effects on agency operations and assets could reasonably be expected to result. This can result in assignment of a moderate or high impact level to such information. Where the property being protected involves classified information, the property protection information itself might be classified. Some examples include command and control and other military facilities, foreign intelligence collection or processing facilities, weapons or weapons facilities, and cryptographic activities. National security information is outside the scope of this guideline.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to property - protection information. Missions supported by property protection information are - not typically tolerant of delays, but the consequences of loss of availability of - most property protection information are limited. Special Factors Affecting - Availability Impact Determination: The consequences of inability of guard forces and - other emergency responders to receive property protection information in a timely - manner may result in catastrophic consequences for properties that could include - critical infrastructures and key national assets. In general, the availability - impact level assigned to property protection information is dependent on what is - being protected. This can result in assignment of a moderate or high impact level to - such information.
-The provisional availability impact recommended for most property protection - information is low.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - property protection information depends on the type of property being protected and - on the immediacy with which the information is expected to be used. In most cases, - unauthorized disclosure can be expected to have limited adverse consequences. - Special Factors Affecting Integrity Impact Determination: Unauthorized modification - or destruction of information affecting external communications (e.g., web pages, - electronic mail) may adversely affect operations or public confidence in the agency. - However, the potential damage to the protection mission will usually be of greater - concern. If the modified or destroyed information is tactical i.e., time-critical, - there is a greater potential for actions being taken based on incomplete or false - information. This can have serious adverse effects on protection operation. This can - result in assignment of a moderate impact level to such information.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to property protection information. Missions supported by property protection information are not typically tolerant of delays, but the consequences of loss of availability of most property protection information are limited. Special Factors Affecting Availability Impact Determination: The consequences of inability of guard forces and other emergency responders to receive property protection information in a timely manner may result in catastrophic consequences for properties that could include critical infrastructures and key national assets. In general, the availability impact level assigned to property protection information is dependent on what is being protected. This can result in assignment of a moderate or high impact level to such information.
+ +The provisional availability impact recommended for most property protection information is low.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of property protection information depends on the type of property being protected and on the immediacy with which the information is expected to be used. In most cases, unauthorized disclosure can be expected to have limited adverse consequences. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency. However, the potential damage to the protection mission will usually be of greater concern. If the modified or destroyed information is tactical i.e., time-critical, there is a greater potential for actions being taken based on incomplete or + false information. This can have serious adverse effects on protection operation. This can result in assignment of a moderate impact level to such information.
The provisional integrity impact level recommended for most property protection - information is low.
+The provisional integrity impact level recommended for most property protection information is low.
Substance control supports activities associated with the enforcement of legal - substances (i.e., alcohol and tobacco) and illegal narcotics laws including - trafficking, possession, sale, distribution, and other related activities.
+Substance control supports activities associated with the enforcement of legal substances (i.e., alcohol and tobacco) and illegal narcotics laws including trafficking, possession, sale, distribution, and other related activities.
The confidentiality impact level is the effect of unauthorized disclosure of - substance control information on the ability of responsible agencies to enforce - legal substances (i.e., alcohol and tobacco) and illegal narcotics laws including - trafficking, possession, sale, distribution, and other related activities. - Unauthorized disclosure of a significant proportion of substance control information - can compromise investigations, cause apprehension operations to fail, and compromise - prosecutions. This can have a serious adverse effect on agency operations and place - the agency at a significant disadvantage. Special Factors Affecting Confidentiality - Impact Determination: Unauthorized disclosure of some routine substance control - information is unlikely to have more than a limited adverse effect on agency - operations, agency assets, or individuals. The confidentiality impact associated - with such information is low. Where the unauthorized disclosure of information - exposes sensitive information sources or compromises investigative or interdiction - operations, the consequences of unauthorized disclosure of substance control - information may have a serious adverse effect on agency operations, significantly - degrade mission capability, and/or pose a threat to human life. Where unauthorized - disclosure endangers investigations in process, investigative or intelligence - information sources, or information regarding witnesses or other critical case file - elements, the danger to human life and key agency missions can be significant. Where - unauthorized disclosure endangers witnesses or law enforcement officers, the impact - level must be rated as high. Other factors affecting confidentiality impacts - associated with substance control information are discussed under Section D.16.1 - (Criminal Apprehension) and Section D.16.2 (Criminal Investigation and - Surveillance). Some substance control information is classified (e.g., some - intelligence-derived information). Classified information and other national - security information are outside the scope of this guideline
-The provisional confidentiality impact level recommended for most substance control - information is moderate.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - substance control information. Most substance control processes are usually tolerant - of reasonable delays. Special Factors Affecting Availability Impact Determination: - The consequences of unavailability of information can be serious if the information - is critical to tactical operations i.e., is time-critical. Failure of some processes - during tactical operations can result in both threats to human life and severe harm - to public confidence in the agency. The impact level assigned to information and - information systems associated with these tactical processes is high.
-The provisional availability impact level recommended for most substance control - information is moderate.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The amount of money available to perpetrators significantly increases - the insider threat. The consequences of unauthorized modification or destruction of - information can be serious if the information is critical to tactical operations - i.e., is time-critical. Unauthorized modification or destruction of information - affecting external communications (e.g., web pages, electronic mail) may adversely - affect operations or public confidence in the agency, but the damage to most - missions would usually be limited Special Factors Affecting Confidentiality Impact - Determination: Unauthorized modification or destruction of information (particularly - time-critical information) affecting internal communications can jeopardize - investigations, prosecutions, the lives of witnesses, and the safety of enforcement - officers. In some cases, unauthorized modification or destruction of information can - result in loss of human life. In such cased, the integrity impact level is high. - Other factors affecting integrity impacts associated with substance control - information are discussed under Section D.16.1 (Criminal Apprehension) and Section - D.16.2 (Criminal Investigation and Surveillance).
-Because the consequences of unauthorized modification or destruction of information - can be serious if the information is critical to tactical operations (i.e., is - time-critical), the provisional integrity impact level recommended for substance - control information is moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of substance control information on the ability of responsible agencies to enforce legal substances (i.e., alcohol and tobacco) and illegal narcotics laws including trafficking, possession, sale, distribution, and other related activities. Unauthorized disclosure of a significant proportion of substance control information can compromise investigations, cause apprehension operations to fail, and compromise prosecutions. This can have a serious adverse effect on agency operations and place the agency at a significant disadvantage. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some routine substance control information is unlikely to have more than a limited adverse effect on agency operations, agency assets, or individuals. The confidentiality impact associated with such information is low. Where the unauthorized disclosure of information exposes + sensitive information sources or compromises investigative or interdiction operations, the consequences of unauthorized disclosure of substance control information may have a serious adverse effect on agency operations, significantly degrade mission capability, and/or pose a threat to human life. Where unauthorized disclosure endangers investigations in process, investigative or intelligence information sources, or information regarding witnesses or other critical case file elements, the danger to human life and key agency missions can be significant. Where unauthorized disclosure endangers witnesses or law enforcement officers, the impact level must be rated as high. Other factors affecting confidentiality impacts associated with substance control information are discussed under Section D.16.1 (Criminal Apprehension) and Section D.16.2 (Criminal Investigation and Surveillance). Some substance control information is classified (e.g., some intelligence-derived + information). Classified information and other national security information are outside the scope of this guideline
+ +The provisional confidentiality impact level recommended for most substance control information is moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to substance control information. Most substance control processes are usually tolerant of reasonable delays. Special Factors Affecting Availability Impact Determination: The consequences of unavailability of information can be serious if the information is critical to tactical operations i.e., is time-critical. Failure of some processes during tactical operations can result in both threats to human life and severe harm to public confidence in the agency. The impact level assigned to information and information systems associated with these tactical processes is high.
+The provisional availability impact level recommended for most substance control information is moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The amount of money available to perpetrators significantly increases the insider threat. The consequences of unauthorized modification or destruction of information can be serious if the information is critical to tactical operations i.e., is time-critical. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to most missions would usually be limited Special Factors Affecting Confidentiality Impact Determination: Unauthorized modification or destruction of information (particularly time-critical information) affecting internal communications can jeopardize investigations, prosecutions, the lives of witnesses, and the safety of enforcement + officers. In some cases, unauthorized modification or destruction of information can result in loss of human life. In such cased, the integrity impact level is high. Other factors affecting integrity impacts associated with substance control information are discussed under Section D.16.1 (Criminal Apprehension) and Section D.16.2 (Criminal Investigation and Surveillance).
+Because the consequences of unauthorized modification or destruction of information can be serious if the information is critical to tactical operations (i.e., is time-critical), the provisional integrity impact level recommended for substance control information is moderate.
Crime prevention entails all efforts designed to create safer communities through the - control and reduction of crime by addressing the causes of crime and reducing the - opportunities of crime.
+Crime prevention entails all efforts designed to create safer communities through the control and reduction of crime by addressing the causes of crime and reducing the opportunities of crime.
The confidentiality impact level is the effect of unauthorized disclosure of crime - prevention information on the ability of responsible agencies to create safer - communities through the control and reduction of crime by addressing the causes of - crime and reducing the opportunities of crime. Generally, the unauthorized - disclosure of crime prevention information will have only a limited adverse effect - on agency operations, assets, or individuals. Special Factors Affecting - Confidentiality Impact Determination: In a few cases, details of crime prevention - programs are sensitive (e.g., location of actively monitored surveillance cameras - where only a fraction of camera feeds are monitored). In such cases, unauthorized - disclosure of crime prevention information might have a serious adverse effect on - crime prevention operations by eliminating uncertainty regarding surveillance - patterns. Therefore, the confidentiality impact might be moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of crime prevention information on the ability of responsible agencies to create safer communities through the control and reduction of crime by addressing the causes of crime and reducing the opportunities of crime. Generally, the unauthorized disclosure of crime prevention information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In a few cases, details of crime prevention programs are sensitive (e.g., location of actively monitored surveillance cameras where only a fraction of camera feeds are monitored). In such cases, unauthorized disclosure of crime prevention information might have a serious adverse effect on crime prevention operations by eliminating uncertainty regarding surveillance patterns. Therefore, the confidentiality impact might be moderate.
The provisional confidentiality impact level recommended for crime prevention - information is low.
+The provisional confidentiality impact level recommended for crime prevention information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to crime - prevention information. Most crime prevention processes are tolerant of delay. In - most cases, disruption of access to crime prevention information can be expected to - have only a limited adverse effect on agency operations, agency assets, or - individuals. Special Factors Affecting Availability Impact Determination: In - exceptional cases (e.g., orders associated with deployment of officers to provide a - crime-discouraging presence in developing threat situations), loss of availability - of information can have a serious adverse effect on crime prevention operations. In - such cases, the availability impact might be moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to crime prevention information. Most crime prevention processes are tolerant of delay. In most cases, disruption of access to crime prevention information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In exceptional cases (e.g., orders associated with deployment of officers to provide a crime-discouraging presence in developing threat situations), loss of availability of information can have a serious adverse effect on crime prevention operations. In such cases, the availability impact might be moderate.
The provisional availability impact level recommended for crime prevention - information is low.
+The provisional availability impact level recommended for crime prevention information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Crime prevention activities are not generally time-critical. In most - cases, the adverse effects of unauthorized modification or destruction of crime - prevention information on agency mission functions and/or public confidence in the - agency would be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Crime prevention activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of crime prevention information on agency mission functions and/or public confidence in the agency would be limited.
The provisional integrity impact level recommended for crime prevention information - is low.
+The provisional integrity impact level recommended for crime prevention information is low.
Trade law enforcement refers to the enforcement of anti-boycott, international loan, - and general trade laws.
+Trade law enforcement refers to the enforcement of anti-boycott, international loan, and general trade laws.
The confidentiality impact level is the effect of unauthorized disclosure of trade - law enforcement information on the ability of responsible agencies to enforce - various Customs laws. Unauthorized disclosure of trade law enforcement information - could potentially jeopardize fulfillment of other trade law enforcement missions. - Some information that has supported a trade law enforcement process might be of - higher sensitivity, and unauthorized disclosure of this information might jeopardize - the success of future trade law enforcement processes. The subsequent threat to - agency image or reputation can cause a serious adverse effect on an agency’s mission - capability. Where information includes names of informants, informant contacts, or - agency personnel, the effectiveness of those personnel in future enforcement - activities can be permanently impaired, or their lives threatened. Intelligence - information falls under national security systems. National security information and +
The confidentiality impact level is the effect of unauthorized disclosure of trade law enforcement information on the ability of responsible agencies to enforce various Customs laws. Unauthorized disclosure of trade law enforcement information could potentially jeopardize fulfillment of other trade law enforcement missions. Some information that has supported a trade law enforcement process might be of higher sensitivity, and unauthorized disclosure of this information might jeopardize the success of future trade law enforcement processes. The subsequent threat to agency image or reputation can cause a serious adverse effect on an agency’s mission capability. Where information includes names of informants, informant contacts, or agency personnel, the effectiveness of those personnel in future enforcement activities can be permanently impaired, or their lives threatened. Intelligence information falls under national security systems. National security information and national security systems are outside the scope of this guideline.
The provisional confidentiality impact level recommended for most trade law - enforcement information is moderate.
+The provisional confidentiality impact level recommended for most trade law enforcement information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to trade - law enforcement information. The effects of disruption of access to trade law - enforcement information or information systems can be serious or, in some cases, - catastrophic if the information is time-critical. Trade law enforcement missions are - typically intolerant of significant time delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to trade law enforcement information. The effects of disruption of access to trade law enforcement information or information systems can be serious or, in some cases, catastrophic if the information is time-critical. Trade law enforcement missions are typically intolerant of significant time delays.
The provisional availability impact level recommended for most trade law enforcement - information is moderate.
+The provisional availability impact level recommended for most trade law enforcement information is moderate.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of trade - law enforcement information may depend on whether the information is time-critical. - The compromise of trade law enforcement information can be serious or, in some - cases, catastrophic if the information is time-critical. Also, the results of trade - law enforcement activities may become matters of public record, and thus must be - accurately recorded. Special Factors Affecting Integrity Impact Determination: - Unauthorized modification or destruction of information affecting trade law - enforcement information may adversely affect mission operations and result in - unacceptable consequences such as loss of human life. The compromise of trade law - enforcement information can be serious or catastrophic if the information is - time-critical. This can result in assignment of a high impact level to such - information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of trade law enforcement information may depend on whether the information is time-critical. The compromise of trade law enforcement information can be serious or, in some cases, catastrophic if the information is time-critical. Also, the results of trade law enforcement activities may become matters of public record, and thus must be accurately recorded. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting trade law enforcement information may adversely affect mission operations and result in unacceptable consequences such as loss of human life. The compromise of trade law enforcement information can be serious or catastrophic if the information is time-critical. + This can result in assignment of a high impact level to such information.
The provisional integrity impact level recommended for most trade law enforcement - information is moderate.
+The provisional integrity impact level recommended for most trade law enforcement information is moderate.
Judicial hearings include activities associated with conducting a hearing in a court - of law to settle a dispute.
+Judicial hearings include activities associated with conducting a hearing in a court of law to settle a dispute.
The confidentiality impact level is the effect of unauthorized disclosure of judicial - hearings information on the ability of responsible entities to conducting a hearing - in a court of law to settle a dispute. While much information associated with - judicial hearings is public, some information is sealed by the court and - unauthorized disclosure is punishable by law, fine and/or imprisonment. In the vast - majority of cases, unauthorized disclosure of judicial hearings information will - have only a limited adverse effect on agency operations, assets, or individuals. - Special Factors Affecting Confidentiality Impact Determination: Where the life of a - victim, witness, or informant may be endangered by unauthorized disclosure, the - confidentiality impact is high. Also, where the consequences are likely to endanger - public safety, the confidentiality impact is high.
+The confidentiality impact level is the effect of unauthorized disclosure of judicial hearings information on the ability of responsible entities to conducting a hearing in a court of law to settle a dispute. While much information associated with judicial hearings is public, some information is sealed by the court and unauthorized disclosure is punishable by law, fine and/or imprisonment. In the vast majority of cases, unauthorized disclosure of judicial hearings information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where the life of a victim, witness, or informant may be endangered by unauthorized disclosure, the confidentiality impact is high. Also, where the consequences are likely to endanger public safety, the confidentiality impact is high.
Given the consequences of unauthorized disclosure, the provisional confidentiality - impact level recommended for judicial hearings information is moderate.
+Given the consequences of unauthorized disclosure, the provisional confidentiality impact level recommended for judicial hearings information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to judicial - hearings information. Most judicial hearings processes are tolerant of delay. In - most cases, disruption of access to judicial hearings information can be expected to - have only a limited adverse effect on government operations, agency assets, or - individuals. Special Factors Affecting Availability Impact Determination: In - exceptional cases (e.g., orders associated with wiretap or search warrants), loss of - availability of information can have a serious or severe adverse effect. In such - cases, the availability impact might be moderate or high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to judicial hearings information. Most judicial hearings processes are tolerant of delay. In most cases, disruption of access to judicial hearings information can be expected to have only a limited adverse effect on government operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In exceptional cases (e.g., orders associated with wiretap or search warrants), loss of availability of information can have a serious or severe adverse effect. In such cases, the availability impact might be moderate or high.
The provisional availability impact level recommended for judicial hearings - information is low.
+The provisional availability impact level recommended for judicial hearings information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Judicial hearings activities are not typically time-critical. - Modification or destruction of court records can result in disruption or jeopardy to - legal proceedings. In most cases, the adverse effects of unauthorized modification - or destruction of judicial hearings information on agency mission functions and/or - public confidence in the agency will be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Judicial hearings activities are not typically time-critical. Modification or destruction of court records can result in disruption or jeopardy to legal proceedings. In most cases, the adverse effects of unauthorized modification or destruction of judicial hearings information on agency mission functions and/or public confidence in the agency will be limited.
The provisional integrity impact level recommended for judicial hearings information - is low.
+The provisional integrity impact level recommended for judicial hearings information is low.
Legal defense refers to the representation of a defendant in a criminal/civil court - of law in an attempt to provide constitutional guarantees to legal representation. - The sensitivity of much legal information is highly lifecycle-dependent. From a - confidentiality perspective, most information associated with litigation and - judicial activities is in the public record after the information has been presented - in court.
+Legal defense refers to the representation of a defendant in a criminal/civil court of law in an attempt to provide constitutional guarantees to legal representation. The sensitivity of much legal information is highly lifecycle-dependent. From a confidentiality perspective, most information associated with litigation and judicial activities is in the public record after the information has been presented in court.
The confidentiality impact level is the effect of unauthorized disclosure of legal - defense information on the representation of a defendant in a criminal/civil court - of law and on the ability of the government to provide constitutional guarantees to - legal representation. Dissemination of legal defense information is governed by - privacy laws and by Rules of Criminal Procedure, Rules of Civil Procedure, and other - laws governing adversarial legal proceedings. While much information associated with - legal defense is public, some information is sealed by the court or is otherwise - protected from disclosure. Violation of rules regarding unauthorized disclosure is - punishable by law, disbarment, fine, and/or imprisonment. Generally, the - unauthorized disclosure of legal defense information will have only a limited - adverse effect on agency operations, assets, or individuals. Where unauthorized - disclosure of information might have a serious adverse effect on legal defense, - there is a presumption of a miscarriage of justice. If an unauthorized disclosure is - discovered, the legal proceeding may be jeopardized (e.g., a mistrial may be - declared). The cost to the government and others in terms of finance, time, and - disruption to normal operations can be severe. If suspicion is raised concerning - government complicity or negligence, serious loss of public confidence in government - agencies or the legal process may result. Special Factors Affecting Confidentiality - Impact Determination: Where the life of a victim, witness, or informant may be - endangered by disclosure, the confidentiality impact will be high. Also, where the - consequences of a miscarriage of justice are likely to endanger public safety (e.g., - release of a terrorist or other murderer), the confidentiality impact will be - high.
