From c8e69a727f77ea7d842c8f4795ed939d2ed8adc0 Mon Sep 17 00:00:00 2001 From: Dimitri Zhurkin Date: Thu, 3 Aug 2023 14:02:06 -0600 Subject: [PATCH] Rev 5 additional changes to core requirements, response points, technical and automation controls --- .../rev5/resources/xml/FedRAMP_extensions.xml | 1760 +++++ .../rev5/resources/xml/fedramp_threats.xml | 397 ++ .../rev5/resources/xml/fedramp_values.xml | 639 ++ .../rev5/resources/xml/information-types.xml | 6000 +++++++++++++++++ 4 files changed, 8796 insertions(+) create mode 100644 src/content/rev5/resources/xml/FedRAMP_extensions.xml create mode 100644 src/content/rev5/resources/xml/fedramp_threats.xml create mode 100644 src/content/rev5/resources/xml/fedramp_values.xml create mode 100644 src/content/rev5/resources/xml/information-types.xml diff --git a/src/content/rev5/resources/xml/FedRAMP_extensions.xml b/src/content/rev5/resources/xml/FedRAMP_extensions.xml new file mode 100644 index 000000000..66d0c6592 --- /dev/null +++ b/src/content/rev5/resources/xml/FedRAMP_extensions.xml @@ -0,0 +1,1760 @@ + + + + [EXPERIMENTAL] FedRAMP Extensions + 2023-06-30T00:00:00Z + 2023-07-05T00:00:00Z + fedramp2.0.0-oscal1.0.4 + 1.0.4 + + + 2023-06-30T00:00:00Z + DRAFT-01 + + +

Initial draft for fedramp2.0.0-oscal1.0.4 release. Subject to change.

+ + + + 2023-07-06T00:00:00Z + DRAFT-02 + +

Updated remarks for deprecated extensions, and added new rev5 extensions.

+

The bindings and constraints for the new rev5 extensions are pending and will be added in a future revision.

+ + + + 2023-07-12T00:00:00Z + DRAFT-03 + +

Minor edits.

+ + + + + + Prepared By + +

The organization that prepared this content.

+ + + + + Federal Risk and Authorization Management Program: Program Management Office + FedRAMP PMO + + info@fedramp.gov +
+ 1800 F St. NW + + Washington + DC + + US +
+ +

This party entry must be present in a FedRAMP SSP.

+

The uuid may be different; however, the uuid must be associated with the "fedramp-pmo" role in the responsible-party assemblies.

+ + + + + 77e0e2c8-2560-4fe9-ac78-c3ff4ffc9f6d + + + +

This EXPERIMENTAL file extends OSCAL to meet FedRAMP requirements.

+

It provides the extensions, defined identifiers, and acceptable values in a machine-readable format necessary to meet FedRAMP Authorization Package requirements.

+ + + + + + + + + + +

This document only.

+ + + + + +

Select documents.

+ + + + + +

Entire stack.

+ + + + + + + + + + + + + + + response-point + Response Point + A property whose presence indicates its parent part is a required point of response for FedRAMP stakeholders. + + + + + + + + + + + + +

This appears in FedRAMP profiles and resolved profile catalogs.

+

For control statements, it signals to the CSP which statements require a response in the SSP.

+

For control objectives, it signals to the assessor which control objectives must appear in the assessment results, which aligns with the FedRAMP test case workbook.

+ + + + + party-uuid + Party Identifier + Identifies the party who authored this revision. + + + + + + + +

On the revision element in the revision history, the party-uuid extension must match the UUID of an existing party in the metadata.

+ + + + + + + + + iso-iec-17020-identifier + ISO/IEC 17020 Identifier + The ISO/IEC-17020 identifier assigned to the assessor related to their status as an A2LA Accredited Third Party Assessment Organization. + + + + + + + + + + CORE + Core Control + Identifies a control that must be included in every FedRAMP assessment. + + + + + + + + +

Core controls must be assessed every year, and are often subject to additional scrutiny by assessors and adjudication reviewers.

+ + + + + security-eauth-level + eAuth Level (OVERALL) + The overall electronic authentication (eAuth) level applied to the system. + + + + + + + + + The overall eAuth Level is defined as Level 1 (Low). + The overall eAuth Level is defined as Level 2 (Moderate). + The overall eAuth Level is defined as Level 3 (High). + + + +

Deprecated.

+ + + + + authorization-type + Authorization Type + Identifies the FedRAMP authorization type. + + + + + + A FedRAMP Joint Authorization Board (JAB) Provisional-Authorization to Operate (P-ATO). + A FedRAMP Agency Authorization to Operate (ATO). + A FedRAMP Tailored authorization to operate (ATO) for low impact Software as a Service (LI-SaaS) systems. + + + + + + users-internal + Internal Users + The current number of users internal to the organization. + + + + + + + + + users-external + External Users + The current number of users external to the organization. + + + + + + + + + users-internal-future + Future Internal Users + The anticipated number of users internal to the organization in one year. + + + + + + + + + users-external-future + Future External Users + The anticipated number of users external to the organization in one year. + + + + + + + + + privacy-designation + Privacy Designation + Indicates whether this system is privacy sensitive. + + + + + + Privacy Sensitive + Not Privacy Sensitive + + + +

Deprecated.

+ + + + + privacy-threshold-analysis-q1 + Privacy Threshold Analysis Q1 + Does the ISA collect, maintain, or share PII in any identifiable form? + + + + + + Yes, the ISA collects, maintains, or shares some form of PII. + No, the ISA does not collect, maintain, or share PII in any form. + + + +

Deprecated.

+ + + + + privacy-threshold-analysis-q2 + Privacy Threshold Analysis Q2 + Does the ISA collect, maintain, or share PII from or about the public? + + + + + + Yes, the ISA collects, maintains, or shares PII from or about the public. + No, the ISA does not collect, maintain, or share PII from or about the public. + + + +

Deprecated.

+ + + + + privacy-threshold-analysis-q3 + Privacy Threshold Analysis Q3 + Has a Privacy Impact Assessment (PIA) ever been performed for the ISA? + + + + + + Yes, a PIA has been performed. + No, a PIA has not been performed.. + + + +

Deprecated.

+ + + + + privacy-threshold-analysis-q4 + Privacy Threshold Analysis Q4 + Is there a Privacy Act System of Records Notice (SORN) for this ISA system? + + + + + + Yes, there is a SORN ID for this system. + No, there is not a SORN ID for this system. + + + +

Deprecated.

+ + + + + sorn-id + SORN ID + An assigned System of Records Notice (SORN) identifier for this system. + + + + + + + +

Deprecated.

+ + + + + sensitivity + User Sensitivity Level + Defines the sensitivity level of the identified user type. + + + + + + Misuse of the user's access could result in grave damage to the public's trust. + Misuse of the user's access could result in a substantial degree of harm or serious damage to the public’s trust. + Misuse of the user's access could result in a fair amount of harm or serious damage to the public’s trust. + Misuse of the user's access could result in some harm or discernible damage to the public’s trust. + The user does not have access to the system. + + + +

Values are as required by FedRAMP for packages based on NIST 800-53, Revision 4.

+

Authoritative source: OPM Position Designation (Page 18).

+ + + + + service-processor + Service Processor + Name of the interconnection service processor. + + + + + + + + information + Transmitted Information + Describes the information transmitted over the interconnection. + + + + + + + + + asset-type + Asset Type + Identifies the type of asset. + + + + + + Operating System + Database + Service + Policy + Process + Procedure + Private Branch Exchange + Firewall + Router + Switch + Storage Array + + + + + + interconnection-direction + Interconnection Direction + Identifies the direction of information flow for the interconnection. + + + + + Incoming + Outgoing + Bi-Directional + + + +

Deprecated.

+

Use core OSCAL "direction" prop instead.

+ + + + + interconnection-security + Interconnection Security + Identifies the type of security applied to the interconnection. + + + + + IPsec + Virtual Private Network + Secure Socket Layer + Certificate + Secure File Transfer + Other + + + + + + inventory-item-state + Different states of inventory items: public, private, et cetera. + Indicates if the asset is virtual. + + + + + + + + + + + + Yes + No + + + +

Deprecated.

+

Use core OSCAL "public" and "virtual" prop instead.

+ + + + + circuit + Service Processor + A circuit used for the communication. + + + + + + + + + interconnection-security + Interconnection Security + Identifies the mechanisms/protocol(s) used to secure the communication. + + + + + + IPsec + Virtual Private Network + Secure Socket Layer + Certificate + Secure File Transfer + Other + + + +

Renamed from "connection-security" to "interconnection-security".

+ + + + + used-by + Service Used By + Identifies what uses the service. + + + + + + + + + scan-type + Scan Type + Identifies the type(s) of scans to be performed on this inventory-item or component. + + + + + + + + + + + The component or inventory item is included in operating system (OS) and/or infrastructure scans. + The component or inventory item is included in Database scans. + The component or inventory item is included in Web interface/application scans. + The component or inventory item is included in non-typical scans. + + + + + + planned-completion-date + Planned Completion Date + Provides the date the control expects to be implemented. Must be present when Implementation Status is "Planned" + + + + + + + + + authorization-recommendation + Authorization Recommendation + Indicates whether the assessor recommends the system be authorized by the authorizing official. + + + + + + Yes, the assessor recommends the system for authorization. + No, the assessor does not recommend the system for authorization. + + + +

Deprecated.

+

Use "recommend-authorization" prop instead.

+ + + + + title-short + Short Title + The short name for the system represented in the resource. + + + + + + + + + + + + + + system-id + System Identifier + The FedRAMP-assigned identifier for this system. + + + + + + + + + + + + + + import-profile + Profile + The baseline/profile for this system based on its FIPS-199 categorization. + + + + + + + + + + + + + + authorization-date + Authorization Date + The date the system was authorized. Omit or leave blank for an initial authorization. + + + + + + + + + + + + + + purpose + Purpose + Explains the system's purpose. + + + + + + + + + + + + + + description + Description + A brief description of the system. + + + + + + + + + + + +

Deprecated.

+ + + + + sampling + Sampling + Indicates whether a sampling methodology was used instead of assessing the entire system. + + + + + + + Yes, a sampling methodology was used. + No, a sampling methodology was not used. + + + + + + control-objective-implementation-status + Objective Implementation Status + Indicates the implementation status of the control objective. + + + + + + The assessor finds sufficient evidence to agree the control objective is fully implemented. + The assessor finds evidence to suggest a portion of the control objective is implemented and a portion is not. + The assessor finds this control objective is not implemented, but there is evidence the system owner has a plan for implementing it. + The assessor finds evidence of an alternative implementation, which the assessor judges to provide protection similar enough to satisfy this control. + The assessor finds this control objective does not apply to this system. + + + +

Deprecated.

+

Use "implementation-status" prop instead.

+ + + + + implementation-status + Control Implementation Status + Indicates the implementation status of the control. + + + + + + + The assessor finds sufficient evidence to agree the control objective is fully implemented. + The assessor finds evidence to suggest a portion of the control objective is implemented and a portion is not. + The assessor finds this control objective is not implemented, but there is evidence the system owner has a plan for implementing it. + The assessor finds evidence of an alternative implementation, which the assessor judges to provide protection similar enough to satisfy this control. + The assessor finds this control objective does not apply to this system. + + + +

Updated bindings and constraint.

+ + + + + + leveraged-authorization-uuid + Leveraged Authorization + Indicates a leveraged authorization used for this control. + + + + + + +

This is for legacy SSP conversion to OSCAL. The preferred approach is to specify the leveraged system as a component and reference it in the control using by-component.

+ + + + + control-origination + Control Origination + The point(s) from which the control satisfaction originates. + + + + +

When an prop is defined as an extension, a separate constraint assembly is needed to specify data type and allowed values on the @value flag.

+ + + Service Provider (Corporate) + Service Provider (System Specific) + Configured by Customer + Provided by Customer + Inherited + + + + + + title-short + Short System Name + The abbreviated name for the system, such as an acronym. + + + + + + + + + system-id + Short System Name + The FedRAMP-assigned system identifier. + + + + + + + + + import-profile + Relevant Baseline + Identifies the relevant OSCAL baseline. + + + + + + +

As with all URIs in OSCAL, this may contain a URI fragment, which identifies the local resource containing the relevant profile.

+ + + + + system-id + Short System Name + The FedRAMP-assigned system identifier. + + + + + + + + + authorization-date + Authorization Date + The date of the system's initial FedRAMP authorization. + + + + + + + + + login-url + Login URL + The login URL for a web application. + + + + + + + +

Extension renamed from "login-url" to "login-url".

+ + + + + login-id + Login ID + The login ID used to assess the web application. + + + + + + +

Extension renamed from "login-id" to "login-id".

+ + + + + test-type + Test Type + Indicates the type of test represented by the task. + + + + + + This task tests a web application. + + + + + + user-uuid + User Identifier + Cites the SSP defined user role to use for testing. + + + + + + + + + poam-id + POA&M ID + A CSP-assigned POA&M identifier. + + + + + + + + + impacted-control-id + Impacted Control + A control impacted by this POA&M item. + + + + + + +

Impacted control is required in the POA&M and optional in the SAR.

+

It is allowed in the SAR in anticipation of duplicating open risks from the SAR to the POA&M.

+ + + + + priority + Risk Priority + Assessor's recommended risk priority. Lower numbers are higher priority. One (1) is highest priority. + + + + + + + + + + recommend-authorization + Assessor's Authorization Recommendation + Indicates the assessor's recommendation for initial or continued authorization. + + + + + + The assessor recommends initial or continued authorization. + The assessor does not recommend initial or continued authorization. + + + + + + likelihood + Likelihood + The likelihood of a risk. + + + Low + Moderate + High + + + + + vulnerability-id + Vulnerability Identifier + A tool assigned vulnerability ID. + + + + + + + + + + plugin-id + Plugin Identifier + A tool assigned Plugin ID. + + + + + + + + + + operational-requirement + Operational Requirement + The risk cannot be remediated without impact to the system and must be accepted. + + + + + + + + + A possible operational requirement is being investigated. + An operational requirement deviation request was submitted to the AO and is pending adjudication. + The operational requirement has been approved by the AO. + The operational requirement was withdrawn. + + + + + + false-positive + False Positive + The risk was found to be a false positive report. + + + + + + + + + A possible risk adjustment is being investigated. + A false positive deviation request was submitted to the AO and is pending adjudication. + The false positive has been approved by the AO. + The false positive was withdrawn. + + + + + + risk-adjustment + Risk Adjustment + Mitigating factors were identified or implemented, reducing the likelihood or impact of the risk. + + + + + + + + + A possible risk adjustment is being investigated. + A risk adjustment deviation request was submitted to the AO and is pending adjudication. + The risk adjustment has been approved by the AO. + The risk adjustment was withdrawn. + + + + + + vendor-dependency + Vendor Dependency + A vendor resolution is pending, but not yet available. + + + + + + + + + The risk is a suspected vendor dependency, and is being investigated for verification. + The vendor has confirmed the issue and is working on a resolution. + The vendor released the fix and it has been applied. + The vendor dependency was withdrawn. + + + + + + + + + + assessment-type + Assessment Type + The type of assessment (e.g., initial authorization, annual assessment, assessment for a significant change, or another type of assessment). + + + +

Added for rev 5 templates.

+ + + + + authentication-method + Authentication Method + The authentication method(s) for users of a leveraged service or external interconnection. Refer to for authentication methods NIST 800-63B (https://pages.nist.gov/800-63-3/sp800-63b.html) for authentication methods + + + +

Added for rev 5 templates.

+ + + + + authorized-users + Authorized Users + The users or roles that can access the leveraged service or external interconnection. + + + +

Added for rev 5 templates.

+ + + + + cryptographic-module-usage + Cryptographic Module Usage + The cryptographic module is used for data at rest (DAT) or data in transit (DIT). + + + +

Added for rev 5 templates.

+ + + + + csp-validated + CSP Validated + The CSP ensured the independent assessor team roles are appropriately filled. + + + +

Added for rev 5 templates.

+ + + + + discrepancies + Discrepancies + Any discrepancies between inventory that was in scope for the planned assessment and the assets in the assessment results. + + + +

Added for rev 5 templates.

+ + + + + discrepancies-reason + Discrepancies Reason + The justification or reason for any discrepancies between inventory that was in scope for the planned assessment and the assets in the assessment results. + + + +

Added for rev 5 templates.

+ + + + + fully-operational-date + Fully Operational Date + The date when security control implementations for the appropriate control baseline was completed. + + + +

Added for rev 5 templates.

+

“Fully operational” means there are no “gaps” in the security control baseline implementations for the system. The CSP attests that the security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements.

+ + + + + ia-manual-review + IA Manual Review + Confirmation that the independent assessor performed a manual review of (scan) configuration files to analyze for existing vulnerabilities. + + + +

Added for rev 5 templates.

+ + + + + ia-validated + IA Validated + The independent assessor ensured the assessment team roles are appropriately filled. + + + +

Added for rev 5 templates.

+ + + + + impact-level + Impact Level + The impact level of a leveraged authorization. + + + +

Added for rev 5 templates.

+ + + + + interconnection-compliance + Interconnection Compliance + Any (security) compliance certifications the third party external service has (e.g., PCI SOC 2, CSA STAR Level 2, etc.). + + + +

Added for rev 5 templates.

+ + + + + interconnection-data-categorization + Interconnection Data Categorization + The security impact level of the data (Low, Moderate, High), processed by or stored in the external service, in accordance with FIPS 199 & NIST 800-60 Vol. 2. + + + +

Added for rev 5 templates.

+ + + + + interconnection-data-type + Interconnection Data Type + The type of data / information processed by or stored in the external service, in accordance with NIST 800-60 Vol. 2. + + + +

Added for rev 5 templates.

+ + + + + interconnection-hosting-environment + Interconnection Hosting Environment + A description of the hosting environment (e.g., corporate network, IaaS, or self-hosted) for the external service. + + + +

Added for rev 5 templates.

+ + + + + interconnection-risk + Interconnection Risk + A description of the potential risks introduced by the external system/service and impact to the CSO or federal data if the confidentiality, integrity, and availability (CIA) of the system/service is compromised. + + + +

Added for rev 5 templates.

+ + + + + interconnection-type + Interconnection Type + Numeric indicator of the type of interconnection, where 1 = Non-FedRAMP Authorized Cloud Services, 2 = Corporate Shared Services, and 3 = Update Services for In-Boundary Software/Services. + + + +

Added for rev 5 templates.

+ + + + + ipv4-address + IPv4 Address + The IP address of a component, inventory item, or other asset. + + + +

Added for rev 5 templates.

+

Core OSCAL has an "ipv4-address" prop which can be used for certain component types and for inventory items. This extension can be used instead, and is also applicable for other assemblies such as assessment-platform.

+ + + + + ipv4-subnet + IPv4 Subnet + The subnet for a component of inventory item. + + + +

Added for rev 5 templates.

+ + + + + kev-catalog + KEV Catalog + Indicates if this vulnerability is on the CISA Known Exploited Vulnerabilities (KEV) Catalog. + + + +

Added for rev 5 templates.