+The confidentiality impact level is the effect of unauthorized disclosure of legal defense information on the representation of a defendant in a criminal/civil court of law and on the ability of the government to provide constitutional guarantees to legal representation. Dissemination of legal defense information is governed by privacy laws and by Rules of Criminal Procedure, Rules of Civil Procedure, and other laws governing adversarial legal proceedings. While much information associated with legal defense is public, some information is sealed by the court or is otherwise protected from disclosure. Violation of rules regarding unauthorized disclosure is punishable by law, disbarment, fine, and/or imprisonment. Generally, the unauthorized disclosure of legal defense information will have only a limited adverse effect on agency operations, assets, or individuals. Where unauthorized disclosure of information might have a serious adverse effect on legal defense, there is a + presumption of a miscarriage of justice. If an unauthorized disclosure is discovered, the legal proceeding may be jeopardized (e.g., a mistrial may be declared). The cost to the government and others in terms of finance, time, and disruption to normal operations can be severe. If suspicion is raised concerning government complicity or negligence, serious loss of public confidence in government agencies or the legal process may result. Special Factors Affecting Confidentiality Impact Determination: Where the life of a victim, witness, or informant may be endangered by disclosure, the confidentiality impact will be high. Also, where the consequences of a miscarriage of justice are likely to endanger public safety (e.g., release of a terrorist or other murderer), the confidentiality impact will be high.
Given legal consequences of unauthorized disclosure, the provisional confidentiality - impact level recommended for legal defense information is moderate.
+Given legal consequences of unauthorized disclosure, the provisional confidentiality impact level recommended for legal defense information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to legal - defense information. Most legal defense processes are tolerant of delay. Delays can - impact court schedules, cause significant taxpayer expense, and potentially - jeopardize legal proceedings (see C17.2.2). In most cases, disruption of access to - legal defense information can be expected to have only a limited adverse effect on - government operations, agency assets, or individuals. Special Factors Affecting - Availability Impact Determination: In exceptional cases (e.g., information affecting - a ruling regarding an impending execution), loss of availability of information can - have a severe adverse effect. The consequent availability impact level would be - high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to legal defense information. Most legal defense processes are tolerant of delay. Delays can impact court schedules, cause significant taxpayer expense, and potentially jeopardize legal proceedings (see C17.2.2). In most cases, disruption of access to legal defense information can be expected to have only a limited adverse effect on government operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In exceptional cases (e.g., information affecting a ruling regarding an impending execution), loss of availability of information can have a severe adverse effect. The consequent availability impact level would be high.
The provisional availability impact level recommended for legal defense information - is low.
+The provisional availability impact level recommended for legal defense information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Legal defense activities are not typically time-critical. In most - cases, unauthorized modification or destruction of legal defense information will - have only a limited adverse effect on government operations, government assets, or - individuals. Special Factors Affecting Integrity Impact Determination: For legal - defense information, when evidence or other defense information has been compromised - the legal proceedings can be jeopardized. As a consequence, the cost to the - government and other entities in terms of finance, time, and disruption to normal - operations may be severe. If suspicion is raised concerning government complicity or - negligence, serious loss of public confidence in government agencies or the legal - process may result. In this case, the integrity impact level will be moderate. When - the modification or destruction of legal defense information endangers public safety - (e.g., release of a terrorist or other murderer), the integrity impact will be high. - Even if public safety is not endangered, the modification or destruction of legal - defense information may result in expensive and disruptive civil or criminal - proceedings.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Legal defense activities are not typically time-critical. In most cases, unauthorized modification or destruction of legal defense information will have only a limited adverse effect on government operations, government assets, or individuals. Special Factors Affecting Integrity Impact Determination: For legal defense information, when evidence or other defense information has been compromised the legal proceedings can be jeopardized. As a consequence, the cost to the government and other entities in terms of finance, time, and disruption to normal operations may be severe. If suspicion is raised concerning government complicity or negligence, serious loss of public confidence in government agencies or the legal process may result. In this case, the integrity impact level will be moderate. + When the modification or destruction of legal defense information endangers public safety (e.g., release of a terrorist or other murderer), the integrity impact will be high. Even if public safety is not endangered, the modification or destruction of legal defense information may result in expensive and disruptive civil or criminal proceedings.
Given the legal consequences of unauthorized modification or destruction and - potential consequences for human life, the provisional integrity impact level - recommended for legal defense information is high.
+Given the legal consequences of unauthorized modification or destruction and potential consequences for human life, the provisional integrity impact level recommended for legal defense information is high.
Legal investigation supports activities associated with gathering information about a - given party (government agency, citizen, corporation) that would be admissible in a - court of law, in an attempt to prove guilt or innocence. The
+Legal investigation supports activities associated with gathering information about a given party (government agency, citizen, corporation) that would be admissible in a court of law, in an attempt to prove guilt or innocence. The
The confidentiality impact level is the effect of unauthorized disclosure of legal - investigation information on the ability of responsible agencies to gather - information about a given party (government agency, citizen, corporation) that would - be admissible in a court of law, in an attempt to prove guilt or innocence. Special - Factors Affecting Confidentiality Impact Determination: The consequences of - unauthorized disclosure of legal investigation information depend 1] on the - seriousness of the crime involved, 2] timing (e.g., the ability of the criminal40 to - access the information and use it to commit a crime or to evade detection or - surveillance), and 3] on the capability criminal to injure witnesses or law - enforcement officials. In cases where 1) the crimes are not violent and do not - inextraordinarily large property losses, and 2) there is no indication of a record - of violence on the part of the criminal, the confidentiality impact may be low or - moderate. Given the nature of many of the crimes that are the responsibility of - Federal law enforcement agencies, the consequences associated with unauthorized - disclosure of legal investigation information will pose a threat to human life or - result in a loss of major assets. Additionally, when the disclosure concerns matters - of multi-national interest, such as trade enforcement, tariff agreements, etc., or - where foreign nationals might be involved, the confidentiality impact will be high. - Information that reveals the identity and/or location of informants may be of - particular concern.
-Given potentially serious to severe legal consequences of unauthorized disclosure, - the provisional confidentiality impact level recommended for legal investigation - information is moderate.
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to legal - investigation information. Missions supported by legal investigation information are - not typically tolerant of delay with resultant serious consequences for ongoing - investigations. Special Factors Affecting Availability Impact Determination: Where - the crimes involved pose a threat to human life and/or result in a loss of major - assets, the availability impact level recommended for legal investigation - information is high.
-The provisional availability impact level recommended for legal investigation - information is moderate.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of legal - investigation information may depend on whether the information is time-critical. - Unauthorized modification or destruction of information affecting external - communications associated with legal investigative organizations (e.g., web pages, - electronic mail) may adversely affect operations or public confidence in the agency, - but the damage to the mission would usually be limited. Where unauthorized - modification or destruction of information has an adverse effect on the - granting/executing of a search or wiretap warrant or on the success of the - subsequent prosecution, a serious adverse effect on agency operations may result. - This can place the agency at a significant disadvantage. Special Factors Affecting - Integrity Impact Determination: Legal investigation mission requirements may include - time-critical information. In such cases, major investigations can be jeopardized by - the unauthorized modification or destruction of legal investigation information. - Where the criminal case under investigation involves major property losses, - large-scale financial frauds, poses a threat to key national assets or human life, - the integrity impact level recommended for legal investigation information is high. - When legal investigation information addresses international matters, such as trade - enforcement or tariff agreements or when foreign nationals are involved, the - integrity level is high. Any deliberate or inadvertent corruption of such - information could result in catastrophic adverse effects on future operations, - individual or agency reputations, and human life.
-The provisional integrity impact level recommended for legal investigation - information is moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of legal investigation information on the ability of responsible agencies to gather information about a given party (government agency, citizen, corporation) that would be admissible in a court of law, in an attempt to prove guilt or innocence. Special Factors Affecting Confidentiality Impact Determination: The consequences of unauthorized disclosure of legal investigation information depend 1] on the seriousness of the crime involved, 2] timing (e.g., the ability of the criminal40 to access the information and use it to commit a crime or to evade detection or surveillance), and 3] on the capability criminal to injure witnesses or law enforcement officials. In cases where 1) the crimes are not violent and do not inextraordinarily large property losses, and 2) there is no indication of a record of violence on the part of the criminal, the confidentiality impact may be low or moderate. Given the + nature of many of the crimes that are the responsibility of Federal law enforcement agencies, the consequences associated with unauthorized disclosure of legal investigation information will pose a threat to human life or result in a loss of major assets. Additionally, when the disclosure concerns matters of multi-national interest, such as trade enforcement, tariff agreements, etc., or where foreign nationals might be involved, the confidentiality impact will be high. Information that reveals the identity and/or location of informants may be of particular concern.
+ +Given potentially serious to severe legal consequences of unauthorized disclosure, the provisional confidentiality impact level recommended for legal investigation information is moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to legal investigation information. Missions supported by legal investigation information are not typically tolerant of delay with resultant serious consequences for ongoing investigations. Special Factors Affecting Availability Impact Determination: Where the crimes involved pose a threat to human life and/or result in a loss of major assets, the availability impact level recommended for legal investigation information is high.
+The provisional availability impact level recommended for legal investigation information is moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of legal investigation information may depend on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications associated with legal investigative organizations (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Where unauthorized modification or destruction of information has an adverse effect on the granting/executing of a search or wiretap warrant or on the success of the subsequent prosecution, a serious adverse effect on agency operations may result. This can place the agency at a significant disadvantage. Special Factors Affecting Integrity Impact + Determination: Legal investigation mission requirements may include time-critical information. In such cases, major investigations can be jeopardized by the unauthorized modification or destruction of legal investigation information. Where the criminal case under investigation involves major property losses, large-scale financial frauds, poses a threat to key national assets or human life, the integrity impact level recommended for legal investigation information is high. When legal investigation information addresses international matters, such as trade enforcement or tariff agreements or when foreign nationals are involved, the integrity level is high. Any deliberate or inadvertent corruption of such information could result in catastrophic adverse effects on future operations, individual or agency reputations, and human life.
+The provisional integrity impact level recommended for legal investigation information is moderate.
Legal prosecution/litigation includes all activities involved with presenting a case - in a legal proceeding both in a criminal or civil court of law in an attempt to - prove guilt/responsibility.
+Legal prosecution/litigation includes all activities involved with presenting a case in a legal proceeding both in a criminal or civil court of law in an attempt to prove guilt/responsibility.
The confidentiality impact level is the effect of unauthorized disclosure of legal - prosecution/litigation information on the ability of responsible agencies to present - a case in a legal proceeding either in a criminal or civil court of law in an - attempt to prove guilt/responsibility. Dissemination of legal prosecution/litigation - information is governed by privacy laws and by Rules of Criminal Procedure, Rules of - Civil Procedure, and other laws governing adversarial legal proceedings. While most - information associated with legal prosecution/litigation is public, some information - is sealed by the court or is otherwise protected from disclosure. Violation of rules - regarding unauthorized disclosure is punishable by law, disbarment, fine, and/or - imprisonment. Generally, the unauthorized disclosure of legal prosecution/litigation - information will have only a limited adverse effect on agency operations, assets, or - individuals. In criminal cases, the consequences of unauthorized disclosure of legal - prosecution information are affected by 1] the seriousness of the crime involved, 2] - timing (e.g., the ability of the criminal to access the information and use it to - commit a crime or evade detection or surveillance), and 3] the capability of the - criminal to injure witnesses or law enforcement officials. Special Factors Affecting - Confidentiality Impact Determination: Where unauthorized disclosure of information - might have a serious adverse effect on legal prosecution/ litigation, there is a - presumption of a miscarriage of justice. If an unauthorized disclosure is - discovered, the legal proceeding is jeopardized (e.g., a mistrial may be declared). - The cost to the government and others in terms of finance, time, and disruption to - normal operations can be severe. If suspicion is raised concerning government - complicity or negligence, serious loss of public confidence in government agencies - or the legal process may result. In this case, the confidentiality impact of - unauthorized disclosure will be moderate. Where the life of a complainant, victim, - witness, or informant may be endangered by disclosure, the confidentiality impact - will be high. Also, where the consequences of a miscarriage of justice are likely to - endanger public safety (e.g., release of a terrorist or other murderer), the - confidentiality impact will be high. Given the nature of many of the crimes that are - the responsibility of Federal law enforcement agencies, the consequences associated - with unauthorized disclosure of legal prosecution information must be assumed to - pose a threat to human life or result in a loss of major assets. Additionally, when - a legal proceeding concerns matters of trans-national interest, such as trade - enforcement, tariff agreements, etc., or where foreign nationals might be involved, - the confidentiality impact will be high. Information that reveals the identity - and/or location of informants may be of particular concern. [The impact of - unauthorized disclosure of national security information is outside the scope of - this guideline.]
-Given the public nature of and disclosure rules associated with most - prosecution/litigation information, the provisional confidentiality impact level - recommended is low. In cases where 1) the crimes are not violent and do not involve - extraordinarily large property losses, and 2) there is no indication of a record of - violence on the part of the criminal, the confidentiality impact may be low
-The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to legal - prosecution/litigation information. Most legal prosecution/litigation processes are - tolerant of delay even though the delays can impact court schedules, cause - significant taxpayer expense, and potentially jeopardize legal proceedings (see - C17.4.2). Typically, the disruption of access to legal prosecution/litigation - information can be expected to have only a limited adverse effect on government - operations, agency assets, or individuals. Special Factors Affecting Availability - Impact Determination: In exceptional cases (e.g., information affecting a ruling - regarding an impending execution), loss of availability of information can have a - severe adverse effect. The availability impact level recommended for this legal - prosecution/litigation information is high.
-The provisional availability impact level recommended for legal - prosecution/litigation information is low.
-The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Legal prosecution/litigation activities are not typically - time-critical. Unauthorized modification or destruction of information affecting - external communications associated with legal prosecution/litigation organizations - (e.g., web pages, electronic mail) may adversely affect operations or public - confidence in the agency, but the damage to the mission would usually be limited. In - general, the unauthorized modification or destruction of legal - prosecution/litigation information will have only a limited adverse effect on - government operations, government assets, or individuals. However, if evidence or - other defense information has been compromised, legal proceedings may be affected - (e.g., a mistrial may be declared). The subsequent cost to the government in terms - of finance, time, and disruption to normal operations may be severe. If suspicion is - raised concerning government complicity or negligence, serious loss of public - confidence in government agencies or the legal process may result. Special Factors - Affecting Integrity Impact Determination: Where the life of a victim, witness, or - informant may be endangered, the integrity impact will be high. Also, where the - consequences of a miscarriage of justice are likely to endanger public safety (e.g., - release of a terrorist or other murderer), the integrity impact will be high.
-Given the legal consequences of the unauthorized modification or destruction of legal - prosecution/litigation information, the provisional integrity impact level - recommended for legal prosecution/litigation information is moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of legal prosecution/litigation information on the ability of responsible agencies to present a case in a legal proceeding either in a criminal or civil court of law in an attempt to prove guilt/responsibility. Dissemination of legal prosecution/litigation information is governed by privacy laws and by Rules of Criminal Procedure, Rules of Civil Procedure, and other laws governing adversarial legal proceedings. While most information associated with legal prosecution/litigation is public, some information is sealed by the court or is otherwise protected from disclosure. Violation of rules regarding unauthorized disclosure is punishable by law, disbarment, fine, and/or imprisonment. Generally, the unauthorized disclosure of legal prosecution/litigation information will have only a limited adverse effect on agency operations, assets, or individuals. In criminal cases, the consequences of unauthorized + disclosure of legal prosecution information are affected by 1] the seriousness of the crime involved, 2] timing (e.g., the ability of the criminal to access the information and use it to commit a crime or evade detection or surveillance), and 3] the capability of the criminal to injure witnesses or law enforcement officials. Special Factors Affecting Confidentiality Impact Determination: Where unauthorized disclosure of information might have a serious adverse effect on legal prosecution/ litigation, there is a presumption of a miscarriage of justice. If an unauthorized disclosure is discovered, the legal proceeding is jeopardized (e.g., a mistrial may be declared). The cost to the government and others in terms of finance, time, and disruption to normal operations can be severe. If suspicion is raised concerning government complicity or negligence, serious loss of public confidence in government agencies or the legal process may result. In this case, the + confidentiality impact of unauthorized disclosure will be moderate. Where the life of a complainant, victim, witness, or informant may be endangered by disclosure, the confidentiality impact will be high. Also, where the consequences of a miscarriage of justice are likely to endanger public safety (e.g., release of a terrorist or other murderer), the confidentiality impact will be high. Given the nature of many of the crimes that are the responsibility of Federal law enforcement agencies, the consequences associated with unauthorized disclosure of legal prosecution information must be assumed to pose a threat to human life or result in a loss of major assets. Additionally, when a legal proceeding concerns matters of trans-national interest, such as trade enforcement, tariff agreements, etc., or where foreign nationals might be involved, the confidentiality impact will be high. Information that reveals the identity and/or location of informants may be of particular + concern. [The impact of unauthorized disclosure of national security information is outside the scope of this guideline.]
+ +Given the public nature of and disclosure rules associated with most prosecution/litigation information, the provisional confidentiality impact level recommended is low. In cases where 1) the crimes are not violent and do not involve extraordinarily large property losses, and 2) there is no indication of a record of violence on the part of the criminal, the confidentiality impact may be low
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to legal prosecution/litigation information. Most legal prosecution/litigation processes are tolerant of delay even though the delays can impact court schedules, cause significant taxpayer expense, and potentially jeopardize legal proceedings (see C17.4.2). Typically, the disruption of access to legal prosecution/litigation information can be expected to have only a limited adverse effect on government operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In exceptional cases (e.g., information affecting a ruling regarding an impending execution), loss of availability of information can have a severe adverse effect. The availability impact level recommended for this legal prosecution/litigation information is high.
+The provisional availability impact level recommended for legal prosecution/litigation information is low.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Legal prosecution/litigation activities are not typically time-critical. Unauthorized modification or destruction of information affecting external communications associated with legal prosecution/litigation organizations (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. In general, the unauthorized modification or destruction of legal prosecution/litigation information will have only a limited adverse effect on government operations, government assets, or individuals. However, if evidence or other defense information has been compromised, legal proceedings may be affected (e.g., a mistrial may be declared). The subsequent cost to the government in terms of finance, time, and disruption + to normal operations may be severe. If suspicion is raised concerning government complicity or negligence, serious loss of public confidence in government agencies or the legal process may result. Special Factors Affecting Integrity Impact Determination: Where the life of a victim, witness, or informant may be endangered, the integrity impact will be high. Also, where the consequences of a miscarriage of justice are likely to endanger public safety (e.g., release of a terrorist or other murderer), the integrity impact will be high.
+Given the legal consequences of the unauthorized modification or destruction of legal prosecution/litigation information, the provisional integrity impact level recommended for legal prosecution/litigation information is moderate.
Resolution facilitation involves all activities outside of a court of law that may be - used in an attempt to settle a dispute between two or more parties (government, - citizen, corporation).
+Resolution facilitation involves all activities outside of a court of law that may be used in an attempt to settle a dispute between two or more parties (government, citizen, corporation).