+

In accordance with Binding Operational Directive (BOD) 22-01, CSPs must track their vulnerabilities against the KEV catalog.

+ + + + + kev-due-date + Due Date + The KEV catalog specified due date by which the vulnerability must be remediated. + + + +

Added for rev 5 templates.

+

In accordance with Binding Operational Directive (BOD) 22-01, CSPs must track their vulnerabilities against the KEV catalog.

+ + + + + label + Test ID + The test ID for the manual test method. + + + +

Added for rev 5 templates.

+ + + + + leveraged-system-identifier + leveraged-system-identifier + The identifier corresponding to the FedRAMP package ID. + + + +

Added for rev 5 templates.

+ + + + + name + Tool Name + The product or tool name for a component or inventory item. + + + +

Added for rev 5 templates.

+ + + + + nature-of-agreement + Nature of Agreement + Any type of agreement between a CSP and the leveraged CSP vendors who support products (e.g., End User Licensing Agreement (EULA), Service-Level Agreement (SLA), App License Agreement, Contract, etc.). + + + +

Added for rev 5 templates.

+ + + + + resolution-resource + Resolution Resource + The back-matter resource reference used to determine which FedRAMP validation rule sets apply. + + + +

Added for rev 5 templates.

+ + + + + scan-percentage + Scan Percentage + The scan coverage + + + +

Added for rev 5 templates.

+ + + + + significant-changes-scope + Significant Changes Scope + The general quantity of significant change(s) in scope. + + + +

Added for rev 5 templates.

+ + + + + sort-id + Sort ID + Identifier for sort ordering content. + + + +

Core OSCAL has a "sort-id" prop, however this "sort-id" extension can be applied to any assembly that provided information which may need to be rendered in a specific order. The step assembly is an example of this.

+ + + + + still-supported + Still Supported + Specify if the product / component is still supported by the vendor / manufacturer. + + + +

Added for rev 5 templates.

+ + + + + type + Type + The "type" of back-matter resource. + + + +

Added for rev 5 templates.

+

Locally defined resource types.

+ + + + + vendor-name + Vendor Name + The vendor or manufacturer of a component or inventory item. + + + +

Added for rev 5 templates.

+ + + + + + + + Observation Types + In addition to the NIST observation types, FedRAMP requires observation types to support risk deviations and vendor dependencies. + + + + The observation provides evidence of reliance on a vendor for a pending resolution that is not yet available. + The observation provides evidence the associated risk is a false positive finding. + The observation provides evidence to substantiate the assertion that remediating the risk will have an adverse impact on the system. + The observation provides evidence to justify an adjustment to the likelihood or impact values. + The observation provides evidence of risk closure. + + + + + Impacted Control + The impacted control field is optional in the SAR, but helpful in anticipation of copying open risks to the POA&M. + + + + + + Impacted Control + At least one impacted control field is required in the POA&M. + + + + + + Control Origination + The point(s) from which the control satisfaction originates. + + + + Service Provider (Corporate) + Service Provider (System Specific) + Configured by Customer + Provided by Customer + Inherited + + + + + Control Implementation Status Constraints + Defines the data type and allowed values for the Control Implementation Status + + + + The assessor finds sufficient evidence to agree the control objective is fully implemented. + The assessor finds evidence to suggest a portion of the control objective is implemented and a portion is not. + The assessor finds this control objective is not implemented, but there is evidence the system owner has a plan for implementing it. + The assessor finds evidence of an alternative implementation, which the assessor judges to provide protection similar enough to satisfy this control. + The assessor finds this control objective does not apply to this system. + + +

When an extension is an prop, the data type and allowed values must be defined in a separate constraint.

+ + + + + Control Implementation Status Constraints + Remarks are required for certain Control Implementation Status values. + + + + + + + FedRAMP Facet System Constraints + + + + + + + + + + Planned Implementation Date Exists + If the control implementation status is "Planned" a "Planned Implementation Date" must be provided. + 3.1 + + + + + + +

In the SSP, if implemented-requirement includes prop[@name='implementation-status'] with value='planned', a planned-completion-date extension must be provided.

+ + + + + Port Class Exists + If a port number is provided as part of an interconnection, Local or Remote must be specified. + + + +

The port field is a FedRAMP extension - a property assigned to a component with a component type of 'interconnection'.

+

When this extension is present, it must include a @class flag with a value of either 'local' or 'remote'.

+ + + + + Port Class Valid Values + If a port number is provided as part of an interconnection, Local or Remote must be specified. + + + The identified port number is used by the interconnected system to communicate with this system. + The identified port number is used by this system to communicate with the interconnected system. + + +

The port field is a FedRAMP extension - a property assigned to a component with a component type of 'interconnection'.

+

When this extension is present, it must include a @class flag with a value of either 'local' or 'remote'.

+ + + + + Additional Component Types + Identifies additional component types for Assessment Assets in the SAP and SAR. + + + + The component identifies one or more IP addresses from which assessment activities may be performed. + + +

For FedRAMP, the SAP must identify the IP addresses from which scanning and penetration test activities are performed, and the SAR must identify the actual IP addresses used.

+

This requires an additional component type in the SAP's assessment-assets, and in the SAR's result, local-definitions, assessment-assets.

+ + + + + + + + + + General Role Identifiers + FedRAMP additional roles identifiers. + + + The FedRAMP Program Management Office (PMO) + The FedRAMP Joint Authorization Board (JAB) + Cloud Service Provider + Cloud Service Provider Operations Center + + +

These are in addition to the NIST-defined allowed values for role identifiers, and apply to all OSCAL-based FedRAMP content.

+ + + + + Assessment Role Identifiers + FedRAMP additional roles identifiers. + + + Assessor + Assessment Team + Assessment Lead + Assessment Executive + Cloud Service Provider Assessment Point(s) of Contact + Cloud Service Provider End of Testing Point(s) of Contact + Cloud Service Provider Point(s) of Contact + Penetration Test Team + Penetration Test Lead + + +

These are in addition to the NIST-defined allowed values for role identifiers, and apply to OSCAL-based FedRAMP SAP and SAR content.

+ + + + + hash-algorithm + Hash Algorithm + Identifies the algorithm used to create the hash value of the attachment. + + + SHA-224 + SHA-256 + SHA-384 + SHA-512 + RIPEMD-160 + + + + + Attachment/Resource Types + FedRAMP additional attachment/resource types. + + + Law or Statute + Regulation or Directive + Industry Standard + Guidance + Policy + Procedure + Guidance Document + Rules of Behavior + Plan + System Security Plan + Artifact + Evidence + Screen Shot + Image + Tool Report + Raw Tool Output + Interview Notes + Questions + Report + FedRAMP Citations + FedRAMP Acronyms + FedRAMP Logo + Separation of Duties Matrix + Logo + + + Personal Identifiable Information (PII) + Agreement + Interconnection Security Agreement + Incident Response Plan + Incident Security Policies and Procedures + User Guide + Privacy Impact Assessment + Information System Contingency Plan + configuration-management-plan + + +

These are in addition to the NIST-defined allowed values for resource types.

+ + + + + Attachment/Resource Media Types + IANA media-types supported by FedRAMP as attachment/resource types. + + + + application/gzip + application/msword + application/octet-stream + application/pdf + application/vnd.ms-excel + application/vnd.ms-works + application/vnd.oasis.opendocument.graphics + application/vnd.oasis.opendocument.presentation + application/vnd.oasis.opendocument.spreadsheet + application/vnd.oasis.opendocument.text + application/vnd.openxmlformats-officedocument.presentationml.presentation + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + application/vnd.openxmlformats-officedocument.wordprocessingml.document + application/x-bzip + application/x-bzip2 + application/x-tar + application/zip + image/bmp + image/jpeg + image/png + image/tiff + image/webp + image/svg+xml + text/csv + text/html + text/plain + + +

These are in addition to the NIST-defined allowed values for resource types.

+ + + + + System Identifier Type + Enables an identifier to be formally recognized as being assigned by FedRAMP. + + + FedRAMP-Assigned Identifier + RFC-4122 UUIDv4 Value + + + + + Information Type System + Identifies the system from which the information type was defined. + + + NIST SP 800-60, Volume 2, Revision 1 + + +

FedRAMP only allows information types defined in NIST SP 800-60v2r1.

+ + + + + Security Impact Level + The security objective level as defined by NIST SP 800-60. + + + + + + Low + Moderate + High + + + + + Operational Status (system) + The operational status of the system + + + Operational + Under Development + Major Modification + Alternative Implementation + Other + + +

FedRAMP limits the allowed values from a larger NIST-defined list to only those defined here.

+ + + + + + OPM Position Designation + + 2017-09-01T00:00:00Z + + + + + diff --git a/src/content/rev5/resources/xml/fedramp_threats.xml b/src/content/rev5/resources/xml/fedramp_threats.xml new file mode 100644 index 000000000..da4f3a3ea --- /dev/null +++ b/src/content/rev5/resources/xml/fedramp_threats.xml @@ -0,0 +1,397 @@ + + + + + FedRAMP Defined Threat Table [Experimental] + 2023-06-30T00:00:00Z + 2023-06-30T00:00:00Z + fedramp2.0.0-oscal1.0.4 + 1.0.4 + + + 2023-06-30T00:00:00Z + DRAFT-01 + + +

Initial draft for fedramp2.0.0-oscal1.0.4 release. Subject to change.

+ + + + + + Prepared By + +

The organization that prepared this content.

+ + + + + Federal Risk and Authorization Management Program: Program Management Office + FedRAMP PMO + + info@fedramp.gov +
+ 1800 F St. NW + + Washington + DC + + US +
+ +

This party entry must be present in a FedRAMP SSP.

+

The uuid may be different; however, the uuid must be associated with the "fedramp-pmo" role in the responsible-party assemblies.

+ + + + + 77e0e2c8-2560-4fe9-ac78-c3ff4ffc9f6d + + + +

This file provides the FedRAMP threat table from the MS Word-based FedRAMP SAR template in machine-readable format.

+ + + + + + Threat launched purposefully. + Threat created by unintentional human or machine error. + Threat caused by environmental agents or disruptions. + + + + + + Alteration + P + U + E + +

Alteration of data, files, or records.

+ + Modification + + + Audit Compromise + P + +

An unauthorized user gains access to the audit trail and could cause audit records to be deleted or modified, or prevents future audit records from being recorded, thus masking a security relevant event.

+ + Modification or Destruction + Unavailable Accurate Records + + + Bomb + P + +

An intentional explosion.

+ + Modification or Destruction + Denial of Service + + + Communications Failure + U + E + +

Cut of fiber optic lines, trees falling on telephone lines.

+ + Denial of Service + + + Compromising Emanations + P + +

Eavesdropping can occur via electronic media directed against large scale electronic facilities that do not process classified National Security Information.

+ + Disclosure + + + Cyber Brute Force + P + +

Unauthorized user could gain access to the information systems by random or systematic guessing of passwords, possibly supported by password cracking utilities.

+ + Disclosure + Modification or Destruction + Denial of Service + + + Data Disclosure Attack + P + +

An attacker uses techniques that could result in the disclosure of sensitive information by exploiting weaknesses in the design or configuration.

+ + Disclosure + + + Data Entry Error + U + +

Human inattention, lack of knowledge, and failure to cross-check system activities could contribute to errors becoming integrated and ingrained in automated systems.

+ + Modification + + + Denial of Service Attack + P + +

An adversary uses techniques to attack a single target rendering it unable to respond and could cause denial of service for users of the targeted information systems.

+ + Denial of Service + + + Distributed Denial of Service Attack + P + +

An adversary uses multiple compromised information systems to attack a single target and could cause denial of service for users of the targeted information systems.

+ + Denial of Service + + + Earthquake + E + +

Seismic activity can damage the information system or its facility. Refer to the following document for earthquake probability maps http://pubs.usgs.gov/of/2008/1128/pdf/OF08-1128_v1.1.pdf

+ + Destruction + Denial of Service + + + Electromagnetic Interference + P + E + +

Disruption of electronic and wire transmissions could be caused by high frequency (HF), very high frequency (VHF), and ultra-high frequency (UHF) communications devices (jamming) or sun spots.

+ + Denial of Service + + + Espionage + P + +

The illegal covert act of copying, reproducing, recording, photographing or intercepting to obtain sensitive information.

+ + Disclosure + Modification + + + Fire + P + E + +

Fire can be caused by arson, electrical problems, lightning, chemical agents, or other unrelated proximity fires.

+ + Destruction + Denial of Service + + + Floods + E + +

Water damage caused by flood hazards can be caused by proximity to local flood plains. Flood maps and base flood elevation must be considered.

+ + Destruction + Denial of Service + + + Fraud + P + +

Intentional deception regarding data or information about an information system could compromise the confidentiality, integrity, or availability of an information system.

+ + Disclosure + Modification or Destruction + Denial of Service + + + Hardware or Equipment Failure + E + +

Hardware or equipment may fail due to a variety of reasons.

+ + Denial of Service + + + Hardware Tampering + P + +

An unauthorized modification to hardware that alters the proper functioning of equipment in a manner that degrades the security functionality the asset provides.

+ + Modification + Denial of Service + + + Hurricane + E + +

A category 1, 2, 3, 4, or 5 land falling hurricane could impact the facilities that house the information systems.

+ + Destruction + Denial of Service + + + Malicious Software + P + +

Software that damages a system such a virus, Trojan, or worm.

+ + Modification or Destruction + Denial of Service + + + Phishing Attack + P + +

Adversary attempts to acquire sensitive information such as usernames, passwords, or SSNs, by pretending to be communications from a legitimate/trustworthy source.

+

Typical attacks occur via email, instant messaging, or comparable means; commonly directing users to Web sites that appear to be legitimate sites, while actually stealing the entered information.

+ + Disclosure + Modification or Destruction + Denial of Service + + + Power Interruptions + E + +

Power interruptions may be due to any number of reasons such as electrical grid failures, generator failures, uninterruptable power supply failures (e.g. spike, surge, brownout, or blackout).

+ + Denial of Service + + + Procedural Error + U + +

An error in procedures could result in unintended consequences.

+ + Disclosure + Modification or Destruction + Denial of Service + + + Procedural Violations + P + +

Violations of standard procedures.

+ + Disclosure + Modification or Destruction + Denial of Service + + + Resource Exhaustion + U + +

An errant (buggy) process may create a situation that exhausts critical resources preventing access to services.

+ + Denial of Service + + + Sabotage + P + +

Underhand interference with work.

+ + Modification or Destruction + Denial of Service + + + Scavenging + P + +

Searching through disposal containers (e.g. dumpsters) to acquire unauthorized data.

+ + Disclosure + + + Severe Weather + E + +

Naturally occurring forces of nature could disrupt the operation of an information system by freezing, sleet, hail, heat, lightning, thunderstorms, tornadoes, or snowfall.

+ + Destruction + Denial of Service + + + Social Engineering + P + +

An attacker manipulates people into performing actions or divulging confidential information, as well as possible access to computer systems or facilities.

+ + Disclosure + + + Software Tampering + P + +

Unauthorized modification of software (e.g. files, programs, database records) that alters the proper operational functions.

+ + Modification or Destruction + + + Terrorist + P + +

An individual performing a deliberate violent act could use a variety of agents to damage the information system, its facility, and/or its operations.

+ + Modification or Destruction + Denial of Service + + + Theft + P + +

An adversary could steal elements of the hardware.

+ + Denial of Service + + + Time and State + P + +

An attacker exploits weaknesses in timing or state of functions to perform actions that would otherwise be prevented (e.g. race conditions, manipulation user state).

+ + Disclosure + Modification + Denial of Service + + + Transportation Accidents + E + +

Transportation accidents include train derailments, river barge accidents, trucking accidents, and airlines accidents. Local transportation accidents typically occur when airports, sea ports, railroad tracks, and major trucking routes occur in close proximity to systems facilities. Likelihood of HAZMAT cargo must be determined when considering the probability of local transportation accidents.

+ + Destruction + Denial of Service + + + Unauthorized Facility Access + P + +

An unauthorized individual accesses a facility which may result in comprises of confidentiality, integrity, or availability.

+ + Disclosure + Modification or Destruction + Denial of Service + + + + <origination>P</origination> + <description> + <p>An unauthorized user accesses a system or data. </p> + </description> + <confidentiality-impact>Disclosure</confidentiality-impact> + <integrity-impact>Modification or Destruction</integrity-impact> + </threat> + <threat id="T-37" system="https://fedramp.gov"> + <title>Volcanic Activity + E + +

A crack, perforation, or vent in the earth’s crust followed by molten lava, steam, gases, and ash forcefully ejected into the atmosphere. For a list of volcanoes in the U.S. see: http://volcanoes.usgs.gov/about/volcanoes/volcanolist.php .

+ + Destruction + Denial of Service + + + diff --git a/src/content/rev5/resources/xml/fedramp_values.xml b/src/content/rev5/resources/xml/fedramp_values.xml new file mode 100644 index 000000000..c89a9ecfa --- /dev/null +++ b/src/content/rev5/resources/xml/fedramp_values.xml @@ -0,0 +1,639 @@ + + + + [EXPERIMENTAL] FedRAMP Defined Identifiers and Accepted Values + FedRAMP Data Values (Experimental) + 2023-06-30T00:00:00Z + 2023-06-30T00:00:00Z + fedramp2.0.0-oscal1.0.4 + 1.0.4 + + + 2023-06-30T00:00:00Z + DRAFT-01 + + +

Initial draft for fedramp2.0.0-oscal1.0.4 release. Subject to change.