The confidentiality impact level is the effect of unauthorized disclosure of - resolution facilitation information on the ability of responsible entities to settle - a dispute between two or more parties (government, citizen, corporation) outside of - a court of law. While some information associated with resolution facilitation is - public, much of the information is private and/or proprietary. Unauthorized - disclosure of such information can disrupt or defeat the dispute resolution process. - The consequences typically depend on the nature of the dispute. Jeopardy to the - resolution process will not usually involve threats to critical infrastructures, key - national assets, or human life. Typically, the unauthorized disclosure of resolution - facilitation information will have only a limited adverse effect on agency - operations, assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: Where large monetary amounts and/or violent crimes are involved, the - confidentiality impact of unauthorized disclosure of resolution facilitation - information is at least moderate. In exceptional cases human lives may be - jeopardized by failure of the resolution facilitation process. Additionally, when - resolution facilitation concerns matters of trans-national interest, such as trade - enforcement, tariff agreements, etc., or where foreign nationals might be involved, - the confidentiality impact will be high.
+The confidentiality impact level is the effect of unauthorized disclosure of resolution facilitation information on the ability of responsible entities to settle a dispute between two or more parties (government, citizen, corporation) outside of a court of law. While some information associated with resolution facilitation is public, much of the information is private and/or proprietary. Unauthorized disclosure of such information can disrupt or defeat the dispute resolution process. The consequences typically depend on the nature of the dispute. Jeopardy to the resolution process will not usually involve threats to critical infrastructures, key national assets, or human life. Typically, the unauthorized disclosure of resolution facilitation information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where large monetary amounts and/or violent crimes are involved, the + confidentiality impact of unauthorized disclosure of resolution facilitation information is at least moderate. In exceptional cases human lives may be jeopardized by failure of the resolution facilitation process. Additionally, when resolution facilitation concerns matters of trans-national interest, such as trade enforcement, tariff agreements, etc., or where foreign nationals might be involved, the confidentiality impact will be high.
Given the legal consequences of unauthorized disclosure, the provisional - confidentiality impact level recommended for resolution facilitation information is - moderate.
+Given the legal consequences of unauthorized disclosure, the provisional confidentiality impact level recommended for resolution facilitation information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - resolution facilitation information. Most resolution facilitation processes are - tolerant of delay. In most cases, disruption of access to resolution facilitation - information can be expected to have only a limited adverse effect on government - operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to resolution facilitation information. Most resolution facilitation processes are tolerant of delay. In most cases, disruption of access to resolution facilitation information can be expected to have only a limited adverse effect on government operations, agency assets, or individuals.
The provisional availability impact level recommended for resolution facilitation - information is low.
+The provisional availability impact level recommended for resolution facilitation information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Resolution facilitation activities are not typically time-critical. The - modification or destruction of court records may result in disruption or jeopardy of - legal proceedings. In most cases, the adverse effects of unauthorized modification - or destruction of resolution facilitation information on agency mission functions - and/or public confidence in the agency can be expected to be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Resolution facilitation activities are not typically time-critical. The modification or destruction of court records may result in disruption or jeopardy of legal proceedings. In most cases, the adverse effects of unauthorized modification or destruction of resolution facilitation information on agency mission functions and/or public confidence in the agency can be expected to be limited.
The provisional integrity impact level recommended for resolution facilitation - information is low.
+The provisional integrity impact level recommended for resolution facilitation information is low.
Criminal incarceration includes activities associated with the housing, custody and - general care of criminals sentenced to serve time in penitentiaries.
+Criminal incarceration includes activities associated with the housing, custody and general care of criminals sentenced to serve time in penitentiaries.
The confidentiality impact level is the effect of unauthorized disclosure of criminal - incarceration information on the ability of responsible agencies to provide housing, - custody, and general care for criminals sentenced to serve time in a Federal - penitentiary. The consequences of unauthorized disclosure of most criminal - incarceration information are unlikely to have a serious adverse effect on agency - operations. The most serious adverse effects are likely to involve exposure of - information that is proprietary to prisoners that can result in damaging publicity - for an organization. (Unauthorized disclosure of some information can conceivably - have serious impact on the status or resolution of appeal actions). The consequences - of unauthorized disclosures may have an adverse effect on public confidence in the - agency.
+The confidentiality impact level is the effect of unauthorized disclosure of criminal incarceration information on the ability of responsible agencies to provide housing, custody, and general care for criminals sentenced to serve time in a Federal penitentiary. The consequences of unauthorized disclosure of most criminal incarceration information are unlikely to have a serious adverse effect on agency operations. The most serious adverse effects are likely to involve exposure of information that is proprietary to prisoners that can result in damaging publicity for an organization. (Unauthorized disclosure of some information can conceivably have serious impact on the status or resolution of appeal actions). The consequences of unauthorized disclosures may have an adverse effect on public confidence in the agency.
The provisional confidentiality impact level recommended for most criminal - incarceration information is normally low.
+The provisional confidentiality impact level recommended for most criminal incarceration information is normally low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to criminal - incarceration information. Criminal incarceration processes are usually tolerant of - reasonable delays. Special Factors Affecting Availability Impact Determination: - There may be cases (e.g. emergency bulletins affecting prisoner health and/or - safety) in which emergency dissemination of information regarding life-threatening - situations is delayed for excessive periods. Such cases can result in a high - availability impact level.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to criminal incarceration information. Criminal incarceration processes are usually tolerant of reasonable delays. Special Factors Affecting Availability Impact Determination: There may be cases (e.g. emergency bulletins affecting prisoner health and/or safety) in which emergency dissemination of information regarding life-threatening situations is delayed for excessive periods. Such cases can result in a high availability impact level.
The provisional availability impact level recommended for criminal incarceration - information is low.
+The provisional availability impact level recommended for criminal incarceration information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - criminal incarceration information can be serious if the information is - time-critical and results in the premature release of a criminal, unjust retention - of an individual in the prison system, or harm to a citizen’s reputation or public - confidence in the government. Special Factors Affecting Integrity Impact - Determination: In some cases (e.g., instructions regarding a need to isolate a - prisoner from the general prison population for personal safety reasons), the - unauthorized modification or destruction of criminal incarceration information can - result in loss of human life a high impact potential.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of criminal incarceration information can be serious if the information is time-critical and results in the premature release of a criminal, unjust retention of an individual in the prison system, or harm to a citizen’s reputation or public confidence in the government. Special Factors Affecting Integrity Impact Determination: In some cases (e.g., instructions regarding a need to isolate a prisoner from the general prison population for personal safety reasons), the unauthorized modification or destruction of criminal incarceration information can result in loss of human life a high impact potential.
The provisional integrity impact level recommended for criminal incarceration - information is moderate.
+The provisional integrity impact level recommended for criminal incarceration information is moderate.
Criminal Rehabilitation includes all government activities devoted to providing - convicted criminals with the educational resources and life skills necessary to - rejoin society as responsible and contributing members.
+Criminal Rehabilitation includes all government activities devoted to providing convicted criminals with the educational resources and life skills necessary to rejoin society as responsible and contributing members.
The confidentiality impact level is the effect of unauthorized disclosure of criminal - rehabilitation information on the ability of responsible agencies to provide - convicted criminals with the educational resources and life skills necessary to - rejoin society as responsible and contributing members. The consequences of - unauthorized disclosure of most criminal rehabilitation information would have a - limited adverse effect on agency operations, agency assets, or individuals. Special - Factors Affecting Confidentiality Impact Determination: Exceptions that might have a - potential for more serious consequences are based on privacy information processed - in criminal rehabilitation systems (e.g., information required by the Privacy Act of - 1974 (The Privacy Act Information provisional impact levels are documented in the - Personal Identity and Authentication information type) or other statutes and - executive orders to receive special handling to protect the privacy of individuals). - This can result in assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of criminal rehabilitation information on the ability of responsible agencies to provide convicted criminals with the educational resources and life skills necessary to rejoin society as responsible and contributing members. The consequences of unauthorized disclosure of most criminal rehabilitation information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information processed in criminal rehabilitation systems (e.g., information required by the Privacy Act of 1974 (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type) or other statutes and executive orders to receive special handling to protect the privacy of individuals). This + can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for criminal rehabilitation - information is low.
+The provisional confidentiality impact level recommended for criminal rehabilitation information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to criminal - rehabilitation information. The effects of disruption of access to most criminal - rehabilitation information or information systems would have a limited adverse - effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to criminal rehabilitation information. The effects of disruption of access to most criminal rehabilitation information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for criminal rehabilitation - information is low.
+The provisional availability impact level recommended for criminal rehabilitation information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - criminal rehabilitation information would have a limited adverse effect on agency - operations, agency assets, or individuals. Unauthorized modification or destruction - of information affecting external communications (e.g., web pages, electronic mail) - may adversely affect operations and/or public confidence in the agency, but the - damage to the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of criminal rehabilitation information would have a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for most criminal rehabilitation - information is low.
+The provisional integrity impact level recommended for most criminal rehabilitation information is low.
Scientific and Technological Research and Innovation includes all federal activities - whose goal is the creation of new scientific and/or technological knowledge as a - goal in itself, without a specific link to the other mission areas or information - types identified in the BRM. Most sensitive information is developed under research - and development programs that directly support another of the mission areas - described in this Appendix and are not included here. Some information associated - with scientific and technical research and innovation is national security - information and is outside the scope of this guideline.
+Scientific and Technological Research and Innovation includes all federal activities whose goal is the creation of new scientific and/or technological knowledge as a goal in itself, without a specific link to the other mission areas or information types identified in the BRM. Most sensitive information is developed under research and development programs that directly support another of the mission areas described in this Appendix and are not included here. Some information associated with scientific and technical research and innovation is national security information and is outside the scope of this guideline.
The confidentiality impact level is the effect of unauthorized disclosure of - scientific and technical research and innovation information on the ability of - responsible agencies to create new scientific and/or technological knowledge as a - goal in itself, without a specific link to other program areas or information types. - Many scientific and technical research and innovation activities are conducted in - association with public institutions of higher learning, and the findings resulting - from those activities are intended for publication. Special Factors Affecting - Confidentiality Impact Determination: The pre-publication disclosure or other - unauthorized disclosure of information associated with competition for funding and - recognition (e.g., grants, development contract, patent rights, and copyrights) can - have a serious adverse effect on agency operations, agency assets, or individuals. - In such cases, the confidentiality impact level associated for scientific and - technical research and innovation information will be moderate. In some cases, the - information associated with scientific and technical research and innovation is - classified or otherwise qualified as national security information. Such information - is outside the scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of scientific and technical research and innovation information on the ability of responsible agencies to create new scientific and/or technological knowledge as a goal in itself, without a specific link to other program areas or information types. Many scientific and technical research and innovation activities are conducted in association with public institutions of higher learning, and the findings resulting from those activities are intended for publication. Special Factors Affecting Confidentiality Impact Determination: The pre-publication disclosure or other unauthorized disclosure of information associated with competition for funding and recognition (e.g., grants, development contract, patent rights, and copyrights) can have a serious adverse effect on agency operations, agency assets, or individuals. In such cases, the confidentiality impact level associated for scientific and technical + research and innovation information will be moderate. In some cases, the information associated with scientific and technical research and innovation is classified or otherwise qualified as national security information. Such information is outside the scope of this guideline.
The provisional confidentiality impact level recommended for most scientific and - technical research and innovation information is low.
+The provisional confidentiality impact level recommended for most scientific and technical research and innovation information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - scientific and technical research and innovation information. Most research - processes are tolerant of delay. In most cases, disruption of access to research and - innovation information can be expected to have only a limited adverse effect on - government operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to scientific and technical research and innovation information. Most research processes are tolerant of delay. In most cases, disruption of access to research and innovation information can be expected to have only a limited adverse effect on government operations, agency assets, or individuals.
The provisional availability impact level recommended for scientific and technical - research and innovation information is low.
+The provisional availability impact level recommended for scientific and technical research and innovation information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of most - information associated with scientific and technical research and innovation can be - seriously disruptive to the progress of research activities. The effects on future - funding can be quite serious and can have a serious adverse effect on agency - operations, agency assets, or individuals. Unauthorized modification or destruction - of information affecting external communications (e.g., web pages, electronic mail) - may adversely affect operations and/or public confidence in the agency, but the - damage to the mission would usually be more limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of most information associated with scientific and technical research and innovation can be seriously disruptive to the progress of research activities. The effects on future funding can be quite serious and can have a serious adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be more limited.
The provisional integrity impact level recommended for scientific and technical - research and innovation information is moderate.
+The provisional integrity impact level recommended for scientific and technical research and innovation information is moderate.
Space Exploration and Innovation includes all activities devoted to innovations - directed at human and robotic space flight and the development and operation of - space launch and transportation systems, and the general research and exploration of - outer space. While some space exploration and innovation is national security - information, most sensitive information is developed under research and development - programs that directly support another of the mission areas described in this - Appendix and are not included here.
+Space Exploration and Innovation includes all activities devoted to innovations directed at human and robotic space flight and the development and operation of space launch and transportation systems, and the general research and exploration of outer space. While some space exploration and innovation is national security information, most sensitive information is developed under research and development programs that directly support another of the mission areas described in this Appendix and are not included here.
The confidentiality impact level is the effect of unauthorized disclosure of space - exploration and innovation information on the ability of responsible agencies to - conduct activities devoted to [1] innovations directed at human and robotic space - flight and the development and operation of space launch and transportation systems, - and [2] the general research and exploration of outer space. Many space exploration - and innovation activities are conducted with public institutions of higher learning, - and the findings resulting from those activities are intended for publication. - Special Factors Affecting Confidentiality Impact Determination: The pre-publication - disclosure or other unauthorized disclosure of information associated with - competition for funding and recognition (e.g., grants, development contract, patent - rights, and copyrights) can have a serious adverse effect on agency operations, - agency assets, or individuals. In such cases, the confidentiality impact associated - with space exploration and innovation is moderate. In some cases, the space - exploration and innovation information is classified or otherwise qualifies as - national security information. This information is outside the scope of this - guideline
+The confidentiality impact level is the effect of unauthorized disclosure of space exploration and innovation information on the ability of responsible agencies to conduct activities devoted to [1] innovations directed at human and robotic space flight and the development and operation of space launch and transportation systems, and [2] the general research and exploration of outer space. Many space exploration and innovation activities are conducted with public institutions of higher learning, and the findings resulting from those activities are intended for publication. Special Factors Affecting Confidentiality Impact Determination: The pre-publication disclosure or other unauthorized disclosure of information associated with competition for funding and recognition (e.g., grants, development contract, patent rights, and copyrights) can have a serious adverse effect on agency operations, agency assets, or individuals. In such cases, the confidentiality impact associated + with space exploration and innovation is moderate. In some cases, the space exploration and innovation information is classified or otherwise qualifies as national security information. This information is outside the scope of this guideline
The provisional confidentiality impact level recommended for most space exploration - and innovation information is low.
+The provisional confidentiality impact level recommended for most space exploration and innovation information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to space - exploration and innovation information. Most research and innovation processes are - tolerant of delay. In most cases, disruption of access to research and innovation - information will have only a limited adverse effect on government operations, agency - assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to space exploration and innovation information. Most research and innovation processes are tolerant of delay. In most cases, disruption of access to research and innovation information will have only a limited adverse effect on government operations, agency assets, or individuals.
The provisional availability impact level recommended for space exploration and - innovation information is low.
+The provisional availability impact level recommended for space exploration and innovation information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of most - space exploration and innovation information can be seriously disruptive to the - progress of research activities. The effects on future funding can be quite serious - and can have a serious adverse effect on agency operations, agency assets, or - individuals. Unauthorized modification or destruction of information affecting - external communications (e.g., web pages, electronic mail) may adversely affect - operations and/or public confidence in the agency, but the damage to the mission - would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of most space exploration and innovation information can be seriously disruptive to the progress of research activities. The effects on future funding can be quite serious and can have a serious adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for space exploration and - innovation information is moderate.
+The provisional integrity impact level recommended for space exploration and innovation information is moderate.
Research and Development involves the gathering and analysis of data, dissemination - of results, and development of new products, methodologies, and ideas. The - sensitivity and criticality of most research and development information depends on - the subject matter involved.
+Research and Development involves the gathering and analysis of data, dissemination of results, and development of new products, methodologies, and ideas. The sensitivity and criticality of most research and development information depends on the subject matter involved.
The confidentiality impact level depends on the effect of unauthorized disclosure of - research and development information on the ability of responsible agencies to - gather and analyze data, disseminate results, and develop new products, - methodologies, and ideas, and on the degree to which unauthorized disclosure of the - information can assist hostile institutions to do harm to the interests of the - government of the United States. Many research and development activities are - conducted in association with public institutions of higher learning, and the - findings resulting from those activities are intended for publication. Unauthorized - disclosure of most research and development information can be expected to have only - limited adverse effect on agency operations, agency assets, or individuals. Special - Factors Affecting Confidentiality Impact Determination: Most research and - development information is proprietary. Unauthorized disclosure of proprietary - information violates several statures and Federal regulations (see Appendix E). - Pre-publication disclosure or other unauthorized disclosure of research findings can - have a serious adverse effect on agency operations, agency assets, or individuals. - In such cases, the confidentiality impact level associated with research and - development is moderate. Premature and/or partial release of preliminary research - and development information can lead to misleading conclusions by policy makers, - funding entities, news organizations, and/or the general public. Where the research - and development activities are associated with security measures or law enforcement - tools, potential adversaries may derive insights on countermeasures development. In - extreme cases, the resulting confidentiality impact can be high. In some cases, the - research and development information is classified or otherwise qualifies as - national security information). Such information is outside the scope of this - guideline.
+The confidentiality impact level depends on the effect of unauthorized disclosure of research and development information on the ability of responsible agencies to gather and analyze data, disseminate results, and develop new products, methodologies, and ideas, and on the degree to which unauthorized disclosure of the information can assist hostile institutions to do harm to the interests of the government of the United States. Many research and development activities are conducted in association with public institutions of higher learning, and the findings resulting from those activities are intended for publication. Unauthorized disclosure of most research and development information can be expected to have only limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Most research and development information is proprietary. Unauthorized disclosure of proprietary information violates + several statures and Federal regulations (see Appendix E). Pre-publication disclosure or other unauthorized disclosure of research findings can have a serious adverse effect on agency operations, agency assets, or individuals. In such cases, the confidentiality impact level associated with research and development is moderate. Premature and/or partial release of preliminary research and development information can lead to misleading conclusions by policy makers, funding entities, news organizations, and/or the general public. Where the research and development activities are associated with security measures or law enforcement tools, potential adversaries may derive insights on countermeasures development. In extreme cases, the resulting confidentiality impact can be high. In some cases, the research and development information is classified or otherwise qualifies as national security information). Such information is outside the scope of this guideline.
The provisional confidentiality impact level recommended for most government research - and development information is low.
+The provisional confidentiality impact level recommended for most government research and development information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to research - and development information. Most research and innovation processes are tolerant of - delay. In most cases, disruption of access to research and innovation information - will have only a limited adverse effect on government operations, agency assets, or - individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to research and development information. Most research and innovation processes are tolerant of delay. In most cases, disruption of access to research and innovation information will have only a limited adverse effect on government operations, agency assets, or individuals.
The provisional availability impact level recommended for research and development - information is low.