+ + + + FedRAMP PMO + This EXPERIMENTAL file provides the FedRAMP defined identifiers and acceptable values in a machine-readable format. + + + + + + + + + System Identifier Type + Indicates the source of the unique ID assigned to the system. FedRAMP requires a FedRAMP-assigned identifier; however, additional identifiers may also be provided. + + + FedRAMP-Assigned Identifier + RFC-4122 UUIDv4 Value + + + + + Address Type + The type of address for the party + + + Home + Work + + FedRAMP requires work addresses. + + + + + + Identity Assurance Level + The identity assurance level as defined by NIST SP 800-63, Revision 3. + + + IAL1 + IAL2 + IAL3 + + + + + Authenticator Assurance Level + The authenticator assurance level as defined by NIST SP 800-63, Revision 3. + + + AAL1 + AAL2 + AAL3 + + + + + Federation Assurance Level + The federation assurance level as defined by NIST SP 800-63, Revision 3. + + + FAL1 + FAL2 + FAL3 + + + + + Authorization Type + The FedRAMP Authorization Type + + + FedRAMP JAB P-ATO + FedRAMP Agency ATO + FedRAMP Tailored for LI-SaaS + + + + + Service Model + The cloud service model. + + + Software as a Service + Platform as a Service + Infrastructure as a Service + Other + + + + + Deployment Model + The cloud deployment model. + + + Public Cloud + Private Cloud + U.S. Government Only + Hybrid + Other + + + + + Security Impact Level + The security objective level as defined by NIST SP 800-60. + + + + + + Low + Moderate + High + + + + + Privacy Designation + Indicates whether this system is privacy sensitive. + + + Privacy Sensitive + Not Privacy Sensitive + + + + + Privacy Threshold Analysis (Q1) + Does the ISA collect, maintain, or share PII in any identifiable form? + + + Yes + No + + + + + Privacy Threshold Analysis (Q2) + Does the ISA collect, maintain, share PII info from or about the public? + + + Yes + No + + + + + Privacy Threshold Analysis (Q3) + Has a Privacy Impact Assessment ever been performed for the ISA? + + + Yes + No + + + + + Privacy Threshold Analysis (Q4) + Is there a Privacy Act System of Records Notice (SORN) for this ISA system? + + + Yes + No + + If "yes" a SORN ID must be provided. + + + + Likelihood + The likelihood of a risk. + + + Low + Moderate + High + + + + + Impact Level + The impact level of a risk. + + + Low + Moderate + High + + + + + + + Information Type System + Identifies the system from which the information type was defined. + + + NIST SP 800-60, Volume 2, Revision 1 + + FedRAMP only allows information types defined in NIST SP 800-60v2r1. + + + + Operational Status (system) + The operational status of the system + + + Operational + Under Development + Major Modification + Alternative Implementation + Other + + + + + User Type + Identifies the user type. + + + Internal + External + General Public + + + + + User Privilege + Identifies the privilege level of the user. + + + Privileged + Non-Privileged + No Logical Access + + + + + User Sensitivity level + Identifies the sensitivity level of the user. + + + High Risk + Severe + Moderate + Limited + Not Applicable + + + + + Interconnection Direction + Identifies the direction of information flow for the interconnection. + + + Incoming + Outgoing + Bi-Directional + + + + + Interconnection Security + Identifies the type of security applied to the interconnection. + + + IPsec + Virtual Private Network + Transport-Layer Security + Transport-Layer Security + Certificate Authentication Security + Secure File Transfer + Other + + + + + Component Type + identifies the component type. + + + Software + Hardware + Service + Policy + Process + Procedure + Plan + Guidance + Standard + Validation + This System + Interconnection + + + + + Asset Type + Identifies the type of asset. + + + + Operating System + Database + Service + Policy + Process + Procedure + Private Branch Exchange + Firewall + Router + Switch + Storage Array + + + + + Scan Type + Identifies the type of scan. + + + + Infrastructure and Operating System Scan + Database Scan + Web Scan + Web Scan + + + + + Transport Type + The internet protocol transport type. + + + TCP + UDP + + + + + Virtual + Indicates if the asset is virtual. + + + + Yes + No + + + + + Public + Indicates if the asset is exposed to the public Internet. + + + + Yes + No + + + + + Allows Authenticated Scan + Indicates if the asset is capable of having an authenticated scan. + + + + Yes + No + + if the value is "no", the prop remarks must contain the reason why. + + + + Is Scanned + Indicates if the asset is scan. + + + + Yes + No + + if the value is "no", the prop remarks must contain the reason why. + + + + Control Implementation Status + The implementation status of the control. + + + Implemented + Partially Implemented + Planned + Alternative Implementation + Not Applicable + + + + + Control Origination + The point(s) from which the control satisfaction originates. + + + Service Provider (Corporate) + Service Provider (System Specific) + Configured by Customer + Provided by Customer + Inherited + + + + + Automation Control IDs + The control IDs for implemented requirements that are focused on automation aspects. + + + ac-2.1 + ac-12 + ac-18.3 + au-6.1 + au-3.2 + au-6.4 + au-7.1 + at-3.4 + ca-7 + cm-2.2 + cm-3.1 + cm-3.6 + cm-6.1 + cm-8.2 + cm-8.3 + cm-11 + cp-10 + ir-4.1 + ir-5.1 + ir-6.1 + pe-3 + pe-8.1 + pe-11.1 + pe-13.1 + pe-13.2 + pe-13.3 + pe-15.1 + ps-4.2 + sc-23.1 + si-2.2 + si-3.2 + si-4.2 + si-4.20 + si-5.1 + si-7.2 + si-7.5 + si-8.2 + + + + + Technical Control IDs + The control IDs for implemented requirements that are focused on technical aspects. + + + ac-2.10 + ac-3 + ac-5 + ac-6 + ac-6.1 + ac-6.5 + ac-6.7 + ac-6.9 + ac-6.10 + ac-7 + ac-7.2 + ac-8 + ac-10 + ac-11 + ac-11.1 + ac-17.1 + ac-17.2 + ac-18.1 + ac-19 + ac-19.5 + ac-20 + ac-20.1 + ac-20.2 + ac-21 + au-2.3 + au-5.2 + au-6 + au-6.7 + au-9.2 + au-9.4 + au-11 + cm-5 + cm-5.1 + cm-10 + ia-4.4 + ia-5.4 + ia-6 + ir-2.2 + sc-7.5 + sc-10 + + + + + Attachment Type + Identifies the type of attachment. + + + Law or Statute + Regulation or Directive + Industry Standard + Guidance + Policy + Procedure + Guidance Document + Rules of Behavior + Plan + System Security Plan + Artifact + Evidence + Screen Shot + Image + Tool Report + Raw Tool Output + Interview Notes + Questions + Report + FedRAMP Citations + FedRAMP Acronyms + FedRAMP Logo + Separation of Duties Matrix + Logo + + + Personal Identifiable Information (PII) + Agreement + Interconnection Security Agreement + Incident Response Plan + Incident Security Policies and Procedures + User Guide + Privacy Impact Assessment + Information System Contingency Plan + configuration-management-plan + + Not all values apply to all FedRAMP artifacts. + + + + Hash Algorithm + Identifies the algorithm used to create the hash value of the attachment. + + + SHA-224 + SHA-256 + SHA-384 + SHA-512 + RIPEMD-160 + + + + + Defined Role Identifiers + Identifies the type of role for a responsible party. + + + Assessor + Assessment Team + Assessment Lead + Assessment Executive + Cloud Service Provider + Cloud Service Provider Operations Center + Cloud Service Provider Assessment Point(s) of Contact + Cloud Service Provider End of Testing Point(s) of Contact + Cloud Service Provider Point(s) of Contact + FedRAMP Project Management Office (PMO) + FedRAMP Joint Authorization Board (JAB) + Penetration Test Team + Penetration Test Lead + + + + + Resource Media Types + A subset of IANA media types expected to be encountered. + + + + application/gzip + application/msword + application/octet-stream + application/pdf + application/vnd.ms-excel + application/vnd.ms-works + application/vnd.oasis.opendocument.graphics + application/vnd.oasis.opendocument.presentation + application/vnd.oasis.opendocument.spreadsheet + application/vnd.oasis.opendocument.text + application/vnd.openxmlformats-officedocument.presentationml.presentation + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + application/vnd.openxmlformats-officedocument.wordprocessingml.document + application/x-bzip + application/x-bzip2 + application/x-tar + application/zip + image/bmp + image/jpeg + image/png + image/tiff + image/webp + image/svg+xml + text/csv + text/html + text/plain + application/xml + text/xml + application/json + application/yaml + + + + diff --git a/src/content/rev5/resources/xml/information-types.xml b/src/content/rev5/resources/xml/information-types.xml new file mode 100644 index 000000000..d51f714c7 --- /dev/null +++ b/src/content/rev5/resources/xml/information-types.xml @@ -0,0 +1,6000 @@ + + + + FedRAMP Acceptable Information Types (Experimental) + 2023-06-30T00:00:00Z + 2023-06-30T00:00:00Z + fedramp2.0.0-oscal1.0.4 + 1.0.4 + + + 2023-06-30T00:00:00Z + DRAFT-01 + + +

Initial draft for fedramp2.0.0-oscal1.0.4 release.

+ + + + + + + + Prepared By + +

The organization that prepared this content.

+ + + + + Federal Risk and Authorization Management Program: Program Management Office + FedRAMP PMO + + info@fedramp.gov +
+ 1800 F St. NW + + Washington + DC + + US +
+ +

This party entry must be present in a FedRAMP SSP.

+

The uuid may be different; however, the uuid must be associated with the "fedramp-pmo" role in the responsible-party assemblies.

+ + + + + 77e0e2c8-2560-4fe9-ac78-c3ff4ffc9f6d + + + +

FedRAMP only accepts the information types defined in NIST SP 800-60, Volume 2, Revision 1.

+

This DRAFT file provides each of those types and supporting information in machine-readable format.

+

If NIST releases another revision to SP 800-60, Volume 2, FedRAMP will evaluate the change and adjust this file accordingly.

+ + + + + Controls and Oversight + Corrective Action Information Type + +

Corrective Action involves the enforcement functions necessary to remedy programs that have been found non-compliant with a given law, regulation, or policy.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of corrective action information on the ability of responsible agencies to remedy internal or external programs that have been found non-compliant with a given law, regulation, or policy. Unauthorized disclosure of most corrective action information should have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974 or information that is proprietary to a corporation or other organization. Such information will often be assigned a moderate confidentiality impact level. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Additionally, there are legislative mandates prohibiting unauthorized disclosure of trade secrets. + Trade secrets will generally be assigned a moderate confidentiality impact level.

+ + +

The provisional confidentiality impact level recommended for corrective action information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the corrective action information. The availability impact is also dependent on whether the data is time-critical. In most cases, disruption of access to corrective action information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for corrective action information is low.

+ + +

The consequences of undetected unauthorized modification or destruction of corrective action information can conceivably compromise the effectiveness of compliance enforcement actions (e.g., by providing violators with a basis for claiming investigative or enforcement irregularities, thus supporting legal challenges to proposed corrective actions). The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of most corrective action information should have only a limited adverse effect on agency operations, assets, or individuals.