+The provisional availability impact level recommended for research and development information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of most - research and development information can be seriously disruptive to the progress of - research activities. The effects on future funding can be serious and can have a - serious adverse effect on agency operations, agency assets, or individuals. - Unauthorized modification or destruction of information affecting external - communications (e.g., web pages, electronic mail) may adversely affect operations - and/or public confidence in the agency, but the damage to the mission would usually - be more limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of most research and development information can be seriously disruptive to the progress of research activities. The effects on future funding can be serious and can have a serious adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be more limited.
The provisional integrity impact level recommended for research and development - information is moderate.
+The provisional integrity impact level recommended for research and development information is moderate.
General purpose data and statistics includes activities performed in providing - empirical, numerical, and related data and information pertaining to the current - state of the nation in areas such as the economy, labor, weather, international - trade, etc.
+General purpose data and statistics includes activities performed in providing empirical, numerical, and related data and information pertaining to the current state of the nation in areas such as the economy, labor, weather, international trade, etc.
The confidentiality impact level is the effect of unauthorized disclosure of general - purpose data and statistics information on the ability of responsible agencies to - provide empirical, numerical, and related data and information pertaining to the - current state of the nation in areas such as the economy, labor, weather, - international trade, etc. The consequences of unauthorized disclosure of most - general-purpose data and statistics information would have only a limited adverse - effect on agency operations, agency assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: Unauthorized premature disclosure of - much economic (e.g., agricultural commodity, economic indicators) data and - statistics information can result in major financial consequences. In some cases, - premature disclosure of this information can impact major financial markets and - damage national banking and finance infrastructures. Unauthorized and premature - disclosure to a single institution (e.g., a major commodity brokerage house), could - damage faith in general-purpose data and statistics gathering and development - institutions, result in even more market disruption, and have a severe or - catastrophic adverse effect on public confidence in the agency. Even when the - consequences are limited to giving an unfair market advantage to a single financial - or commercial institution, unauthorized disclosure can have a serious adverse effect - on public confidence in the agency and its staff. This can result in assignment of a - moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of general purpose data and statistics information on the ability of responsible agencies to provide empirical, numerical, and related data and information pertaining to the current state of the nation in areas such as the economy, labor, weather, international trade, etc. The consequences of unauthorized disclosure of most general-purpose data and statistics information would have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized premature disclosure of much economic (e.g., agricultural commodity, economic indicators) data and statistics information can result in major financial consequences. In some cases, premature disclosure of this information can impact major financial markets and damage national banking and finance infrastructures. Unauthorized and premature disclosure to a single + institution (e.g., a major commodity brokerage house), could damage faith in general-purpose data and statistics gathering and development institutions, result in even more market disruption, and have a severe or catastrophic adverse effect on public confidence in the agency. Even when the consequences are limited to giving an unfair market advantage to a single financial or commercial institution, unauthorized disclosure can have a serious adverse effect on public confidence in the agency and its staff. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for most general-purpose - data and statistics information is low.
+The provisional confidentiality impact level recommended for most general-purpose data and statistics information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - general-purpose data and statistics information. Missions supported by - general-purpose data and statistics information are generally tolerant of delay.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to general-purpose data and statistics information. Missions supported by general-purpose data and statistics information are generally tolerant of delay.
The provisional availability impact level recommended for general-purpose data and - statistics information is low.
+The provisional availability impact level recommended for general-purpose data and statistics information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - general-purpose data and statistics information may depend on whether the - information is time-critical. Unauthorized modification or destruction of - information affecting external communications (e.g., web pages, electronic mail) may - adversely affect operations or public confidence in the agency, but the damage to - the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of general-purpose data and statistics information may depend on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for general-purpose data and - statistics information is low.
+The provisional integrity impact level recommended for general-purpose data and statistics information is low.
Advising and Consulting activities involve the guidance and consultative services - provided by the Federal Government to support the implementation of a specific - service provided to citizens.
+Advising and Consulting activities involve the guidance and consultative services provided by the Federal Government to support the implementation of a specific service provided to citizens.
The confidentiality impact level is the effect of unauthorized disclosure of advising - and consulting information on the ability of responsible agencies to provide - guidance and consultative services to support the implementation of a specific - service to citizens. The consequences of unauthorized disclosure of advising and - consulting information depends on the nature of the service being provided and on - the sensitivity of the information with which advisory or consulting entities are - working. The consequences of unauthorized disclosure of most advising and consulting - information would have a limited adverse effect on agency operations, agency assets, - or individuals. Special Factors Affecting Confidentiality Impact Determination: - Where consulting support involves classified or other national security information, - the consequences of unauthorized disclosure can be severe but are outside the scope - of this guideline. In other cases, such as consultative services provided to law - enforcement institutions, the consequences of unauthorized disclosure can be serious - or even life threatening. This can result in assignment of a moderate or high impact - level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of advising and consulting information on the ability of responsible agencies to provide guidance and consultative services to support the implementation of a specific service to citizens. The consequences of unauthorized disclosure of advising and consulting information depends on the nature of the service being provided and on the sensitivity of the information with which advisory or consulting entities are working. The consequences of unauthorized disclosure of most advising and consulting information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where consulting support involves classified or other national security information, the consequences of unauthorized disclosure can be severe but are outside the scope of this guideline. In other cases, such as consultative services provided to + law enforcement institutions, the consequences of unauthorized disclosure can be serious or even life threatening. This can result in assignment of a moderate or high impact level to such information.
The provisional confidentiality impact level recommended for advising and consulting - information is low.
+The provisional confidentiality impact level recommended for advising and consulting information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to advising - and consulting information. The effects of disruption of access to most advising and - consulting information or information systems would have limited adverse effect on - agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to advising and consulting information. The effects of disruption of access to most advising and consulting information or information systems would have limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for advising and consulting - information is low.
+The provisional availability impact level recommended for advising and consulting information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - advising and consulting information would have, at most, a limited adverse effect on - agency operations, agency assets, or individuals. Unauthorized modification or - destruction of information affecting external communications (e.g., web pages, - electronic mail) may adversely affect operations and/or public confidence in the - agency, but the damage to the mission would usually be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of advising and consulting information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.
The provisional integrity impact level recommended for advising and consulting - information is low.
+The provisional integrity impact level recommended for advising and consulting information is low.
Knowledge Dissemination addresses those instances where the primary method used in - delivering a service is through the publishing or broadcasting of information, such - as the Voice of America or web-based museums maintained by the Smithsonian. - Knowledge Dissemination is not intended to address circumstances where the - publication of information is a by-product of a mission rather than the mission - itself.
+Knowledge Dissemination addresses those instances where the primary method used in delivering a service is through the publishing or broadcasting of information, such as the Voice of America or web-based museums maintained by the Smithsonian. Knowledge Dissemination is not intended to address circumstances where the publication of information is a by-product of a mission rather than the mission itself.
The confidentiality impact level is the effect of unauthorized disclosure of - knowledge dissemination information on the ability of responsible agencies to - publish or broadcast information. Premature and unauthorized disclosure of - information being considered for broadcast can be harmful if the information is - subsequently determined to be false or counterproductive to the knowledge - dissemination mission. However, the consequences of unauthorized disclosure of most - knowledge dissemination information would have, at most, a limited adverse effect on - agency operations, agency assets, or individuals. Special Factors Affecting - Confidentiality Impact Determination: Unauthorized disclosure of some policies - governing knowledge dissemination missions can be harmful to the agency mission - (e.g., some internal Voice of America editorial policies). This can result in - assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of knowledge dissemination information on the ability of responsible agencies to publish or broadcast information. Premature and unauthorized disclosure of information being considered for broadcast can be harmful if the information is subsequently determined to be false or counterproductive to the knowledge dissemination mission. However, the consequences of unauthorized disclosure of most knowledge dissemination information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some policies governing knowledge dissemination missions can be harmful to the agency mission (e.g., some internal Voice of America editorial policies). This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for knowledge dissemination - information is low.
+The provisional confidentiality impact level recommended for knowledge dissemination information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - knowledge dissemination information. The effects of disruption of access to most - knowledge dissemination information or information systems would have a limited - adverse effect on agency operations, agency assets, or individuals. Special Factors - Affecting Availability Impact Determination: An exception is the extended disruption - of broadcast capabilities (e.g., Voice of America). Here, the agency mission is - seriously harmed and the impact of the consequences will be moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to knowledge dissemination information. The effects of disruption of access to most knowledge dissemination information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: An exception is the extended disruption of broadcast capabilities (e.g., Voice of America). Here, the agency mission is seriously harmed and the impact of the consequences will be moderate.
The provisional availability impact level recommended for most knowledge - dissemination information is low.
+The provisional availability impact level recommended for most knowledge dissemination information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - knowledge dissemination information may depend on whether the information is - time-critical. Unauthorized modification or destruction of information affecting - external communications (e.g., web pages, electronic mail) may adversely affect - operations and/or public confidence in the agency, but the damage to the mission - would usually be limited. In most cases, the consequences of unauthorized - modification or destruction of knowledge dissemination information would have a - limited adverse effect on agency operations, agency assets, or individuals. Special - Factors Affecting Integrity Impact Determination: In cases of dissemination of - erroneous/defamatory information, an agency mission can be seriously harmed and the - impact level will be moderate.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of knowledge dissemination information may depend on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. In most cases, the consequences of unauthorized modification or destruction of knowledge dissemination information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Integrity Impact Determination: In cases of dissemination of erroneous/defamatory information, an agency mission can be seriously harmed and the impact level will be + moderate.
The provisional integrity impact level recommended for knowledge dissemination - information is low.
+The provisional integrity impact level recommended for knowledge dissemination information is low.
Inspections and Auditing involves the methodical examination and review of regulated - activities to ensure compliance with standards for regulated activity.
+Inspections and Auditing involves the methodical examination and review of regulated activities to ensure compliance with standards for regulated activity.
The confidentiality impact level is the effect of unauthorized disclosure of - inspections and auditing information on the ability of responsible agencies to - methodically examine and review regulated activities to ensure compliance with - standards for regulated activity. If the inspections and auditing data belongs to - one of the information types described in this guideline, the confidentiality impact - assigned the data and system is dependent on the nature of the regulated activity. - Special Factors Affecting Confidentiality Impact Determination: Unauthorized - disclosure of inspections and auditing information can alert personnel associated - with programs being monitored to the focus of inspection or auditing activities. - With this information, program personnel may divert attention from questionable - program attributes or hide unfavorable information. Where a major program or human - safety is at stake, actions taken based on unauthorized disclosure of inspections - and auditing information can pose a threat to human life or a loss of major assets. - In such cases, the confidentiality impact is high. National security information and - national security systems are outside the scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of inspections and auditing information on the ability of responsible agencies to methodically examine and review regulated activities to ensure compliance with standards for regulated activity. If the inspections and auditing data belongs to one of the information types described in this guideline, the confidentiality impact assigned the data and system is dependent on the nature of the regulated activity. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of inspections and auditing information can alert personnel associated with programs being monitored to the focus of inspection or auditing activities. With this information, program personnel may divert attention from questionable program attributes or hide unfavorable information. Where a major program or human safety is at stake, actions taken based on unauthorized disclosure of inspections and auditing + information can pose a threat to human life or a loss of major assets. In such cases, the confidentiality impact is high. National security information and national security systems are outside the scope of this guideline.
Although there are many Federal environments in which unauthorized disclosure will - have only a limited adverse effect, there are enough circumstances in which serious - adverse effects on agency operations, agency assets, or individuals can result to - justify recommendation of a moderate provisional confidentiality impact level for - inspections and auditing information.
+Although there are many Federal environments in which unauthorized disclosure will have only a limited adverse effect, there are enough circumstances in which serious adverse effects on agency operations, agency assets, or individuals can result to justify recommendation of a moderate provisional confidentiality impact level for inspections and auditing information.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - inspections and auditing information. In most cases, disruption of access to - inspections and auditing information is expected to have only a limited adverse - effect on agency operations, agency assets, or individuals. Not many inspection or - auditing operations involve activities for which temporary loss of availability is - likely to cause significant degradation in mission capability, place the agency at a - significant disadvantage, result in major damage to major assets, or pose a threat - to human life.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to inspections and auditing information. In most cases, disruption of access to inspections and auditing information is expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Not many inspection or auditing operations involve activities for which temporary loss of availability is likely to cause significant degradation in mission capability, place the agency at a significant disadvantage, result in major damage to major assets, or pose a threat to human life.
For most inspection and audit functions, the recommended provisional availability - impact level is low.
+For most inspection and audit functions, the recommended provisional availability impact level is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - inspections and auditing information can compromise the effectiveness of the - program. The damage likely to be caused by unauthorized modification or destruction - may affect inspection or audit results with subsequent serious adverse effects on - agency operations or public confidence in the agency. The consequences can be - particularly serious if the destruction or modification of information invalidates - oversight of major programs or the information threatens human safety. The integrity - impact level depends on the laws or policies with which compliance is being - determined and on the criticality of the processes being monitored (e.g., - correctness of contract expenditure reporting versus safety regulations affecting - manned space flight).
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of inspections and auditing information can compromise the effectiveness of the program. The damage likely to be caused by unauthorized modification or destruction may affect inspection or audit results with subsequent serious adverse effects on agency operations or public confidence in the agency. The consequences can be particularly serious if the destruction or modification of information invalidates oversight of major programs or the information threatens human safety. The integrity impact level depends on the laws or policies with which compliance is being determined and on the criticality of the processes being monitored (e.g., correctness of contract expenditure reporting versus safety regulations affecting manned space + flight).
Although there are regulatory environments in which a low impact level is - appropriate, the circumstances associated with most inspections and auditing support - information require at least a moderate provisional integrity impact level.
+Although there are regulatory environments in which a low impact level is appropriate, the circumstances associated with most inspections and auditing support information require at least a moderate provisional integrity impact level.
Standard Setting/Reporting Guideline Development involves the establishment of - allowable limits associated with a regulated activity and the development of - reporting requirements necessary to monitor and control compliance with allowable - limits. This includes the development of requirements for product sampling and - testing, emissions monitoring and control, incident reporting, financial filings, - etc.
+Standard Setting/Reporting Guideline Development involves the establishment of allowable limits associated with a regulated activity and the development of reporting requirements necessary to monitor and control compliance with allowable limits. This includes the development of requirements for product sampling and testing, emissions monitoring and control, incident reporting, financial filings, etc.
The confidentiality impact level is the effect of unauthorized disclosure of - standards setting/reporting guideline development information on the abilities of - responsible agencies to establish allowable limits associated with a regulated - activity and to develop reporting requirements necessary to monitor and control - compliance with allowable limits. In a few cases, the unauthorized public - dissemination of standards or guidelines information can harm the effectiveness of - the function being supported (e.g., public dissemination of Internal Revenue Service - audit thresholds for certain deductions). However, most Federal standards and - guidelines are intended for public dissemination. The consequences of unauthorized - disclosure of the majority of standards setting/reporting guideline development - information will result in a limited adverse effect on agency operations, agency - assets, or individuals. There are some cases for which standards or guidelines - include classified or other national security information. Such cases are outside - the scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of standards setting/reporting guideline development information on the abilities of responsible agencies to establish allowable limits associated with a regulated activity and to develop reporting requirements necessary to monitor and control compliance with allowable limits. In a few cases, the unauthorized public dissemination of standards or guidelines information can harm the effectiveness of the function being supported (e.g., public dissemination of Internal Revenue Service audit thresholds for certain deductions). However, most Federal standards and guidelines are intended for public dissemination. The consequences of unauthorized disclosure of the majority of standards setting/reporting guideline development information will result in a limited adverse effect on agency operations, agency assets, or individuals. There are some cases for which standards or guidelines include classified or + other national security information. Such cases are outside the scope of this guideline.
The provisional confidentiality impact level recommended for standards - setting/reporting guideline development information is low.
+The provisional confidentiality impact level recommended for standards setting/reporting guideline development information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - standards setting/reporting guideline development information. The nature of - standards setting/reporting guideline development processes is tolerant of - reasonable delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to standards setting/reporting guideline development information. The nature of standards setting/reporting guideline development processes is tolerant of reasonable delays.
The provisional availability impact level recommended for standards setting/reporting - guideline development information is low.
+The provisional availability impact level recommended for standards setting/reporting guideline development information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - standards setting/reporting guideline development information depends primarily on - the criticality of the information with respect to agency mission capability, - protection of agency assets, and safety of individuals. In general, the effects of - modifications or deletions of standards setting/reporting guideline development - information are limited with respect to agency missions or assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of standards setting/reporting guideline development information depends primarily on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. In general, the effects of modifications or deletions of standards setting/reporting guideline development information are limited with respect to agency missions or assets.
The provisional integrity impact level recommended for standards setting/reporting - guideline development information is low.
+The provisional integrity impact level recommended for standards setting/reporting guideline development information is low.
Permits and Licensing involves activities associated with granting, revoking, and the - overall management of the documented authority necessary to perform a regulated task - or function.
+Permits and Licensing involves activities associated with granting, revoking, and the overall management of the documented authority necessary to perform a regulated task or function.
The confidentiality impact level is the effect of unauthorized disclosure of permits - and licensing information on the abilities of responsible agencies to manage the - documented authority necessary to perform a regulated task or function. The - consequences of unauthorized disclosure of the majority of permits and licensing - information will result in a limited adverse effect on agency operations, agency - assets, or individuals. Special Factors Affecting Confidentiality Impact - Determination: Where more sensitive information is involved, it will typically be - personal information subject to the Privacy Act of 1974, the Health Insurance - Portability and Accountability Act of 1996, or other laws and executive orders - affecting the dissemination of information regarding individuals. The Privacy Act - Information provisional impact levels are documented in the Personal Identity and - Authentication information type. In such cases, the consequences of unauthorized - disclosure of permits and licensing information could be serious. In such cases, the - confidentiality impact level might be moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of permits and licensing information on the abilities of responsible agencies to manage the documented authority necessary to perform a regulated task or function. The consequences of unauthorized disclosure of the majority of permits and licensing information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will typically be personal information subject to the Privacy Act of 1974, the Health Insurance Portability and Accountability Act of 1996, or other laws and executive orders affecting the dissemination of information regarding individuals. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. In such cases, the consequences of unauthorized disclosure of permits + and licensing information could be serious. In such cases, the confidentiality impact level might be moderate.
The provisional confidentiality impact level recommended for most permits and - licensing information is low.
+The provisional confidentiality impact level recommended for most permits and licensing information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to permits - and licensing information. The nature of permits and licensing processes is tolerant - of reasonable delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to permits and licensing information. The nature of permits and licensing processes is tolerant of reasonable delays.
The provisional availability impact level recommended for permits and licensing - information is low.
+The provisional availability impact level recommended for permits and licensing information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of permits - and licensing information depends primarily on the criticality of the regulated - activity with respect to protection of government assets, and safety of individuals. - Typically, the effects of modification or deletion of permits and licensing - information are limited with respect to agency missions or assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of permits and licensing information depends primarily on the criticality of the regulated activity with respect to protection of government assets, and safety of individuals. Typically, the effects of modification or deletion of permits and licensing information are limited with respect to agency missions or assets.
The provisional integrity impact level recommended for permits and licensing - information is low.
+The provisional integrity impact level recommended for permits and licensing information is low.
Manufacturing involves all programs and activities in which the Federal Government - produces both marketable and non-marketable goods.
+Manufacturing involves all programs and activities in which the Federal Government produces both marketable and non-marketable goods.