+ + +

The provisional integrity impact level recommended for corrective action information is low.

+ + + + Controls and Oversight + Program Evaluation + +

Program Evaluation involves the analysis of internal and external program effectiveness and the determination of corrective actions as appropriate. The impact levels should be commensurate with the impact levels of the program that is being evaluated. For example, if the program contains very sensitive financial data with moderate impact levels for confidentiality and integrity, the program evaluation impact levels for confidentiality and integrity should also be moderate.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of program evaluation information on the abilities of responsible agencies to analyze internal and external program effectiveness and to determine appropriate corrective actions. The confidentiality impact of program evaluation information is largely event-driven. Once the evaluation has been reported, most program evaluation information is in the public domain. However, premature unauthorized disclosure of program evaluation information can alert personnel associated with programs under evaluation to the focus and preliminary findings of investigative and evaluation activities.

+

Special Factors Affecting Confidentiality Impact Determination: Where a major programs or human safety is at stake, actions taken based on unauthorized disclosure of program evaluation information can pose a threat to human life or a loss of major assets. In such cases, the confidentiality impact is high. Unauthorized disclosure of most program evaluation information often has the potential to seriously affect agency operations. Also, some program evaluation information, particularly in the case of current investigations, includes personal information subject to the Privacy Act of 1974 and/or information that is proprietary to a corporation or other organization. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Additionally, there are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade secrets will generally be assigned a moderate confidentiality impact level. + If the program evaluation information is moved to the public domain, the confidentiality impact level becomes Not Applicable (NA).

+ + +

Because there are many cases in which unauthorized disclosure of program evaluation information will have only a limited adverse effect on agency operations, assets, or individuals, the provisional confidentiality impact level recommended for program evaluation information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the program evaluation information. Although there are time-sensitive exceptions, most program evaluation processes are tolerant of reasonable delays. In most cases, disruption of access to program evaluation information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for program evaluation information is low.

+ + +

The consequences of undetected unauthorized modification or destruction of program evaluation information can compromise the effectiveness of an evaluation program (e.g., by providing false information intended to mislead investigators or evaluators or to give program personnel a basis for claiming investigative or evaluative irregularities). The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Although there are time-sensitive exceptions, unauthorized modification or destruction of most program evaluation information should have only a limited adverse effect on agency operations, assets, or individuals.

+ + +

The provisional integrity impact level recommended for program evaluation information is low.

+ + + + Controls and Oversight + Program Monitoring + +

Program Monitoring involves the data-gathering activities required to determine the effectiveness of internal and external programs and the extent to which they comply with related laws, regulations, and policies. The impact levels should be commensurate with the impact levels of the programs that are being monitored. For example, if a program contains very sensitive financial data with moderate impact levels for confidentiality and integrity, the program monitoring impact levels for confidentiality and integrity should also be moderate.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of program monitoring information on the ability of responsible agencies to perform data-gathering activities required to determine the effectiveness of internal and external programs and the extent to which they comply with related laws, regulations, and policies. Special Factors Affecting Confidentiality Impact Determination: There are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade secrets will generally be assigned a moderate confidentiality impact level. Note that national security information and national security systems are outside the scope of this guideline. Otherwise, where the data being collected belongs to one of the information types described in this guideline, the confidentiality impact assigned the data and system is that of the highest impact information type collected. Unauthorized disclosure of program monitoring information can alert personnel + associated with programs being monitored to the focus and implications of monitoring activities. Where a major programs or human safety is at stake, actions taken based on unauthorized disclosure of program monitoring information can pose a threat to human life or a loss of major assets. In such cases, the confidentiality impact is high. If the program monitoring information is moved to the public domain, the confidentiality impact level becomes Not Applicable (NA).

+ + +

Although there are many circumstances in which serious adverse effects on agency operations, agency assets, or individuals can result to justify a moderate base confidentiality impact level for program monitoring information, in most Federal environments, unauthorized disclosure will have only a limited adverse effect on agency operations, assets, or individuals. Consequently, for most systems, a low provisional confidentiality impact level is recommended for program monitoring information.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the program monitoring information. Although there may be time-sensitive program monitoring situations, more typically, disruption of access to program monitoring information will have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: There are a limited number of compliance monitoring operations for which temporary loss of availability is likely to significantly degrade mission capability, place the agency at a significant disadvantage, result in loss of major assets, or pose a threat to human life. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional availability impact level recommended for program monitoring information is low.

+ + +

The consequences of unauthorized modification or destruction of program monitoring information can compromise the effectiveness of the monitoring program. Although there may be time-sensitive program monitoring situations, the integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The damage likely to be caused by unauthorized modification or destruction of program monitoring information may have consequent serious adverse effects on agency operations or public confidence in the agency.

+ + +

There are some regulatory environments in which a high or moderate impact level is appropriate. For most compliance monitoring information, the recommended provisional integrity impact level is low.

+

Special Factors Affecting Integrity Impact Determination: The consequences can be particularly serious if the destruction or modification of monitoring information invalidates evaluation results concerning major programs or concerning threats to human safety. The integrity impact resulting from unauthorized modification or deletion of program monitoring information depends in part on the nature of the laws or policies with which compliance is being determined and in part on the criticality of the processes being monitored. For example, in the case of safety regulations affecting manned space flight, the integrity impact level may be high.

+ + + + Regulatory Development + Policy and Guidance Development + +

Policy and Guidance Development involves the creation and dissemination of guidelines to assist in the interpretation and implementation of regulations. In most cases, the effect on public welfare of a loss of policy and guidance development mission capability can be expected to be delayed rather than immediate. As a result, the potential for consequent loss of human life or of major national assets is relatively low, since these most catastrophic consequences of impairment to mission capability can, in most cases, be corrected before they are fully realized.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of policy and guidance information on the ability of responsible agencies to create and disseminate guidelines to assist in the interpretation and implementation of regulations. The confidentiality impact of policy and guidance information is largely event-driven. Once a policy or guidance statement has been promulgated, most policy and guidance information is in the public domain. However, premature unauthorized disclosure of candidate policy and guidance material can result in disruption of (and inappropriate influence of special interests on) the policy development process. Special Factors Affecting Confidentiality Impact Determination: The effects of loss of confidentiality of guidelines during the formative stage can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guideline development process. Premature public release of formative + policies and guidelines before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. Delays can impair an agency’s mission, but loss of public confidence can do serious and persistent harm to an agency’s ability to effectively perform its mission. In such cases, the provisional confidentiality impact level recommended for policy and guidance development information is moderate. When the policy and guidance information is in the public domain, the confidentiality impact level becomes Not Applicable (NA).

+ + +

Although there are cases in which unauthorized and premature disclosure of policy and guidance information can result in serious consequences for an agency, most of this information is intended to be available to the general public. Consequently, the provisional confidentiality impact level recommended for policy and guidance development information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the policy and guidance development information. Though some policy and guidance information is time-critical, the policy and guidance development process is usually tolerant of delays.

+ + +

The provisional availability impact level recommended for policy and guidance development information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Some policy and guidance information is time-critical. Unauthorized modification or destruction of information affecting external communications that contain policy and guidance development information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences can be expected to be much more serious in cases of agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.

+ + +

The provisional integrity level recommended for policy and guidance development information is low.

+ + + + Regulatory Development + Public Comment Tracking + +

Public Comment Tracking involves the activities of soliciting, maintaining, and responding to public comments regarding proposed regulations.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of public comment tracking information on the ability of responsible agencies to solicit, maintain, and respond to public comments regarding proposed regulations. The effects of loss of confidentiality of information associated with the public comment process are unlikely to pose the threat of serious harm to agency assets, personnel or operations. In a few cases, the rationale for public comments can include information that is sensitive in terms of proprietary information sensitive Federal government information, or even national security information. However, such cases are exceptional and the information in question would be expected to be representative of information types covered elsewhere in this guideline.

+ + +

The provisional confidentiality impact level recommended for public comment tracking information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the public comment tracking information. The effects of disruption of access to public comment tracking information or information systems can delay development of standards, guidelines, or regulations. The public comment tracking process is usually tolerant of delays. Permanent loss of comment information may disrupt some government operations by showing a lack of due diligence in response to comments.

+ + +

The provisional availability impact level recommended for public comment tracking information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications that contain public comment tracking information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for public comment tracking information is low.

+ + + + Regulatory Development + Regulatory Creation + +

Regulatory Creation involves the activities of researching and drafting proposed and final regulations.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The level of confidentiality impact level is the effect of unauthorized disclosure of regulatory creation information on the ability of responsible agencies to research and draft proposed and final regulations. The effects of loss of confidentiality of early drafts of regulations can result in attempts by affected entities and other affected parties to influence and/or impede the regulation development process. Special Factors Affecting Confidentiality Impact Determination: Premature public release of draft regulations before internal coordination and review has been conducted can result in unnecessary criticism of the proposed regulation and even damage public confidence in the agency. In such cases, the provisional confidentiality impact level recommended for regulatory creation information is moderate. These consequences are particularly likely where the release includes unedited internal commentary and discussion. Delays can impair an agency’s mission, but loss of + public confidence can do serious and persistent harm to an agency’s ability to effectively perform its mission. If the regulatory information is moved to the public domain, the confidentiality impact level becomes Not Applicable (NA).

+ + +

Because most regulatory information is intended for release to the public, the provisional confidentiality impact level recommended for regulatory creation information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the regulatory creation information. The regulatory creation process is usually tolerant of delays.

+ + +

The provisional availability impact level recommended for regulatory creation information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain regulatory information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency. The consequences of a reduction in public confidence will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact level may be at least moderate.

+ + +

The provisional integrity impact level recommended for regulatory creation information is low.

+ + + + Regulatory Development + Rule Publication + +

Rule Publication includes all activities associated with the publication of a proposed or final rule in the Federal Register and Code of Federal Regulations.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of rule publication information on the ability of responsible agencies to publish proposed or final rules in the Federal Register and Code of Federal Regulations. The published rules are, by definition, public information. The effects of loss of confidentiality of information associated with the rule publication process are unlikely to pose the threat of serious harm to agency assets, personnel or operations.

+ + +

In general, the provisional confidentiality impact level recommended for rule publication information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the rule publication information. Rule publication processes are usually tolerant of delays.

+ + +

The provisional availability impact level recommended for rule publication information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In the worst cases, errata can be published. Unauthorized modification or destruction of information may result in unnecessary expenditures, some confusion, and limited damage to public confidence in the agency.

+ + +

The provisional integrity impact level recommended for rule publication information is low.

+ + + + Planning and Budgeting + Budget Formulation + +

Budget Formulation involves all activities undertaken to determine priorities for future spending and to develop an itemized forecast of future funding and expenditures during a targeted period of time. This includes the collection and use of performance information to assess the effectiveness of programs and develop budget priorities.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of budget formulation information on the ability of responsible agencies to determine priorities for future spending and to develop an itemized forecast of future funding and expenditures during a targeted period of time. Most budget information is supposed to be available to the public. Special Factors Affecting Confidentiality Impact Determination: Some budget information of is classified national security information and is outside the scope of this guideline. The effects of loss of confidentiality of budget information or of early drafts of budgets can result in attempts by competing interests to influence and/or impede the regulation development process. The consequences to agency programs and even of the ability of an agency to perform its mission can be very serious. Premature public release of draft budgets before internal coordination and review has been conducted can result in unnecessary + criticism of the proposed regulation and even damage public confidence in the agency. These consequences are particularly likely where the release includes unedited internal commentary and discussion. Delays that result from confidentiality compromise can imperil specific agency programs, but loss of public confidence can do persistent harm to an agency’s ability to effectively perform its mission. In such cases, the confidentiality impact level for budget formulation information is moderate. If the budget formulation information is moved to the public domain, the confidentiality impact level becomes Not Applicable (NA).

+ + +

In spite of the serious harm that can be suffered by an agency due to unauthorized and premature disclosure of draft budget information (and associated commentary), the provisional confidentiality impact level recommended for budget formulation information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the budget formulation information. Although some budget formulation information is time-critical, the budget formulation processes are usually tolerant of delays. Excessive recovery delays may result in loss of funding.

+ + +

The provisional availability impact level recommended for budget formulation information is low.

+ + +

not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Some budget formulation information is time-critical. Also, unauthorized modification or destruction of information affecting external communications that contain budget information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.

+ + +

The provisional integrity impact level recommended for budget formulation information is low.

+ + + + Planning and Budget + Capital Planning + +

Capital Planning involves the processes for ensuring that appropriate investments are selected for capital expenditures.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of capital planning information on the ability of responsible agencies to ensure that appropriate investments are selected for capital expenditures. The effects of loss of confidentiality of capital investment plans during the formative stage can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guideline development process. Premature public release of draft plans before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. The diversion of investment funds that can result from compromise of draft plans can pervert investment priorities in a manner that is prejudicial to public interest. However, the consequence of loss of confidentiality of most capital planning information is likely to do + only limited harm to government assets, personnel, or missions. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some of the background information that supports development of capital investment plans can reveal sensitive vulnerabilities, capabilities, or methods of anti-terrorism, law enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some capital investment plans of some Federal agencies contain national security information.

+ + +

The confidentiality impact level is the effect of unauthorized disclosure of capital planning information on the ability of responsible agencies to ensure that appropriate investments are selected for capital expenditures. The effects of loss of confidentiality of capital investment plans during the formative stage can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guideline development process. Premature public release of draft plans before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. The diversion of investment funds that can result from compromise of draft plans can pervert investment priorities in a manner that is prejudicial to public interest. However, the consequence of loss of confidentiality of most capital planning information is likely to do + only limited harm to government assets, personnel, or missions. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some of the background information that supports development of capital investment plans can reveal sensitive vulnerabilities, capabilities, or methods of anti-terrorism, law enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some capital investment plans of some Federal agencies contain national security information.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the capital planning information. The capital planning processes are usually tolerant of delays.

+ + +

The provisional availability impact level recommended for capital planning information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain capital planning information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.

+ + +

The provisional integrity level recommended for capital planning information is low.

+ + + + Planning and Budget + Enterprise Architecture + +

Enterprise Architecture is an established process for describing the current state and defining the target state and transition strategy for an organization’s people, processes, and technology.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of enterprise architecture information on the ability of responsible agencies to describe the current state and define the target state and transition strategy for an organizations people, processes, and technology. The effects of loss of confidentiality of preliminary draft enterprise architecture plans can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guideline development process. Premature public release of draft plans before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. However, the consequence of loss of confidentiality of most enterprise architecture information is likely to do only limited harm to government assets, personnel, or missions. Special Factors Affecting + Confidentiality Impact Determination: Unauthorized disclosure of some of the background information that supports development of Federal enterprise architecture can reveal sensitive vulnerabilities, capabilities, or methods of anti-terrorism, law enforcement, or national security activities.13 Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some enterprise architecture plans of some Federal agencies are themselves national security information. Finally, important financial decisions and planning information may be included in this category of information.

+ + +

The provisional confidentiality impact level recommended for enterprise architecture information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the enterprise architecture information. The enterprise architecture processes are usually tolerant of delays.

+ + +

The provisional availability impact level recommended for enterprise architecture information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain enterprise architecture information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.

+ + +

In general, the provisional integrity level recommended for enterprise architecture information is low.

+ + + + Planning and Budget + Strategic Planning + +

Strategic Planning entails the determination of long-term goals and the identification of the best approach for achieving those goals.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of the unauthorized disclosure of strategic planning information on the ability of responsible agencies to determine long-term goals and to identify the best approach for achieving those goals. Premature public release of draft plans before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. However, the consequence of loss of confidentiality of most strategic planning information is likely to do only limited harm to government assets, personnel, or missions. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some of the background information that supports development of some Federal strategic plans can reveal sensitive vulnerabilities, capabilities, or methods of anti-terrorism, law enforcement, or national security activities. + Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some strategic plans are themselves national security information.

+ + +

The provisional confidentiality impact level recommended for strategic planning information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the strategic planning information. Strategic planning processes are usually tolerant of delays.

+ + +

The provisional availability impact level recommended for strategic planning information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain strategic planning information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.

+ + +

The provisional integrity impact level recommended for strategic planning information is low.

+ + + + Planning and Budget + Budget Execution + +

Budget Execution involves day-to-day requisitions and obligations for agency expenditures, invoices, billing dispute resolution, reconciliation, service level agreements, and distributions of shared expenses.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of budget execution information on the ability of responsible agencies to manage day-to-day requisitions and obligations for agency expenditures, invoices, billing dispute resolution, reconciliation, service level agreements, and distributions of shared expenses. The effects of loss of confidentiality of most budget execution information are unlikely to pose the threat of serious harm to agency assets, personnel or operations. Special Factors Affecting Confidentiality Impact Determination: The effects of loss of confidentiality of budget execution information can violate privacy regulations, reveal information proprietary to private institutions, and reveal procurement-sensitive information. In aggregate, budget execution information can reveal capabilities and methods that some agencies (e.g., law enforcement, homeland security, national defense, intelligence) consider extremely sensitive. In + these cases, the potential harm that can result from unauthorized disclosure ranges from moderate to high to national security-related. In the last case, the information is outside the scope of this document. Public release of sensitive budget execution information can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion.

+ + +

The provisional confidentiality impact level recommended for most budget execution information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the budget execution information. The budget execution processes are usually tolerant of delays.

+ + +

The provisional availability impact level recommended for budget execution information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Where small dollar amounts are modified, the potential damage to an agency’s mission is limited. Special Factors Affecting Integrity Impact Determination: In the case of agreements or transactions involving large monetary values, asset losses, and damage to agency operations, the potential for serious loss of public confidence is high. The consequent integrity impact level is moderate to high. If the budget execution information is time-critical or very sensitive, the integrity impact level may be moderate or high.

+ + +

The provisional integrity impact level recommended for most budget execution information is low.

+ + + + Planning and Budget + Workforce Planning + +

Workforce Planning involves the processes for identifying the workforce competencies required to meet the agency’s strategic goals and for developing the strategies to meet these requirements.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of workforce planning information on the ability of responsible agencies to identify workforce competencies required to meet the agency’s strategic goals and for developing the strategies to meet these requirements. Unauthorized disclosure of most workforce planning information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some background information that supports development of Federal workforce plans can reveal sensitive vulnerabilities, tables of organization, capabilities, or methods of anti-terrorism, law enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline).

+ + +

The provisional confidentiality impact level recommended for workforce planning information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the workforce planning information. The workforce planning processes are generally tolerant of reasonable delays. In most cases, disruption of access to workforce planning information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for workforce planning information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Therefore, consequences of undetected unauthorized modification or destruction of workforce planning information may compromise the effectiveness of compliance enforcement actions (e.g., by providing violators with a basis for claiming investigative or enforcement irregularities).

+ + +

The provisional integrity impact level recommended for workforce planning information is low.