The confidentiality impact level is the effect of unauthorized disclosure of - manufacturing information on the abilities of responsible agencies to produce both - marketable and non-marketable goods. In a few cases, unauthorized disclosure of - details of the products or manufacturing processes can give adversaries - opportunities (e.g., terrorism, industrial espionage). However, in most cases, the - consequences of unauthorized disclosure of manufacturing information will result in - a limited adverse effect on agency operations, agency assets, or individuals. There - are some cases for which manufacturing or product information includes classified or - other national security information. Such cases are outside the scope of this - guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of manufacturing information on the abilities of responsible agencies to produce both marketable and non-marketable goods. In a few cases, unauthorized disclosure of details of the products or manufacturing processes can give adversaries opportunities (e.g., terrorism, industrial espionage). However, in most cases, the consequences of unauthorized disclosure of manufacturing information will result in a limited adverse effect on agency operations, agency assets, or individuals. There are some cases for which manufacturing or product information includes classified or other national security information. Such cases are outside the scope of this guideline.
The provisional confidentiality impact level recommended for manufacturing - information is low.
+The provisional confidentiality impact level recommended for manufacturing information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - manufacturing information. The nature of most government manufacturing processes is - tolerant of reasonable delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to manufacturing information. The nature of most government manufacturing processes is tolerant of reasonable delays.
The provisional availability impact level recommended for manufacturing information - is low.
+The provisional availability impact level recommended for manufacturing information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - manufacturing information depends primarily on the criticality of the information - with respect to a manufacturing process and on the volume and use of the end - product. Typically, the effects of modification or deletion of manufacturing - information are generally limited with respect to agency missions or assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of manufacturing information depends primarily on the criticality of the information with respect to a manufacturing process and on the volume and use of the end product. Typically, the effects of modification or deletion of manufacturing information are generally limited with respect to agency missions or assets.
The provisional integrity impact level recommended for manufacturing information is - low.
+The provisional integrity impact level recommended for manufacturing information is low.
Construction involves all programs and activities in which the Federal Government - builds or constructs facilities, roads, dams, etc.
+Construction involves all programs and activities in which the Federal Government builds or constructs facilities, roads, dams, etc.
The confidentiality impact level is the effect of unauthorized disclosure of - construction information on the abilities of responsible agencies to build or - construct facilities, roads, dams, etc. In most cases, the consequences of - unauthorized disclosure of construction information will result in a limited adverse - effect on agency operations, agency assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: In some cases, construction details - can be of use to terrorists or other criminals who seek to penetrate or destroy - government installations. Unauthorized disclosure of some construction details - (e.g., alarm designs, points of vulnerability to the structural integrity of a dam - or building) can result in danger to critical infrastructures, key national assets, - or human life. In such cases, the confidentiality impact may be high. There are some - cases for which construction information includes classified or other national - security information. Such cases are outside the scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of construction information on the abilities of responsible agencies to build or construct facilities, roads, dams, etc. In most cases, the consequences of unauthorized disclosure of construction information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, construction details can be of use to terrorists or other criminals who seek to penetrate or destroy government installations. Unauthorized disclosure of some construction details (e.g., alarm designs, points of vulnerability to the structural integrity of a dam or building) can result in danger to critical infrastructures, key national assets, or human life. In such cases, the confidentiality impact may be high. There are some cases for which construction information includes classified or other national security + information. Such cases are outside the scope of this guideline.
The provisional confidentiality impact level recommended for construction information - is low.
+The provisional confidentiality impact level recommended for construction information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - construction information. The nature of most government construction processes is - tolerant of reasonable delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to construction information. The nature of most government construction processes is tolerant of reasonable delays.
The provisional availability impact level recommended for construction information is - low.
+The provisional availability impact level recommended for construction information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of - construction information depends primarily on the criticality of the information. - Typically, the effects of modification or deletion of construction information are - limited with respect to agency missions or assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of construction information depends primarily on the criticality of the information. Typically, the effects of modification or deletion of construction information are limited with respect to agency missions or assets.
The provisional integrity impact level recommended for construction information is - low.
+The provisional integrity impact level recommended for construction information is low.
Public Resources, Facility and Infrastructure Management involves the management and - maintenance of government-owned capital goods and resources (natural or otherwise) - on behalf of the public, usually with benefits to the community at large as well as - to the direct user. Examples of facilities and infrastructure include schools, - roads, bridges, dams, harbors, and public buildings. Examples of resources include - parks, cultural artifacts and art, endangered species, oil reserves, etc.
+Public Resources, Facility and Infrastructure Management involves the management and maintenance of government-owned capital goods and resources (natural or otherwise) on behalf of the public, usually with benefits to the community at large as well as to the direct user. Examples of facilities and infrastructure include schools, roads, bridges, dams, harbors, and public buildings. Examples of resources include parks, cultural artifacts and art, endangered species, oil reserves, etc.
The confidentiality impact level is the effect of unauthorized disclosure of public - resources, facilities, and infrastructure management information on the abilities of - responsible agencies to manage and maintain government-owned capital goods and - resources (natural or otherwise) on behalf of the public, usually with benefits to - the community at large as well as to the direct user. In most cases, the - consequences of unauthorized disclosure of public resources, facilities, and - infrastructure management information will result in a limited adverse effect on - agency operations, agency assets, or individuals. Special Factors Affecting - Confidentiality Impact Determination: In some cases, premature unauthorized - disclosure of management information can give an unfair competitive advantage to a - commercial interest (e.g., proposed changes for management of petroleum reserves). - The confidentiality impact of consequent loss of public confidence and/or serious - economic disruption might be moderate. In other cases, public resources, facilities, - and infrastructure management details can be of use to terrorists or other criminals - who seek to penetrate the security of government property or to harm populations. - Unauthorized disclosure of some public resources, facilities, and infrastructure - management details to criminals (e.g., facilities security dispositions, building - alarm designs), can result in danger to critical infrastructures, key national - assets, or human life. In such cases, the confidentiality impact can be high
+The confidentiality impact level is the effect of unauthorized disclosure of public resources, facilities, and infrastructure management information on the abilities of responsible agencies to manage and maintain government-owned capital goods and resources (natural or otherwise) on behalf of the public, usually with benefits to the community at large as well as to the direct user. In most cases, the consequences of unauthorized disclosure of public resources, facilities, and infrastructure management information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, premature unauthorized disclosure of management information can give an unfair competitive advantage to a commercial interest (e.g., proposed changes for management of petroleum reserves). The confidentiality impact of consequent loss of public confidence and/or serious economic disruption + might be moderate. In other cases, public resources, facilities, and infrastructure management details can be of use to terrorists or other criminals who seek to penetrate the security of government property or to harm populations. Unauthorized disclosure of some public resources, facilities, and infrastructure management details to criminals (e.g., facilities security dispositions, building alarm designs), can result in danger to critical infrastructures, key national assets, or human life. In such cases, the confidentiality impact can be high
The provisional confidentiality impact level recommended for most public resources, - facilities, and infrastructure management information is low.
+The provisional confidentiality impact level recommended for most public resources, facilities, and infrastructure management information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to public - resources, facilities, and infrastructure management information. The nature of most - government public resources, facilities, and infrastructure management processes is - tolerant of reasonable delays.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to public resources, facilities, and infrastructure management information. The nature of most government public resources, facilities, and infrastructure management processes is tolerant of reasonable delays.
The provisional availability impact level recommended for public resources, - facilities, and infrastructure management information is low.
+The provisional availability impact level recommended for public resources, facilities, and infrastructure management information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of public - resources, facilities, and infrastructure management information depends primarily - on the criticality of the information with respect to management of public - resources, facilities, and infrastructures. Typically, the effects of modification - or deletion of public resources, facilities, and infrastructure information are - limited with respect to agency missions or assets.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of public resources, facilities, and infrastructure management information depends primarily on the criticality of the information with respect to management of public resources, facilities, and infrastructures. Typically, the effects of modification or deletion of public resources, facilities, and infrastructure information are limited with respect to agency missions or assets.
The provisional integrity impact level recommended for public resources, facilities, - and infrastructure management information is low.
+The provisional integrity impact level recommended for public resources, facilities, and infrastructure management information is low.
Information Infrastructure Management involves the management and stewardship of a - type of information by the Federal Government and/or the creation of physical - communication infrastructures on behalf of the public in order to facilitate - communication. This includes the management of large amounts of information (e.g., - environmental and weather data, criminal records, etc.), the creation of information - and data standards relating to a specific type of information (patient records), and - the creation and management of physical communication infrastructures (networks) on - behalf of the public. Note: Information infrastructures for government use are not - included in this information type because the impact levels associated with - information infrastructure maintenance information are primarily a function of the - information processed in that infrastructure.
+Information Infrastructure Management involves the management and stewardship of a type of information by the Federal Government and/or the creation of physical communication infrastructures on behalf of the public in order to facilitate communication. This includes the management of large amounts of information (e.g., environmental and weather data, criminal records, etc.), the creation of information and data standards relating to a specific type of information (patient records), and the creation and management of physical communication infrastructures (networks) on behalf of the public. Note: Information infrastructures for government use are not included in this information type because the impact levels associated with information infrastructure maintenance information are primarily a function of the information processed in that infrastructure.
The confidentiality impact level is the effect of unauthorized disclosure of - information infrastructure maintenance information on the ability of responsible - agencies to manage a type of information and/or to create physical communication - infrastructures on behalf of the public in order to facilitate communication. The - disclosure of most information infrastructure maintenance information can be - expected to result in a limited adverse effect on agency operations, assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: In some - cases, information infrastructure maintenance details can be of use to terrorists or - other criminals who seek to destroy government data bases or communications - infrastructures, or deny access to information needed by the public. Unauthorized - disclosure of some information infrastructure maintenance details to criminals can - result in danger to critical infrastructures, key national assets, or human life. In - such cases, the confidentiality impact can be high. In other cases, premature - unauthorized disclosure of management information can give an unfair competitive - advantage to a commercial interest (e.g., proposed outsourcing of system - administration or details of a proposed communications system acquisition). This can - result in assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of information infrastructure maintenance information on the ability of responsible agencies to manage a type of information and/or to create physical communication infrastructures on behalf of the public in order to facilitate communication. The disclosure of most information infrastructure maintenance information can be expected to result in a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, information infrastructure maintenance details can be of use to terrorists or other criminals who seek to destroy government data bases or communications infrastructures, or deny access to information needed by the public. Unauthorized disclosure of some information infrastructure maintenance details to criminals can result in danger to critical infrastructures, key national assets, or human life. In such cases, + the confidentiality impact can be high. In other cases, premature unauthorized disclosure of management information can give an unfair competitive advantage to a commercial interest (e.g., proposed outsourcing of system administration or details of a proposed communications system acquisition). This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for information - infrastructure maintenance information is low.
+The provisional confidentiality impact level recommended for information infrastructure maintenance information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - information infrastructure maintenance information. Disruption of access to - information infrastructure maintenance information or information systems will - typically result in denial of access to resources for all affected agencies. - Typically, disruption of access will have a limited adverse effect on agency - operations (including mission functions and public confidence in the agency), agency - assets, or individuals. Special Factors Affecting Availability Impact Determination: - Exceptions may include emergency response aspects of disaster management or other - time critical functions (e.g., some systems that support air traffic control - functions). The availability impact level associated with unauthorized modification - or destruction of information infrastructure maintenance information needed to - respond to emergencies or critical to public safety may be high.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to information infrastructure maintenance information. Disruption of access to information infrastructure maintenance information or information systems will typically result in denial of access to resources for all affected agencies. Typically, disruption of access will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency response aspects of disaster management or other time critical functions (e.g., some systems that support air traffic control functions). The availability impact level associated with unauthorized modification or destruction of information infrastructure maintenance information needed to respond to emergencies or + critical to public safety may be high.
The provisional availability impact level recommended for information infrastructure - maintenance information is low.
+The provisional availability impact level recommended for information infrastructure maintenance information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. That is, the consequences of unauthorized modification or destruction - of information infrastructure maintenance information typically depend on the - criticality of the data processed by the infrastructure and whether this data is - time-critical. In most cases, the data will not be urgently needed or acted upon - immediately. Special Factors Affecting Integrity Impact Determination: In a - relatively few cases, the consequences of unauthorized modification or destruction - of information infrastructure maintenance information might result in serious damage - to agency operations, assets, or human safety. This may require a moderate or high - integrity impact level for information infrastructure maintenance information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. That is, the consequences of unauthorized modification or destruction of information infrastructure maintenance information typically depend on the criticality of the data processed by the infrastructure and whether this data is time-critical. In most cases, the data will not be urgently needed or acted upon immediately. Special Factors Affecting Integrity Impact Determination: In a relatively few cases, the consequences of unauthorized modification or destruction of information infrastructure maintenance information might result in serious damage to agency operations, assets, or human safety. This may require a moderate or high integrity impact level for information infrastructure maintenance information.
The provisional integrity impact level recommended for information infrastructure - maintenance information is low.
+The provisional integrity impact level recommended for information infrastructure maintenance information is low.
Federal Grants involve the disbursement of funds by the Federal Government to a - non-Federal entity to help fund projects or activities. This includes the processes - associated with grant administration, including the publication of funds - availability notices, development of the grant application guidance, determination - of grantee eligibility, coordination of the peer review/evaluation process for - competitive grants, the transfer of funds, and the monitoring/oversight as - appropriate.
+Federal Grants involve the disbursement of funds by the Federal Government to a non-Federal entity to help fund projects or activities. This includes the processes associated with grant administration, including the publication of funds availability notices, development of the grant application guidance, determination of grantee eligibility, coordination of the peer review/evaluation process for competitive grants, the transfer of funds, and the monitoring/oversight as appropriate.
The confidentiality impact level is the effect of unauthorized disclosure of federal - grants information on the ability of responsible agencies to disburse funds to - non-Federal entities to fund projects or activities. Typically, unauthorized - disclosure of federal grants information will have only a limited adverse effect on - agency operations, assets, or individuals. Special Factors Affecting Confidentiality - Impact Determination: In a few cases, records associated with grants may include - information subject to privacy restrictions (e.g., the Privacy Act of 1974). The - Privacy Act Information provisional impact levels are documented in the Personal - Identity and Authentication information type. In many cases, premature and - unauthorized disclosure can affect the integrity of the grants process, giving an - unfair competitive advantage to one or more applicants. In such cases, punitive - consequences and/or loss of public confidence can have a seriously disruptive effect - on an agency’s operations and mission. In such cases, the confidentiality impact - level would be moderate. In some cases, federal grants information might be moderate - to high impact. Also, details of programs for which grants are awarded may be - sensitive (e.g., research grants for weapons systems project activities). Some - federal grants information and some grant program details may be classified and - outside the scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of federal grants information on the ability of responsible agencies to disburse funds to non-Federal entities to fund projects or activities. Typically, unauthorized disclosure of federal grants information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In a few cases, records associated with grants may include information subject to privacy restrictions (e.g., the Privacy Act of 1974). The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. In many cases, premature and unauthorized disclosure can affect the integrity of the grants process, giving an unfair competitive advantage to one or more applicants. In such cases, punitive consequences and/or loss of public confidence can have a seriously disruptive effect on an + agency’s operations and mission. In such cases, the confidentiality impact level would be moderate. In some cases, federal grants information might be moderate to high impact. Also, details of programs for which grants are awarded may be sensitive (e.g., research grants for weapons systems project activities). Some federal grants information and some grant program details may be classified and outside the scope of this guideline.
The provisional confidentiality impact level recommended for federal grants - information is low.
+The provisional confidentiality impact level recommended for federal grants information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to federal - grants information. Federal grants processes are generally tolerant of delay. In - most cases, disruption of access to federal grants information can be expected to - have only a limited adverse effect on agency operations, agency assets, or - individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to federal grants information. Federal grants processes are generally tolerant of delay. In most cases, disruption of access to federal grants information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for federal grants information - is low.
+The provisional availability impact level recommended for federal grants information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Federal grants activities are not generally time-critical and multiple - individuals in multiple organizations are usually involved in the grants process. - Therefore, the information maintained by all the individuals/agencies may be - necessary to alter a grants decision. In most cases, the adverse effects of - unauthorized modification or destruction of federal grants information on agency - mission functions or public confidence in the agency is limited. Special Factors - Affecting Integrity Impact Determination: There are significant differences between - the ability to modify a document authorizing a payment and the modification of the - payment itself. The unauthorized modification of a document authorizing a payment is - less time critical than the modification of the payment itself while the payment is - in transit. Modifications to payments in transit will result in immediate inaccurate - payments. This can result in assignment of a moderate impact level to such - information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Federal grants activities are not generally time-critical and multiple individuals in multiple organizations are usually involved in the grants process. Therefore, the information maintained by all the individuals/agencies may be necessary to alter a grants decision. In most cases, the adverse effects of unauthorized modification or destruction of federal grants information on agency mission functions or public confidence in the agency is limited. Special Factors Affecting Integrity Impact Determination: There are significant differences between the ability to modify a document authorizing a payment and the modification of the payment itself. The unauthorized modification of a document authorizing a payment is less time critical than the modification of the payment itself while the payment is + in transit. Modifications to payments in transit will result in immediate inaccurate payments. This can result in assignment of a moderate impact level to such information.
The provisional integrity impact level recommended for federal grants information is - low.
+The provisional integrity impact level recommended for federal grants information is low.
Direct Transfers to Individuals involves the disbursement of funds from the Federal - Government directly to beneficiaries (individuals or organizations) who satisfy - Federal eligibility requirements with no restrictions imposed on the recipient as to - how the money is spent. Direct Transfers include both earned and unearned Federal - Entitlement programs such as Medicare, Social Security, unemployment benefits, - etc.
+Direct Transfers to Individuals involves the disbursement of funds from the Federal Government directly to beneficiaries (individuals or organizations) who satisfy Federal eligibility requirements with no restrictions imposed on the recipient as to how the money is spent. Direct Transfers include both earned and unearned Federal Entitlement programs such as Medicare, Social Security, unemployment benefits, etc.
The confidentiality impact level is the effect of unauthorized disclosure of direct - transfers to individuals information on the ability of responsible agencies to - disburse funds from the Federal Government directly to beneficiaries (individuals or - organizations) who satisfy Federal eligibility requirements with no restrictions - imposed on the recipient as to how the money is spent. In the majority of cases, - unauthorized disclosure of direct transfers to individuals will have only a limited - adverse effect on agency operations, assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: Many of the records associated with - the disbursements may include information subject to privacy restrictions (e.g., the - Privacy Act of 1974, HIPAA of 1996). (The Privacy Act Information provisional impact - levels are documented in the Personal Identity and Authentication information type.) - In such cases, punitive consequences and/or loss of public confidence can have a - seriously disruptive effect on an agency’s operations and mission. The consequent - confidentiality impact level could be moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of direct transfers to individuals information on the ability of responsible agencies to disburse funds from the Federal Government directly to beneficiaries (individuals or organizations) who satisfy Federal eligibility requirements with no restrictions imposed on the recipient as to how the money is spent. In the majority of cases, unauthorized disclosure of direct transfers to individuals will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Many of the records associated with the disbursements may include information subject to privacy restrictions (e.g., the Privacy Act of 1974, HIPAA of 1996). (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) In such cases, punitive consequences and/or loss of public confidence can + have a seriously disruptive effect on an agency’s operations and mission. The consequent confidentiality impact level could be moderate.
Therefore, the provisional confidentiality impact level recommended for direct - transfers to individuals is low.
+Therefore, the provisional confidentiality impact level recommended for direct transfers to individuals is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to direct - transfers to individuals information. Federal disbursement processes are generally - tolerant of delay. In most cases, disruption of access to information regarding - direct transfers to individuals can be expected to have only a limited adverse - effect on agency operations, agency assets, or individuals. Special Factors - Affecting Availability Impact Determination: Disruption of disbursements to large - populations can do serious harm to public confidence in the agency and have a - harmful impact on the nation’s economy (e.g., affect consumer confidence and retail - sales for a month or quarter). In such cases, the availability impact would be - moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to direct transfers to individuals information. Federal disbursement processes are generally tolerant of delay. In most cases, disruption of access to information regarding direct transfers to individuals can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Disruption of disbursements to large populations can do serious harm to public confidence in the agency and have a harmful impact on the nation’s economy (e.g., affect consumer confidence and retail sales for a month or quarter). In such cases, the availability impact would be moderate.
The provisional availability impact level recommended for direct transfers to - individuals is low.
+The provisional availability impact level recommended for direct transfers to individuals is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Federal disbursement activities are not generally time-critical. In - most cases, the monetary amounts involved are not large (on a governmental budgetary - scale). Also, the adverse effects of unauthorized modification or destruction of - direct transfers to individuals on agency mission functions or public confidence in - the agency will be limited. Special Factors Affecting Integrity Impact - Determination: There are significant differences between the ability to modify a - document authorizing a payment and the modification of the payment itself. The - unauthorized modification of a document authorizing a payment is less time critical - than the modification of the payment itself while the payment is in transit. - Modifications to payments in transit will result in immediate inaccurate payments. - This can result in assignment of a moderate impact level to such information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Federal disbursement activities are not generally time-critical. In most cases, the monetary amounts involved are not large (on a governmental budgetary scale). Also, the adverse effects of unauthorized modification or destruction of direct transfers to individuals on agency mission functions or public confidence in the agency will be limited. Special Factors Affecting Integrity Impact Determination: There are significant differences between the ability to modify a document authorizing a payment and the modification of the payment itself. The unauthorized modification of a document authorizing a payment is less time critical than the modification of the payment itself while the payment is in transit. Modifications to payments in transit will result in immediate inaccurate payments. This can + result in assignment of a moderate impact level to such information.
The provisional integrity impact level recommended for direct transfers to - individuals is low.
+The provisional integrity impact level recommended for direct transfers to individuals is low.
Subsidies involve Federal Government financial transfers that reduce costs and/or - increase revenues of producers. Subsidies include the payment of funds from the - government to affect the production or prices of various goods to benefit the - public.
+Subsidies involve Federal Government financial transfers that reduce costs and/or increase revenues of producers. Subsidies include the payment of funds from the government to affect the production or prices of various goods to benefit the public.
The confidentiality impact level is the effect of unauthorized disclosure of - subsidies information on the ability of responsible agencies to pay government funds - to affect the production or prices of various goods to benefit the public benefit. - In many cases, unauthorized disclosure of subsidies information will have only a - limited adverse effect on agency operations, assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: Some information associated with - applications for subsidies includes information covered by the provisions of the - Privacy Act of 1974. (The Privacy Act Information provisional impact levels are - documented in the Personal Identity and Authentication information type.) - Unauthorized disclosure of large volumes of information protected under the Privacy - Act can be expected to have a serious effect on public confidence in the agency. - Also, premature unauthorized disclosure of planned subsidies policies can affect - financial/commodities markets, with associated potential adverse effects on the U.S. - economy and serious adverse effects on public confidence in the agency. This can - result in assignment of a moderate impact level to such information.
+The confidentiality impact level is the effect of unauthorized disclosure of subsidies information on the ability of responsible agencies to pay government funds to affect the production or prices of various goods to benefit the public benefit. In many cases, unauthorized disclosure of subsidies information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Some information associated with applications for subsidies includes information covered by the provisions of the Privacy Act of 1974. (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) Unauthorized disclosure of large volumes of information protected under the Privacy Act can be expected to have a serious effect on public confidence in the agency. Also, premature unauthorized disclosure of planned subsidies policies can affect + financial/commodities markets, with associated potential adverse effects on the U.S. economy and serious adverse effects on public confidence in the agency. This can result in assignment of a moderate impact level to such information.
The provisional confidentiality impact level recommended for most subsidies - information is low.
+The provisional confidentiality impact level recommended for most subsidies information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - subsidies information. Subsidies processes are generally tolerant of delay. In most - cases, disruption of access to subsidies information can be expected to have only a - limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to subsidies information. Subsidies processes are generally tolerant of delay. In most cases, disruption of access to subsidies information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for subsidies information is - low.
+The provisional availability impact level recommended for subsidies information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Subsidies activities are not typically time-critical. In most cases, - the adverse effects of unauthorized modification or destruction of subsidies - information on agency mission functions, image or public confidence in the agency - will be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Subsidies activities are not typically time-critical. In most cases, the adverse effects of unauthorized modification or destruction of subsidies information on agency mission functions, image or public confidence in the agency will be limited.
The provisional integrity impact level recommended for subsidies information is - low.
+The provisional integrity impact level recommended for subsidies information is low.
Tax Credits allow a special exclusion, exemption, or deduction from gross income or - which provide a special credit, a preferential rate of tax, or a deferral of tax - liability designed to encourage certain kinds of activities or to aid taxpayers in - special circumstances.
+Tax Credits allow a special exclusion, exemption, or deduction from gross income or which provide a special credit, a preferential rate of tax, or a deferral of tax liability designed to encourage certain kinds of activities or to aid taxpayers in special circumstances.
The confidentiality impact level is the effect of unauthorized disclosure of tax - credit information on the ability of responsible agencies to allow special - exclusions, exemptions, or deductions from gross income or which provide special - credits, a preferential rate of tax, or a deferral of tax liability designed to - encourage certain kinds of activities or to aid taxpayers in special circumstances. - Many of the records associated with disbursements may include information subject to - privacy restrictions (e.g., the Privacy Act of 1974, the Internal Revenue Code and - Manual, or the Economic Espionage Act). (The provisional impact levels for personnel - information are documented in the Personal Identity and Authentication, Income, - Representative Payee, and Entitlement Event information types.) In such cases, - punitive consequences and/or loss of public confidence can have a seriously - disruptive effect on an agency’s operations and mission. In many cases, unauthorized - disclosure of tax credit information can have a serious adverse effect on agency - operations, assets, or individuals.
+The confidentiality impact level is the effect of unauthorized disclosure of tax credit information on the ability of responsible agencies to allow special exclusions, exemptions, or deductions from gross income or which provide special credits, a preferential rate of tax, or a deferral of tax liability designed to encourage certain kinds of activities or to aid taxpayers in special circumstances. Many of the records associated with disbursements may include information subject to privacy restrictions (e.g., the Privacy Act of 1974, the Internal Revenue Code and Manual, or the Economic Espionage Act). (The provisional impact levels for personnel information are documented in the Personal Identity and Authentication, Income, Representative Payee, and Entitlement Event information types.) In such cases, punitive consequences and/or loss of public confidence can have a seriously disruptive effect on an agency’s operations and mission. In many cases, unauthorized disclosure + of tax credit information can have a serious adverse effect on agency operations, assets, or individuals.
The provisional confidentiality impact level recommended for tax credit information - is moderate.
+The provisional confidentiality impact level recommended for tax credit information is moderate.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to tax - credits information. Taxation processes are generally tolerant of delay. In most - cases, disruption of access to tax credit information can be expected to have only a - limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to tax credits information. Taxation processes are generally tolerant of delay. In most cases, disruption of access to tax credit information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for tax credit information is - low.
+The provisional availability impact level recommended for tax credit information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Tax credits are not generally time-critical. In most cases, the adverse - effects of unauthorized modification or destruction of tax credits on agency mission - functions or public confidence in the agency will be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Tax credits are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of tax credits on agency mission functions or public confidence in the agency will be limited.
The provisional integrity impact level recommended for tax credits is low.
@@ -11611,9 +5690,7 @@Direct loans involve a disbursement of funds by the Government to a non-Federal - borrower under a contract that requires the repayment of such funds with or without - interest.
+Direct loans involve a disbursement of funds by the Government to a non-Federal borrower under a contract that requires the repayment of such funds with or without interest.
The confidentiality impact level is the effect of unauthorized disclosure of direct - loan information on the ability of responsible agencies to disburse Federal funds to - non-Federal borrowers under contract terms that require the repayment of such funds - with or without interest. Much direct loan information includes information covered - by the provisions of the Privacy Act of 1974. (The Privacy Act Information - provisional impact levels are documented in the Personal Identity and Authentication - information type.) In most cases, unauthorized disclosure of direct loan information - will have only a limited adverse effect on agency operations, assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: - Unauthorized disclosure of large volumes of information protected under the Privacy - Act can be expected to have a serious to severe effect on public confidence in the - agency. In such cases, the confidentiality impact can be moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of direct loan information on the ability of responsible agencies to disburse Federal funds to non-Federal borrowers under contract terms that require the repayment of such funds with or without interest. Much direct loan information includes information covered by the provisions of the Privacy Act of 1974. (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) In most cases, unauthorized disclosure of direct loan information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of large volumes of information protected under the Privacy Act can be expected to have a serious to severe effect on public confidence in the agency. In such cases, the confidentiality impact can be moderate.
The provisional confidentiality impact level recommended for direct loan information - is low.
+The provisional confidentiality impact level recommended for direct loan information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to direct - loan information. Loan assistance processes are generally tolerant of delay. In most - cases, disruption of access to direct loan information can be expected to have only - a limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to direct loan information. Loan assistance processes are generally tolerant of delay. In most cases, disruption of access to direct loan information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for direct loan information is - low.
+The provisional availability impact level recommended for direct loan information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Loan assistance activities are not generally time-critical. In most - cases, the adverse effects of unauthorized modification or destruction of direct - loan information on agency mission functions and public confidence in the agency - will be limited. Special Factors Affecting Integrity Impact Determination: There are - significant differences between the ability to modify a document authorizing a - payment and the modification of the payment itself. The unauthorized modification of - a document authorizing a payment is less time critical than the modification of the - payment itself while the payment is in transit. Modifications to payments in transit - will result in immediate inaccurate payments. This can result in assignment of a - moderate impact level to such information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Loan assistance activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of direct loan information on agency mission functions and public confidence in the agency will be limited. Special Factors Affecting Integrity Impact Determination: There are significant differences between the ability to modify a document authorizing a payment and the modification of the payment itself. The unauthorized modification of a document authorizing a payment is less time critical than the modification of the payment itself while the payment is in transit. Modifications to payments in transit will result in immediate inaccurate payments. This can result in assignment of a moderate impact level to such information.
The provisional integrity impact level recommended for direct loan information is - low.
+The provisional integrity impact level recommended for direct loan information is low.
Loan guarantees involve any guarantee, insurance, or other pledge with respect to the - payment of all or a part of the principal or interest on any debt obligation of a - non-Federal borrower to a non-Federal lender, but does not include the insurance of - deposits, shares, or other withdrawable accounts in financial institutions.
+Loan guarantees involve any guarantee, insurance, or other pledge with respect to the payment of all or a part of the principal or interest on any debt obligation of a non-Federal borrower to a non-Federal lender, but does not include the insurance of deposits, shares, or other withdrawable accounts in financial institutions.
The confidentiality impact level is the effect of unauthorized disclosure of loan - guarantee information on the ability of responsible agencies to execute guarantees, - insurance, or other pledges with respect to the payment of all or a part of the - principal or interest on any debt obligation of a non-Federal borrower to a - non-Federal lender. In most cases, unauthorized disclosure of loan guarantee - information will have only a limited adverse effect on agency operations, assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: Much - loan guarantee information includes information covered by the provisions of the - Privacy Act of 1974. (The Privacy Act Information provisional impact levels are - documented in the Personal Identity and Authentication information type.) - Unauthorized disclosure of large volumes of information protected under the Privacy - Act can be expected to have a serious to severe effect on public confidence in the - agency. In such cases, the confidentiality impact can be moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of loan guarantee information on the ability of responsible agencies to execute guarantees, insurance, or other pledges with respect to the payment of all or a part of the principal or interest on any debt obligation of a non-Federal borrower to a non-Federal lender. In most cases, unauthorized disclosure of loan guarantee information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Much loan guarantee information includes information covered by the provisions of the Privacy Act of 1974. (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) Unauthorized disclosure of large volumes of information protected under the Privacy Act can be expected to have a serious to severe effect on public confidence in the agency. In such + cases, the confidentiality impact can be moderate.
The provisional confidentiality impact level recommended for loan guarantee - information is low.
+The provisional confidentiality impact level recommended for loan guarantee information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to loan - guarantee information. Loan processes are generally tolerant of delay. In most - cases, disruption of access to loan guarantee information will have only a limited - adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to loan guarantee information. Loan processes are generally tolerant of delay. In most cases, disruption of access to loan guarantee information will have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for loan guarantee information - is low.
+The provisional availability impact level recommended for loan guarantee information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Loan guarantee activities are not generally time-critical. In most - cases, the adverse effects of unauthorized modification or destruction of loan - guarantee information on agency mission functions and public confidence in the - agency will be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Loan guarantee activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of loan guarantee information on agency mission functions and public confidence in the agency will be limited.
The provisional integrity impact level recommended for loan guarantee information is - low.
+The provisional integrity impact level recommended for loan guarantee information is low.
General Insurance involves providing protection to individuals or entities against - specified risks. The specified protection generally involves risks that private - sector entities are unable or unwilling to assume or subsidize and where the - provision of insurance is necessary to achieve social objectives.
+General Insurance involves providing protection to individuals or entities against specified risks. The specified protection generally involves risks that private sector entities are unable or unwilling to assume or subsidize and where the provision of insurance is necessary to achieve social objectives.
The confidentiality impact level is the effect of unauthorized disclosure of general - insurance information on the abilities of responsible agencies to provide protection - to individuals or entities against specified risks. General insurance activities - include both insurance issuing and insurance servicing. Insurance issuing is any - activity such as provider approval, underwriting, and endorsements. The consequences - of unauthorized disclosure of insurance issuing information will generally result in - a limited adverse effect on agency operations, agency assets, or individuals. - Insurance servicing supports activities associated with administering and processing - insurance include payment processing, initial and final closings, loss mitigation, - claims management, and retiring insurance. The confidentiality impact level is the - effect of unauthorized disclosure of insurance servicing information on the - abilities of responsible agencies to administer and process insurance. The - consequences of unauthorized disclosure of insurance servicing information will - generally result in a limited adverse effect on agency operations, agency assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: The - more serious consequences may result from 1) unauthorized disclosure of provider’s - proprietary information, or 2) premature disclosure of agency plans or changes under - consideration for contracts, plans, or policies. Unauthorized disclosure of - information that can affect contract arrangements to the detriment of the interests - of the government, and of the public at large (e.g., planned or anticipated - termination of a major contract insurer), can result in damaging increases in public - expense and exposure to impact. In the case of unauthorized disclosure to an - individual private sector organization, unfair competitive advantage may result – - with major financial consequences. In the case of unauthorized disclosure of - preliminary and unsubstantiated data that is both incorrect and pessimistic (e.g., - Medicare budget projections,), the consequent unwarranted alarm of the public may - have serious political and operational consequences for affected agencies. In the - more serious cases, the confidentiality impact will be at least moderate. The more - serious consequences of unauthorized disclosure of insurance servicing information - may result from unauthorized disclosure of private information concerning the - insured (e.g., Privacy Act information). (The Privacy Act Information provisional - impact levels are documented in the Personal Identity and Authentication information - type.) In the more serious cases, the confidentiality impact will be at least - moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of general insurance information on the abilities of responsible agencies to provide protection to individuals or entities against specified risks. General insurance activities include both insurance issuing and insurance servicing. Insurance issuing is any activity such as provider approval, underwriting, and endorsements. The consequences of unauthorized disclosure of insurance issuing information will generally result in a limited adverse effect on agency operations, agency assets, or individuals. Insurance servicing supports activities associated with administering and processing insurance include payment processing, initial and final closings, loss mitigation, claims management, and retiring insurance. The confidentiality impact level is the effect of unauthorized disclosure of insurance servicing information on the abilities of responsible agencies to administer and process insurance. The + consequences of unauthorized disclosure of insurance servicing information will generally result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: The more serious consequences may result from 1) unauthorized disclosure of provider’s proprietary information, or 2) premature disclosure of agency plans or changes under consideration for contracts, plans, or policies. Unauthorized disclosure of information that can affect contract arrangements to the detriment of the interests of the government, and of the public at large (e.g., planned or anticipated termination of a major contract insurer), can result in damaging increases in public expense and exposure to impact. In the case of unauthorized disclosure to an individual private sector organization, unfair competitive advantage may result – with major financial consequences. In the case of unauthorized disclosure of preliminary + and unsubstantiated data that is both incorrect and pessimistic (e.g., Medicare budget projections,), the consequent unwarranted alarm of the public may have serious political and operational consequences for affected agencies. In the more serious cases, the confidentiality impact will be at least moderate. The more serious consequences of unauthorized disclosure of insurance servicing information may result from unauthorized disclosure of private information concerning the insured (e.g., Privacy Act information). (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) In the more serious cases, the confidentiality impact will be at least moderate.
The provisional confidentiality impact level recommended for general insurance - information is low.
+The provisional confidentiality impact level recommended for general insurance information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to general - insurance information. The nature of general insurance processes is usually tolerant - of reasonable delays. Special Factors Affecting Availability Impact Determination: - Extensive delays in insurance servicing activities can result in financial harm for - individuals and businesses and in public alarm and repercussions in the financial - markets. In more serious cases, delays may have serious political and operational - consequences for affected agencies. In such cases, the confidentiality impact may be - at least moderate.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to general insurance information. The nature of general insurance processes is usually tolerant of reasonable delays. Special Factors Affecting Availability Impact Determination: Extensive delays in insurance servicing activities can result in financial harm for individuals and businesses and in public alarm and repercussions in the financial markets. In more serious cases, delays may have serious political and operational consequences for affected agencies. In such cases, the confidentiality impact may be at least moderate.
The provisional availability impact level recommended for general insurance - information is low.
+The provisional availability impact level recommended for general insurance information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. The consequences of unauthorized modification or destruction of general - insurance information may depend on the urgency with which the information is - typically needed. Unauthorized modification or destruction of information affecting - external communications (e.g., web pages, electronic mail) typically has a limited - adverse effect on agency operations and/or public confidence in the agency.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of general insurance information may depend on the urgency with which the information is typically needed. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) typically has a limited adverse effect on agency operations and/or public confidence in the agency.
The provisional integrity impact level recommended for general insurance information - is low.
+The provisional integrity impact level recommended for general insurance information is low.
Formula Grants involves the allocation of money to States or their subdivisions in - accordance with distribution formulas prescribed by law or administrative - regulation, for activities of a continuing nature.
+Formula Grants involves the allocation of money to States or their subdivisions in accordance with distribution formulas prescribed by law or administrative regulation, for activities of a continuing nature.
The confidentiality impact level is the effect of unauthorized disclosure of formula - grants information on the ability of responsible agencies to allocate money to - States or their subdivisions in accordance with distribution formulas prescribed by - law or administrative regulation, for activities of a continuing nature. Typically, - unauthorized disclosure of most formula grants information will have only a limited - adverse effect on agency operations, assets, or individuals. In most cases, - information associated with formula grants is public knowledge. Special Factors - Affecting Confidentiality Impact Determination: In a few cases, details of programs - for which formula grants are awarded may be sensitive (e.g., some Federal/State - cooperative programs intended to support Homeland Security operations). This can - result in assignment of a moderate or high impact level to such information. Some - formula grants information might be classified (hence outside the scope of this +
The confidentiality impact level is the effect of unauthorized disclosure of formula grants information on the ability of responsible agencies to allocate money to States or their subdivisions in accordance with distribution formulas prescribed by law or administrative regulation, for activities of a continuing nature. Typically, unauthorized disclosure of most formula grants information will have only a limited adverse effect on agency operations, assets, or individuals. In most cases, information associated with formula grants is public knowledge. Special Factors Affecting Confidentiality Impact Determination: In a few cases, details of programs for which formula grants are awarded may be sensitive (e.g., some Federal/State cooperative programs intended to support Homeland Security operations). This can result in assignment of a moderate or high impact level to such information. Some formula grants information might be classified (hence outside the scope of this guideline).
The provisional confidentiality impact level recommended for formula grants - information is low.
+The provisional confidentiality impact level recommended for formula grants information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to formula - grants information. Formula grants processes are generally tolerant of delay. In - most cases, disruption of access to formula grants information can be expected to - have only a limited adverse effect on agency operations, agency assets, or - individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to formula grants information. Formula grants processes are generally tolerant of delay. In most cases, disruption of access to formula grants information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for formula grants information - is low.
+The provisional availability impact level recommended for formula grants information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Formula grants activities are not generally time-critical and multiple - individuals in multiple organizations are usually involved in the grants process. - Therefore, the information maintained by all the individuals/agencies is probably - necessary to alter a grants decision. In most cases, the adverse effects of - unauthorized modification or destruction of formula grants information on agency - mission functions or public confidence in the agency will be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Formula grants activities are not generally time-critical and multiple individuals in multiple organizations are usually involved in the grants process. Therefore, the information maintained by all the individuals/agencies is probably necessary to alter a grants decision. In most cases, the adverse effects of unauthorized modification or destruction of formula grants information on agency mission functions or public confidence in the agency will be limited.
The provisional integrity impact level recommended for formula grants information is - low.
+The provisional integrity impact level recommended for formula grants information is low.
Project/Competitive Grants involves the funding, for fixed or known periods, of - projects. Project/Competitive grants can include fellowships, scholarships, research - grants, training grants, traineeships, experimental and demonstration grants, - evaluation grants, planning grants, technical assistance grants, survey grants, and - construction grants.
+Project/Competitive Grants involves the funding, for fixed or known periods, of projects. Project/Competitive grants can include fellowships, scholarships, research grants, training grants, traineeships, experimental and demonstration grants, evaluation grants, planning grants, technical assistance grants, survey grants, and construction grants.
The confidentiality impact level is the effect of unauthorized disclosure of - project/competitive grants information on the ability of responsible agencies to - award fellowships, scholarships, research grants, training grants, traineeships, - experimental and demonstration grants, evaluation grants, planning grants, technical - assistance grants, survey grants, and/or construction grants. In most cases, - unauthorized disclosure of project/competitive grants information will have only a - limited adverse effect on agency operations, assets, or individuals. Special Factors - Affecting Confidentiality Impact Determination: In some cases, project/competitive - grants information may be sensitive with moderate to high impact. In a few cases, - details of programs for which grants are awarded may be classified and outside the - scope of this guideline. In a few cases, records associated with the grants may - include information subject to privacy restrictions (e.g., the Privacy Act of 1974). - (The Privacy Act Information provisional impact levels are documented in the - Personal Identity and Authentication information type.) In many cases, premature and - unauthorized disclosure can affect the integrity of the grants process, giving an - unfair competitive advantage to one or more applicants. In such cases, punitive - consequences and/or loss of public confidence can have a seriously disruptive effect - on an agency’s operations and mission. In such cases, the confidentiality impact - level would be moderate.
+The confidentiality impact level is the effect of unauthorized disclosure of project/competitive grants information on the ability of responsible agencies to award fellowships, scholarships, research grants, training grants, traineeships, experimental and demonstration grants, evaluation grants, planning grants, technical assistance grants, survey grants, and/or construction grants. In most cases, unauthorized disclosure of project/competitive grants information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, project/competitive grants information may be sensitive with moderate to high impact. In a few cases, details of programs for which grants are awarded may be classified and outside the scope of this guideline. In a few cases, records associated with the grants may include information subject to privacy restrictions (e.g., the Privacy Act of 1974). + (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) In many cases, premature and unauthorized disclosure can affect the integrity of the grants process, giving an unfair competitive advantage to one or more applicants. In such cases, punitive consequences and/or loss of public confidence can have a seriously disruptive effect on an agency’s operations and mission. In such cases, the confidentiality impact level would be moderate.
The provisional confidentiality impact level recommended for most project/competitive - grants information is low.
+The provisional confidentiality impact level recommended for most project/competitive grants information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - project/competitive grants information. Project/competitive grants processes are - generally tolerant of delay. In most cases, disruption of access to - project/competitive grants information can be expected to have only a limited - adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to project/competitive grants information. Project/competitive grants processes are generally tolerant of delay. In most cases, disruption of access to project/competitive grants information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for project/competitive grants - information is low.
+The provisional availability impact level recommended for project/competitive grants information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Project/competitive grants activities are not generally time-critical. - In most cases, the adverse effects of unauthorized modification or destruction of - project/competitive grants information on agency mission functions or public - confidence in the agency will be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Project/competitive grants activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of project/competitive grants information on agency mission functions or public confidence in the agency will be limited.
The provisional integrity impact level recommended for project/competitive grants - information is low.
+The provisional integrity impact level recommended for project/competitive grants information is low.
Earmarked Grants involves the distribution of money to State and Local Governments - for a named purpose or service usually specifically noted by Congress in - appropriations language, or other program authorizing language.
+Earmarked Grants involves the distribution of money to State and Local Governments for a named purpose or service usually specifically noted by Congress in appropriations language, or other program authorizing language.
The confidentiality impact level is the effect of unauthorized disclosure of - earmarked grants information on the ability of responsible Federal government - entities to distribute money to State and Local Governments for a named purpose or - service usually specifically noted by Congress in appropriations language, or other - program authorizing language. In the majority of cases, earmarked grants information - is public knowledge. Typically, unauthorized disclosure of most earmarked grants - information will have only a limited adverse effect on agency operations, assets, or - individuals. Special Factors Affecting Confidentiality Impact Determination: In some - cases, project/competitive grants information may be sensitive with moderate to high - impact. In a few cases, details of programs for which grants are awarded may be - classified and outside the scope of this guideline.
+The confidentiality impact level is the effect of unauthorized disclosure of earmarked grants information on the ability of responsible Federal government entities to distribute money to State and Local Governments for a named purpose or service usually specifically noted by Congress in appropriations language, or other program authorizing language. In the majority of cases, earmarked grants information is public knowledge. Typically, unauthorized disclosure of most earmarked grants information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, project/competitive grants information may be sensitive with moderate to high impact. In a few cases, details of programs for which grants are awarded may be classified and outside the scope of this guideline.
The provisional confidentiality impact level recommended for earmarked grants - information is low.
+The provisional confidentiality impact level recommended for earmarked grants information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to - earmarked grants information. Earmarked grants processes are generally tolerant of - delay. In most cases, disruption of access to earmarked grants information will have - only a limited adverse effect on agency operations, agency assets, or - individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to earmarked grants information. Earmarked grants processes are generally tolerant of delay. In most cases, disruption of access to earmarked grants information will have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for earmarked grants - information is low.
+The provisional availability impact level recommended for earmarked grants information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Earmarked grants activities are not generally time-critical and - multiple individuals in multiple organizations are usually involved in the grants - process. Therefore, the information maintained by all the individuals/agencies is - probably necessary to alter a grants decision. In most cases, the adverse effects of - unauthorized modification or destruction of earmarked grants information on agency - mission functions or public confidence in the agency will be limited.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Earmarked grants activities are not generally time-critical and multiple individuals in multiple organizations are usually involved in the grants process. Therefore, the information maintained by all the individuals/agencies is probably necessary to alter a grants decision. In most cases, the adverse effects of unauthorized modification or destruction of earmarked grants information on agency mission functions or public confidence in the agency will be limited.
The provisional integrity impact level recommended for earmarked grants information - is low.
+The provisional integrity impact level recommended for earmarked grants information is low.
State Loans involve all disbursement of funds by the Government to a State or Local - Government (or Indian Tribe) entity under a contract that requires the repayment of - such funds with or without interest.
+State Loans involve all disbursement of funds by the Government to a State or Local Government (or Indian Tribe) entity under a contract that requires the repayment of such funds with or without interest.
The confidentiality impact level is the effect of unauthorized disclosure of state - loan information on the ability of responsible agencies to disburse Federal funds a - State or Local Government (or Indian Tribe) entity under a contract that requires - the repayment of such funds with or without interest. In most cases, unauthorized - disclosure of state loan information will have only a limited adverse effect on - agency operations, assets, or individuals.
+The confidentiality impact level is the effect of unauthorized disclosure of state loan information on the ability of responsible agencies to disburse Federal funds a State or Local Government (or Indian Tribe) entity under a contract that requires the repayment of such funds with or without interest. In most cases, unauthorized disclosure of state loan information will have only a limited adverse effect on agency operations, assets, or individuals.
The provisional confidentiality impact level recommended for state loan information - is low.
+The provisional confidentiality impact level recommended for state loan information is low.
The availability impact level is based on the specific mission and the data - supporting that mission, not on the time required to re-establish access to state - loan information. Loan assistance processes are generally tolerant of delay. In most - cases, disruption of access to state loan information can be expected to have only a - limited adverse effect on agency operations, agency assets, or individuals.
+The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to state loan information. Loan assistance processes are generally tolerant of delay. In most cases, disruption of access to state loan information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.
The provisional availability impact level recommended for state loan information is - low.
+The provisional availability impact level recommended for state loan information is low.
The integrity impact level is based on the specific mission and the data supporting - that mission, not on the time required to detect the modification or destruction of - information. Loan assistance activities are not generally time-critical. In most - cases, the adverse effects of unauthorized modification or destruction of state loan - information on agency mission functions and public confidence in the agency will be - limited. Special Factors Affecting Integrity Impact Determination: There are - significant differences between the ability to modify a document authorizing a - payment and the modification of the payment itself. The unauthorized modification of - a document authorizing a payment is less time critical than the modification of the - payment itself while the payment is in transit. Modifications to payments in transit - will result in immediate inaccurate payments. This can result in assignment of a - moderate impact level to such information.
+The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Loan assistance activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of state loan information on agency mission functions and public confidence in the agency will be limited. Special Factors Affecting Integrity Impact Determination: There are significant differences between the ability to modify a document authorizing a payment and the modification of the payment itself. The unauthorized modification of a document authorizing a payment is less time critical than the modification of the payment itself while the payment is in transit. Modifications to payments in transit will result in immediate inaccurate payments. This can result in assignment of a moderate impact level to such information.
The provisional integrity impact level recommended for state loan information is - low.
+The provisional integrity impact level recommended for state loan information is low.
The BRM provided in the FEA Consolidated Reference Model Document, Version 2.3, - October 2007 does not define the Military Operations information type. For the - purpose of this document, Military Operations describes the direct provision of - military service for the citizens. Further, the BRM specifies Military Operations as - a Mode of Delivery business area or a vehicle by which the federal government - delivers it services to citizens. Therefore, agency personnel should consider the - Military Operations information type as delivery mechanisms of the mission-based - services information types [e.g., Catastrophic Defense, Emergency Response, Key - Asset and Critical Infrastructure Protection] described heretofore.
+The BRM provided in the FEA Consolidated Reference Model Document, Version 2.3, October 2007 does not define the Military Operations information type. For the purpose of this document, Military Operations describes the direct provision of military service for the citizens. Further, the BRM specifies Military Operations as a Mode of Delivery business area or a vehicle by which the federal government delivers it services to citizens. Therefore, agency personnel should consider the Military Operations information type as delivery mechanisms of the mission-based services information types [e.g., Catastrophic Defense, Emergency Response, Key Asset and Critical Infrastructure Protection] described heretofore.
The BRM provided in the FEA Consolidated Reference Model Document, Version 2.3, - October 2007 specifies Civilian Operations as a Mode of Delivery business area or a - vehicle by which the federal government delivers it services to citizens. Therefore, - agency personnel should consider the Civilian Operations information type as - delivery mechanisms of the mission-based services information types [e.g., Health - Care, Emergency Response, and Environmental Remediation] described heretofore.
+The BRM provided in the FEA Consolidated Reference Model Document, Version 2.3, October 2007 specifies Civilian Operations as a Mode of Delivery business area or a vehicle by which the federal government delivers it services to citizens. Therefore, agency personnel should consider the Civilian Operations information type as delivery mechanisms of the mission-based services information types [e.g., Health Care, Emergency Response, and Environmental Remediation] described heretofore.
Link the SAP to the SSP.
-FedRAMP prefers the path for the SSP be relative to the location of this SAP file. - Absolute links will likely not work when FedRAMP tools import the content.
+FedRAMP prefers the path for the SSP be relative to the location of this SAP file. Absolute links will likely not work when FedRAMP tools import the content.
This may point to a back-matter resource using a URI fragment.
-If no OSCAL-based SSP exists, this must be a URI fragment pointing to a special
- back-matter resource. The resource must include the no-oscal-ssp
conformity
- tag.
If no OSCAL-based SSP exists, this must be a URI fragment pointing to a special back-matter resource. The resource must include the no-oscal-ssp
conformity tag.
Describe the risk
This is a statement about the identified risk as provided by the tool.
This field must be present, but may be blank (or state 'No Risk Statement' if no statement is provided by the tool.
-Describe mitigating factor
Describe why the cited implementation statement justifies lowering the risk.
Only include this resource if no OSCAL-based SSP is available.
Delete it otherwise.
diff --git a/src/content/rev5/templates/sap/xml/FedRAMP-SAP-OSCAL-Template.xml b/src/content/rev5/templates/sap/xml/FedRAMP-SAP-OSCAL-Template.xml index 608f69081..d0ac5999e 100644 --- a/src/content/rev5/templates/sap/xml/FedRAMP-SAP-OSCAL-Template.xml +++ b/src/content/rev5/templates/sap/xml/FedRAMP-SAP-OSCAL-Template.xml @@ -7,15 +7,14 @@The assessor's HQ, or the address of the assessment team's primary business - location.
+The assessor's HQ, or the address of the assessment team's primary business location.
One or more parties
If the "responsible-party" contains multiple "party-uuid", FedRAMP assumes the "ia-validated" and "csp-validated" prop values apply to each referenced party.
@@ -265,8 +261,8 @@Exactly one party
The party-uuid should observation-source a party in the SSP.
-If an appropriate party does not exist in the SSP, the SAP tool should add a party to - the SAP, or have the CSP add the party to the SSP.
+If an appropriate party does not exist in the SSP, the SAP tool should add a party to the SAP, or have the CSP add the party to the SSP.
The SAP tool should not modify the SSP.
At least one should be available 24x7 during assessment activities.
At least one should be an operations center, such a SOC or NOC.
The party-uuid should observation-source a party in the SSP or SAP.
-If an appropriate party does not exist in the SSP or SAP, the SAR tool should add a - party to the SAR.
+If an appropriate party does not exist in the SSP or SAP, the SAR tool should add a party to the SAR.
The SAP tool should not modify the SSP.
This OSCAL-based FedRAMP SAP Template can be used for the FedRAMP initial or annual - assessment planning.
+This OSCAL-based FedRAMP SAP Template can be used for the FedRAMP initial or annual assessment planning.
Link the SAP to the SSP.
-FedRAMP prefers the path for the SSP be relative to the location of this SAP file. - Absolute links will likely not work when FedRAMP tools import the content.
+FedRAMP prefers the path for the SSP be relative to the location of this SAP file. Absolute links will likely not work when FedRAMP tools import the content.
This may point to a back-matter resource using a URI fragment.
-If no OSCAL-based SSP exists, this must be a URI fragment pointing to a special
- back-matter resource. The resource must include the no-oscal-ssp
conformity
- tag.
If no OSCAL-based SSP exists, this must be a URI fragment pointing to a special back-matter resource. The resource must include the no-oscal-ssp
conformity tag.
The ID assigned to this missing role must not be used in the SSP user list.
-The SAP user assembly duplicates the SSP user assembly, which requires a - role-id.
+The SAP user assembly duplicates the SSP user assembly, which requires a role-id.
If an existing role in the SSP is appropriate, reference it here.
-If no appropriate role exists in the SSP, the role-id may be left blank in the - SAP.
+If no appropriate role exists in the SSP, the role-id may be left blank in the SAP.
Determine if the organization:
Access control policy; procedures addressing account management; security plan; information system design documentation; information system configuration settings and associated documentation; list of active system accounts along with the name of the individual associated with each account; list of conditions for group and role membership; notifications or records of recently transferred, separated, or terminated employees; list of recently disabled information system accounts along with the name of the individual associated with each account; access authorization records; account management compliance reviews; information system monitoring records; information system audit records; other relevant documents or records
+Access control policy; procedures addressing account management; security plan; information system design documentation; information system configuration settings and associated documentation; list of active system accounts along with the name of the individual associated with each account; list of conditions for group and role membership; notifications or records of recently transferred, separated, or terminated employees; list of recently disabled information system accounts along with the name of the individual associated with each account; access authorization records; account management compliance reviews; information system monitoring records; information system audit records; other relevant documents or records
Determine if the organization:
Organizational personnel with account management responsibilities; system/network administrators; organizational personnel with information security responsibilities
+Organizational personnel with account management responsibilities; system/network administrators; organizational personnel with information security responsibilities
Organizational processes for account management on the information system; automated mechanisms for implementing account management
+Organizational processes for account management on the information system; automated mechanisms for implementing account management
Description of the manual test
We will login as a customer and try to see if we can gain access to the Network - Administrator and Database Administrator privileges and authorizations by navigating - to different views and manually forcing the browser to various URLs
+We will login as a customer and try to see if we can gain access to the Network Administrator and Database Administrator privileges and authorizations by navigating to different views and manually forcing the browser to various URLs
We will test the CAPTCHA function on the web form manually
We will manually test to see if OCSP is validating certificates.
Describe this web application test.
Describe this web application test.
Describe this role based test.
Describe this role based test.
This SAP has been developed by [IA Name] and is for [an initial assessment/an annual assessment/an annual assessment and significant change assessment/a significant change assessment] of the [CSP Name], [CSO Name]. The SAP provides the goals for the assessment and details how the assessment will be conducted.
-The FedRAMP-applicable laws, regulations, standards and guidance is included in the [CSO Name] SSP section – System Security Plan Approvals. Additionally, in Appendix L of the SSP, the [CSP Name] has included laws, regulations, standards, and guidance that apply specifically to this system.
This plan is for an initial assessment of [CSO Name], a [One: High/Moderate/ Low] baseline system. 100% of the FedRAMP security controls in the system baseline are assessed. The security controls that will be assessed are listed in Appendix A.
This plan is for an annual assessment of [CSO Name], a [One: High/Moderate/ Low] baseline system. After the initial security assessment, FedRAMP requires that the system is assessed annually thereafter (12 months from an agency ATO / JAB P-ATO date). While the entire set of security controls is assessed during the initial assessment, a subset is assessed during the annual assessment. The control selection is in accordance with the criteria outlined in the FedRAMP Annual Assessment Guidance and includes:
The detailed control list, including the rationale for each control’s selection, is included in SAP Appendix A, FedRAMP [CSO Name] Security Controls Selection Worksheet.
This document [is for/also includes] the assessment plan for [a significant change/several significant changes]. Appendix D includes the significant change request documentation submitted by [CSP Name] to the [AO/JAB].
@@ -654,9 +639,9 @@The physical locations of all the different components that will be tested are described in Table 3-3.
+The physical locations of all the different components that will be tested are described in Table 3-3.
SSP Appendix M, FedRAMP Integrated Inventory Workbook, captures the inventory items for the entire system and includes all the following required to be tested for the authorization of this system:
The methodology section of this document describes the approach to the assessment of the inventory.
Additional roles that are being introduced as part of significant changes will be tested and are noted in Appendix D. Role testing will be performed to test the authorization restrictions for each role. [IA Name] will access the system while logged in as different user types and attempt to perform restricted functions for that user.
Security controls will be verified using one or more of the following assessment methods:
The Penetration Test Plan and Methodology is attached in Appendix C.
Identifies all addresses from which the assessment may be conducted, including scans and penetration testing activities.
@@ -1347,12 +1330,8 @@References an inventory item, which is linked to a component. The component has a scan-type
FedRAMP Extension with a value of "web"
Only include this resource if no OSCAL-based SSP is available.
Delete it otherwise.
@@ -1544,49 +1503,49 @@The organization that prepared this SSP. If developed in-house, this is the CSP - itself.
+The organization that prepared this SSP. If developed in-house, this is the CSP itself.
The management-level POC within the assessor's organization accountable for the - organization's assessment performance.
+The management-level POC within the assessor's organization accountable for the organization's assessment performance.
A role for an individual within the CSP to be notified by the assessor when testing - is complete.
+A role for an individual within the CSP to be notified by the assessor when testing is complete.
A role for the individuals within the CSP who are to receive the assessment - results.
+A role for the individuals within the CSP who are to receive the assessment results.
The assessor's HQ, or the address of the assessment team's primary business - location.
+The assessor's HQ, or the address of the assessment team's primary business location.
This party entry must be present in a FedRAMP SAR.
-The uuid may be different; however, the uuid must be associated with the - "fedramp-pmo" role in the responsible-party assemblies.
+The uuid may be different; however, the uuid must be associated with the "fedramp-pmo" role in the responsible-party assemblies.
Exactly one party.
This is the UUID for the CSP in the SSP.
-If no OSCAL-based SSP exists, create a CSP party in the SAP, and provide that UUID - here.
+If no OSCAL-based SSP exists, create a CSP party in the SAP, and provide that UUID here.
Exactly one party
The party-uuid should reference a party in the SSP.
-If an appropriate party does not exist in the SSP, the SAP tool should add a party to - the SAP, or have the CSP add the party to the SSP..
+If an appropriate party does not exist in the SSP, the SAP tool should add a party to the SAP, or have the CSP add the party to the SSP..
The SAP tool should not modify the SSP.
At least one should be available 24x7 during assessment activities.
At least one should be an operations center, such a SOC or NOC.
The party-uuid should reference a party in the SSP or SAP.
-If an appropriate party does not exist in the SSP or SAP, the SAR tool should add a - party to the SAR.
+If an appropriate party does not exist in the SSP or SAP, the SAR tool should add a party to the SAR.
The SAP tool should not modify the SSP.
This OSCAL-based FedRAMP SAR Template can be used for the FedRAMP initial or annual - assessment reporting.
+This OSCAL-based FedRAMP SAR Template can be used for the FedRAMP initial or annual assessment reporting.
FedRAMP prefers the path for the SAP be relative to the location of this SAR file. - Absolute links will not work when FedRAMP tools import the content.
+FedRAMP prefers the path for the SAP be relative to the location of this SAR file. Absolute links will not work when FedRAMP tools import the content.
In this example, the SAR points to the SAP as a back-matter resource using a URI fragment.
Insert assessment object description
Determine if the organization:
- defines information system account types to be identified and selected to support organizational missions/business functions
Access control policy; procedures addressing account management; security plan; information system design documentation; information system configuration settings and associated documentation; list of active system accounts along with the name of the individual associated with each account; list of conditions for group and role membership; notifications or records of recently transferred, separated, or terminated employees; list of recently disabled information system accounts along with the name of the individual associated with each account; access authorization records; account management compliance reviews; information system monitoring records; information system audit records; other relevant documents or records
+Access control policy; procedures addressing account management; security plan; information system design documentation; information system configuration settings and associated documentation; list of active system accounts along with the name of the individual associated with each account; list of conditions for group and role membership; notifications or records of recently transferred, separated, or terminated employees; list of recently disabled information system accounts along with the name of the individual associated with each account; access authorization records; account management compliance reviews; information system monitoring records; information system audit records; other relevant documents or records
Determine if the organization:
- identifies and selects organization-defined information system account types to support organizational missions/business functions
Determine if the organization:
- identifies and selects organization-defined information system account types to support organizational missions/business functions
This describes an activity that was not defined in the SAP, but was performed during - the assessment. The justification must be included.
+This describes an activity that was not defined in the SAP, but was performed during the assessment. The justification must be included.
Ideally, this assessment laptop would have been defined in the SAP, and not - repeated here.
-If the laptop was not known at the time the SAP was drafted, or something - different was used, it must be defined here.
+Ideally, this assessment laptop would have been defined in the SAP, and not repeated here.
+If the laptop was not known at the time the SAP was drafted, or something different was used, it must be defined here.
Describe scannilng tool used by assessor.
This is an example of a revised assessment platform.
-Ideally, all assessment platforms and components are defined in the SAP. If - there is a departure from what is defined in the SAP, it must be defined in the - SAR.
-This is a mixed example showing a revised component (a different assessment - laptop defined as a component in the SAR) being paired with tools previously - defined in the SAP.
+Ideally, all assessment platforms and components are defined in the SAP. If there is a departure from what is defined in the SAP, it must be defined in the SAR.
+This is a mixed example showing a revised component (a different assessment laptop defined as a component in the SAR) being paired with tools previously defined in the SAP.
Include all controls in the specified in the assessment plan, except as explicitly - excluded here.
+Include all controls in the specified in the assessment plan, except as explicitly excluded here.
If the policy is defined in the SSP as a component, you can cite it using
- subject
, and use the UUID of the policy component in the SSP.
If the policy is defined in the SSP as a component, you can cite it using subject
, and use the UUID of the policy component in the SSP.
If the policy is not an SSP component, it should be attached to the SAR
- as a resource
, and cited here as a URI fragment.
If the policy is not an SSP component, it should be attached to the SAR as a resource
, and cited here as a URI fragment.
The subject-reference identifies a policy that was reviewed and is attached in the - back-matter.
-The observation source is linked to the task in the schedule associated with - performing document reviews.
-Even though the policy may be defined in the SSP and OSCAL would allow the SAR to - reference it, FedRAMP requires the assessor attach all evidence to the SAR..
+The subject-reference identifies a policy that was reviewed and is attached in the back-matter.
+The observation source is linked to the task in the schedule associated with performing document reviews.
+Even though the policy may be defined in the SSP and OSCAL would allow the SAR to reference it, FedRAMP requires the assessor attach all evidence to the SAR..
This describes the evidence, and adds relevant detail.
-For example, this could cite where to find this information in interview - notes.
+For example, this could cite where to find this information in interview notes.
The subject-reference is linked to the person interviewed.
-The observation source is linked to the task in the schedule associated with - performing staff interviews.
+The observation source is linked to the task in the schedule associated with performing staff interviews.
The relevant-evidence is linked to the interview notes.
-These may be defined in the SSP, SAP, or SAR. Tools should check all three - locations.
+These may be defined in the SSP, SAP, or SAR. Tools should check all three locations.
Raw scanner tool output - discovery scan.
Undocumented hosts are entered into the SAR's result/local-definitions section as - inventory-items or components.
+Undocumented hosts are entered into the SAR's result/local-definitions section as inventory-items or components.
Undocumented hosts are listed in the observations assembly as subject-references.
The origin must contain the UUID of the tool used to perform the scan.
Raw scanner tool output - Infrastructure and OS Scan.
Attach relevant evidence as a resource
.
Use a link
field with a URI fragment to link to the resource using
- its UUID.
Use a link
field with a URI fragment to link to the resource using its UUID.
Infrastructure Scan Percentage.
Describe how comprehensive the scans were by using the FedRAMP "scan-percentage", "discrepencies", and "ia-manual-review" prop
within the observation
data item.
If the value of the "discrepencies" prop
is "yes", that indicates that there are discrepencies between the inventory and the scanned items. In that case, a "discrepencies-reason" prop
must be provided.
If the value of the "discrepencies" prop
is "yes", that indicates that there are discrepencies between the inventory and the scanned items. In that case, a "discrepencies-reason" prop
must be provided.
Database Scan Percentage.
Describe how comprehensive the scans were by using the FedRAMP "scan-percentage", "discrepencies", and "ia-manual-review" prop
within the observation
data item.
If the value of the "discrepencies" prop
is "yes", that indicates that there are discrepencies between the inventory and the scanned items. In that case, a "discrepencies-reason" prop
must be provided.
If the value of the "discrepencies" prop
is "yes", that indicates that there are discrepencies between the inventory and the scanned items. In that case, a "discrepencies-reason" prop
must be provided.
Web Scan Percentage.
EXAMPLE - Next Gen Web Application Firewall is blocking requests from scanner.
Describe how comprehensive the scans were by using the FedRAMP "scan-percentage", "discrepencies", and "ia-manual-review" prop
within the observation
data item.
If the value of the "discrepencies" prop
is "yes", that indicates that there are discrepencies between the inventory and the scanned items. In that case, a "discrepencies-reason" prop
must be provided.
If the value of the "discrepencies" prop
is "yes", that indicates that there are discrepencies between the inventory and the scanned items. In that case, a "discrepencies-reason" prop
must be provided.
The type
field designates this observations as an issue with a statement
- in the SSP. Tools can filter on this field to summarize all SSP issues.
The origin
identifies the assessor who found the SSP statement
- issue.
If relevant, evidence can be cited as well using the relevant-evidence
- assembly, such as a screenshot showing a setting is different than stated in the
- SSP.
The type
field designates this observations as an issue with a statement in the SSP. Tools can filter on this field to summarize all SSP issues.
The origin
identifies the assessor who found the SSP statement issue.
If relevant, evidence can be cited as well using the relevant-evidence
assembly, such as a screenshot showing a setting is different than stated in the SSP.
This is a statement about the identified risk as provided by the tool.
-This field must be present, but may be blank (or state 'No Risk Statement' if no - statement is provided by the tool.
+This field must be present, but may be blank (or state 'No Risk Statement' if no statement is provided by the tool.
Describe mitigating factor
-Describe why the cited implementation statement justifies lowering the risk.
Recommended and planned remediation entries should remain when the risk is - closed.
+Recommended and planned remediation entries should remain when the risk is closed.
Simply add the closure-actions field and change the risk-status to "closed".
The assessor may add their recommendation in addition to the tool's - recommendation, or if no tool recommendation is provided.
+The assessor may add their recommendation in addition to the tool's recommendation, or if no tool recommendation is provided.
The assessor should leave the tool recommendation, even if adding their own.
-Recommended and planned remediation entries should remain when the risk is - closed.
+Recommended and planned remediation entries should remain when the risk is closed.
Simply add the closure-actions field and change the risk-status to "closed".
There should be at least one related-observation
for each test method.
- There may be more than one.
This objective only has one method (Examine), so there should be at least one
- related-objservation
.
There should be at least one related-observation
for each test method. There may be more than one.
This objective only has one method (Examine), so there should be at least one related-observation
.
There should be at least one related-observation
for each test method.
- There may be more than one.
This objective only has one method (Examine), so there should be at least one
- related-objservation
.
There should be at least one related-observation
for each test method. There may be more than one.
This objective only has one method (Examine), so there should be at least one related-observation
.
There should be at least one related-observation
for each test method.
- There may be more than one.
This objective has two methods (Examine and Interview), so there should be at least
- two related-objservation
, including at least one observaton of each
- type.
There should be at least one related-observation
for each test method. There may be more than one.
This objective has two methods (Examine and Interview), so there should be at least two related-observation
, including at least one observation of each type.
The implementation-statement-uuid
contains the UUID of the erroneous
- statement in the SSP.
The related-observation
contains the UUID of an observation with details
- about the issue, including a statement and any relevant evidence.
The implementation-statement-uuid
contains the UUID of the erroneous statement in the SSP.
The related-observation
contains the UUID of an observation with details about the issue, including a statement and any relevant evidence.
The UUID for the tool operator must be listed as the party-uuid for the finding. - There may be more than one.
+The UUID for the tool operator must be listed as the party-uuid for the finding. There may be more than one.
When reporting a result for a test such as the spear phishing activity, a risk - assembly is required if the result is to be reported in the Risk Exposure Table.
+When reporting a result for a test such as the spear phishing activity, a risk assembly is required if the result is to be reported in the Risk Exposure Table.
If a penetration test result is favorable, such as to say the SOC detected the - activities appropriately, no risk is required.
-If a penetration test result identifies a vulnerability or deficiency, the risk - assembly is required.
+If a penetration test result is favorable, such as to say the SOC detected the activities appropriately, no risk is required.
+If a penetration test result identifies a vulnerability or deficiency, the risk assembly is required.
FedRAMP is formulating guidelines for handling digital/electronic signatures in - OSCAL, and welcome feedback on solutions.
+FedRAMP is formulating guidelines for handling digital/electronic signatures in OSCAL, and welcome feedback on solutions.
For now, FedRAMP recommends one of the following:
If your organization prefers another approach, please seek prior approval from the - FedRAMP PMO.
+If your organization prefers another approach, please seek prior approval from the FedRAMP PMO.
A tool could use either an rlink or base64 field.
If both are present, FedRAMP tools will give preference to the base64 content.
There may be more than one rlink.
-If there is no base64 field, at lest one of the rlink fields must include a relative - path.
+If there is no base64 field, at lest one of the rlink fields must include a relative path.
@@ -1454,8 +1414,7 @@A tool could use either an rlink or base64 field.
If both are present, FedRAMP tools will give preference to the base64 content.
There may be more than one rlink.
-If there is no base64 field, at lest one of the rlink fields must include a relative - path.
+If there is no base64 field, at lest one of the rlink fields must include a relative path.
A tool could use either an rlink or base64 field.
If both are present, FedRAMP tools will give preference to the base64 content.
There may be more than one rlink.
-If there is no base64 field, at lest one of the rlink fields must include a relative - path.
+If there is no base64 field, at lest one of the rlink fields must include a relative path.
A SAR tool could use either an rlink or base64 field.
If both are present, FedRAMP tools will give preference to the base64 content.
There may be more than one rlink.
-If there is no base64 field, at lest one of the rlink fields must include a relative - path.
+If there is no base64 field, at lest one of the rlink fields must include a relative path.
A SAR tool could use either an rlink or base64 field.
If both are present, FedRAMP tools will give preference to the base64 content.
There may be more than one rlink.
-If there is no base64 field, at lest one of the rlink fields must include a relative - path.
+If there is no base64 field, at lest one of the rlink fields must include a relative path.
A SAR tool could use either an rlink or base64 field.
If both are present, FedRAMP tools will give preference to the base64 content.
There may be more than one rlink.
-If there is no base64 field, at lest one of the rlink fields must include a relative - path.
+If there is no base64 field, at lest one of the rlink fields must include a relative path.
diff --git a/src/content/rev5/templates/ssp/xml/FedRAMP-SSP-OSCAL-Template.xml b/src/content/rev5/templates/ssp/xml/FedRAMP-SSP-OSCAL-Template.xml index db8e111bc..6a9e03df0 100644 --- a/src/content/rev5/templates/ssp/xml/FedRAMP-SSP-OSCAL-Template.xml +++ b/src/content/rev5/templates/ssp/xml/FedRAMP-SSP-OSCAL-Template.xml @@ -20,8 +20,7 @@Replace sample CSP information.
-CSP informaton must be present and associated with the "cloud-service-provider" role via responsible-party
.
CSP information must be present and associated with the "cloud-service-provider" role via responsible-party
.
Remarks are required otherwise.
Lastly, provide any supporting notes on FIPS status (e.g. historical) or lack of FIPS compliance (e.g., Module in Process).
-For example, any supporting notes on FIPS status (e.g. historical) or lack of FIPS compliance (e.g., Module in Process).
-If the leveraged system owner provides a UUID for their system (such as in an OSCAL-based CRM), it should be reflected in the inherited-uuid
property.
Must include all levereged services and features fromthe leveraged authorization here.
+Must include all leveraged services and features from the leveraged authorization here.
If the leveraged system owner provides a UUID for their service (such as in an OSCAL-based CRM), it should be reflected in the inherited-uuid
property.
Must include all levereged services and features fromthe leveraged authorization here.
+Must include all leveraged services and features from the leveraged authorization here.
If "other", remarks are required. Optional otherwise.
-Describe the service
Email Service
Describe how AC-2, part a is statisfied within this sytem.
-This points to the "Ths System" component, and is used any time a more specific component reference is not available.
+Describe how AC-2, part a is satisfied within this system.
+This points to the "This System" component, and is used any time a more specific component reference is not available.
The component-uuid above points to the "this system" component.
Any control response content that does not cleanly fit another system component is placed here. This includes customer responsibility content.
This can also be used to provide a summary, such as a holistic overview of how multiple components work together.
-While the "this system" component is not expclicity required within every statement
, it will typically be present.
While the "this system" component is not explicitly required within every statement
, it will typically be present.
Consumer-appropriate description of what may be inherited as provided by the leveraged system.
In the context of this component in satisfaction of AC-2, part a.
The provided-uuid
links this to the same statement in the leveraged system's SSP.
It may be linked directly, but is more commonly provided via an OSCAL-based CRM (Inheritence and Responsibility Model).
+It may be linked directly, but is more commonly provided via an OSCAL-based CRM (Inheritance and Responsibility Model).
Description of how the responsibility was satisfied.
The responsibility-uuid
links this to the same statement in the leveraged system's SSP.
It may be linked directly, but is more commonly provided via an OSCAL-based CRM (Inheritence and Responsibility Model).
-Tools should use this to ensure all identified customer responsiblity
statements have a corrisponding satisfied
statement in the leveraging system's SSP.
It may be linked directly, but is more commonly provided via an OSCAL-based CRM (Inheritance and Responsibility Model).
+Tools should use this to ensure all identified customer responsibility
statements have a corresponding satisfied
statement in the leveraging system's SSP.
Tool developers should be mindful that
Describe the plan to complete the implementation.
-Describe how the control is satisfied within the system.
-For the portion of the control satisfied by the service provider, describe how the control is met.
-Describe how this policy component satisfies part a.
Component approach. This links to a component representing the Policy.
That component contains a link to the policy, so it does not have to be linked here too.
-Describe how this procedure component satisfies part a.
Component approach. This links to a component representing the procedure.
That component contains a link to the procedure, so it does not have to be linked here too.
-AC Policy document
CM Policy document
CP Policy document
IA Policy document
IR Policy document
MA Policy document
MP Policy document
PE Policy document
PL Policy document
PS Policy document
RA Policy document
SA Policy document
SC Policy document
SI Policy document
SR Policy document
AC Procedure document
AT Procedure document
AU Procedure document
CA Procedure document
CM Procedure document
CP Procedure document
IR Procedure document
MA Procedure document
MP Procedure document
PE Procedure document
PL Procedure document
PS Procedure document
RA Procedure document
SA Procedure document
SR Procedure document
User's Guide