+ + + + Planning and Budget + Management Improvement + +

Management Improvement includes all efforts to gauge the ongoing efficiency of business processes and identify opportunities for re-engineering or restructuring.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of management improvement information on the ability of responsible agencies to gauge the ongoing efficiency of business processes and identify opportunities for re-engineering or restructuring. Premature public release of draft plans before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. However, the consequence of loss of confidentiality of most management improvement information is likely to involve only limited harm to government assets, personnel, or missions. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some background information that supports development of Federal management improvement plans can reveal personnel-sensitive information, including information subject to the Privacy Act of 1974. + The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Other background information can reveal sensitive vulnerabilities, capabilities, or methods of anti-terrorism, law enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some strategic plans are themselves national security information.

+ + +

The provisional confidentiality impact level recommended for management improvement information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the management improvement information. The management improvement planning processes are usually tolerant of delays.

+ + +

The provisional availability impact level recommended for management improvement information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain management improvement information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences can be expected to be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate. Failure to detect malicious modification of personnel information (mostly background information) can result in disruption of some agency operations and disruptive administrative or legal actions.

+ + +

The provisional integrity impact level recommended for management improvement information is low.

+ + + + Planning and Budget + Budget and Performance Integration + +

Budget and Performance Integration involves activities that align Federal resources allocated through budget formulation, execution, and management actions with examinations of program objectives, performance, and demonstrated results such as Program Performance Assessments, Government Performance Results Act (GPRA) plans and reports, performance-based agency budget submissions, and Financial Management Cost Accounting and Performance Measurement data.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure budget and performance integration information on the abilities of responsible agencies to align Federal resources allocated through budget formulation, execution, and management actions. The consequences of unauthorized disclosure of the majority of budget and performance integration information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: The effects of loss of confidentiality of budget and performance integration information can violate privacy regulations, reveal information proprietary to private institutions, and reveal procurement-sensitive information. In aggregate, budget and performance integration information can reveal capabilities and methods that some agencies (e.g., law enforcement, homeland security, national defense, intelligence) consider extremely sensitive. In these + cases, the potential harm that can result from unauthorized disclosure ranges from moderate to high to national security-related. In the last case, the information is outside the scope of this document. Public release of sensitive budget and performance integration information can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion.

+ + +

The provisional confidentiality impact level recommended for resource budget and performance integration information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to budget and performance integration information. The budget and performance integration processes are usually tolerant of delays.

+ + +

The provisional availability impact level recommended for budget and performance integration information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain budget and performance integration information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.

+ + +

The provisional integrity impact level recommended for budget and performance integration information is low.

+ + + + Planning and Budget + Tax and Fiscal Policy + +

Tax and Fiscal Policy encompasses analysis of the implications for economic growth and stability in the United States and the world of Federal tax and spending policies. This includes assessing the sustainability of current programs and policies, the best means for raising revenues, the distribution of tax liabilities, and the appropriate limits on debt.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

information on the abilities of responsible agencies to analyze the implications for economic growth and stability in the United States and the world of Federal tax and spending policies. The consequences of unauthorized disclosure of the majority of tax and fiscal policy information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: The effects of loss of confidentiality of tax and fiscal policy information can be more critical during the policy development process and may severe impacts to the agency mission and privacy information. Premature or accidental public release of sensitive tax and fiscal policy information can result in unnecessary damage to public confidence in the agency. Additionally, premature release of this information may create unfair economic advantages based on economic projections and fiscal policies. In these cases, the potential harm that + can result from unauthorized disclosure ranges from moderate to high depending on the mission impacted.

+ + +

The provisional confidentiality impact level recommended tax and fiscal policy information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to tax and fiscal policy information. Tax and fiscal policy processes are usually tolerant of delays.

+ + +

The provisional availability impact level recommended tax and fiscal policy information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that tax and fiscal policy information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate.

+ + +

The provisional integrity impact level recommended for tax and fiscal policy information is low.

+ + + + Internal Risk Management and Mitigation + Contingency Planning + +

Contingency planning involves the actions required to plan for, respond to, and mitigate damaging events.

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of contingency planning information on the ability of responsible agencies to plan for, respond to, and mitigate damaging events. Unauthorized disclosure of contingency planning information may equip an adversary with the information necessary to attack a system so that recovery is impaired. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of background information that supports development of Federal contingency plans can reveal sensitive vulnerabilities, capabilities, intelligence assessments, intelligence sources, or methods employed in anti-terrorism, law enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some contingency plans are themselves national security information. However, the + purpose of most contingency planning information is to protect against inadvertent or accidental damaging events rather than against malicious attacks. Even so, in the case of Federal government systems, the case of hostile attacks on systems must be considered. The consequences of unauthorized disclosure of extracts from contingency plans are likely to have negligible to limited adverse effects on agency operations. In such cases, the confidentiality impact would be, at most, low. Unauthorized disclosure of the entire plan to malicious entities may have serious effects. As a result, the consequence of loss of confidentiality of comprehensive contingency plans is likely to involve serious harm to government assets, personnel, or missions. In such cases, the confidentiality impact would be, at least, moderate.

+ + +

The provisional confidentiality impact level recommended for contingency planning information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the contingency planning information. The effects of disruption of access to contingency planning information or information systems depend on the timing of the disruption. If access to contingency planning information is denied because of a power outage, recovery may be delayed and the work of government agencies disrupted. Special Factors Affecting Availability Impact Determination: The contingency planning processes are usually tolerant of delays. In contrast, the contingency plan implementation process is not tolerant of delays. The consequences of disruption of access to contingency planning information depend on both the period of the outage and the criticality of the disrupted processes. The consequent impact level may range from low to high.

+ + +

The provisional availability impact level recommended for contingency planning information is moderate.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Errors in contingency plans that result from integrity compromise can result in serious consequences to system recovery capabilities. These can range from incorrect telephone numbers and e-mail addresses on notification lists to erroneous schedules and file designations for database back-ups and archives or software baselines, updates, and patches.

+ + +

The provisional integrity impact level recommended for contingency planning information is moderate.

+ + + + Internal Risk Management and Mitigation + Continuity of Operations + +

Continuity of operations involves the activities associated with the identification of critical systems and processes, and the planning and preparation required to ensure that these systems and processes will be available in the event of a catastrophic event.

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of continuity of operations information on the ability of responsible agencies to identify critical systems and processes, and to conduct the planning and preparation required to ensure that these systems and processes will be available in the event of a catastrophic event. Unauthorized disclosure of the entire plan to malicious entities may have serious effects. As a result, the consequence of loss of confidentiality of most continuity of operations plans (and comprehensive continuity of operations plans) is likely to do serious harm to government assets, personnel, or missions. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of background information that supports development of Federal continuity of operations plans can reveal sensitive vulnerabilities, capabilities, intelligence assessments, intelligence sources, or methods employed in anti-terrorism, law + enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Unauthorized disclosure of continuity of operations information for critical infrastructures and key national assets may require a high impact level. However, the purpose of most continuity of operations information is to protect against inadvertent or accidental damaging events rather than against malicious attacks. Even so, in the case of Federal government systems, hostile attacks on systems must be considered. The consequences of unauthorized disclosure of extracts from continuity of operations plans are likely to have negligible to limited adverse effects on agency operations. In such cases, the confidentiality impact would be, at most, low. Unauthorized disclosure of continuity of operations information may inform an adversary regarding what + facilities and processes are considered to be critical. Such unauthorized disclosure may also equip an adversary with the information necessary to attack a system so that operations are disrupted, and that recovery is impaired. In such cases, the confidentiality impact would be, at least, moderate.

+ + +

The provisional confidentiality impact level recommended for continuity of operations information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the continuity of operations information. Special Factors Affecting Availability Impact Determination: The effects of disruption of access to continuity of operations information or information systems depend on the timing of the disruption. If access to continuity of operations information is denied because of a power outage, recovery may be delayed and the work of government agencies disrupted. The continuity of operations planning process is usually tolerant of delays. In contrast, the continuity of operations implementation process is not tolerant of delays. The consequences of disruption of access to continuity of operations information depend on both the period of the outage and the criticality of the disrupted processes. The consequent impact level will range from low to high.

+ + +

The provisional availability impact level recommended for continuity of operations information is moderate

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Errors in continuity of operations plans that result from integrity compromise can result in serious consequences to system recovery capabilities. These can range from incorrect telephone numbers and e-mail addresses on notification lists to erroneous version numbers for database back-ups and archives or software baselines, updates, and patches.

+ + +

The provisional integrity impact level recommended for continuity of operations information is moderate.

+ + + + Internal Risk Management and Mitigation + Service Recovery + +

Service recovery involves the internal actions necessary to develop a plan for resuming operations after a catastrophe occurs, such as a fire or earthquake.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of the unauthorized disclosure of service recovery information on the ability of responsible agencies to develop plans for resuming operations after a catastrophe occurs, such as a fire or earthquake. In the case of service recovery plans for natural catastrophes, the information associated with service recovery planning is not intrinsically sensitive. In the case of catastrophes caused by malicious activity, unauthorized disclosure of service recovery information may inform an adversary regarding what facilities and processes are considered to be critical. Such unauthorized disclosure may also equip an adversary with the information necessary to attack a system in such a way that operations are disrupted, and that recovery is impaired or even blocked. The purpose of most service recovery information is to protect against natural catastrophes rather than against malicious attacks. In most cases, the consequence of loss of + confidentiality of service recovery information is not likely to do serious harm to government assets, personnel, or missions. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of background information that supports development of Federal service recovery plans can reveal sensitive vulnerabilities, capabilities, intelligence assessments, intelligence sources, or methods employed in anti-terrorism, law enforcement, or national security activities. Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some service recovery plans are themselves national security information.

+ + +

The provisional confidentiality impact level recommended for service recovery information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the service recovery information. The effects of disruption of access to service recovery information or information systems depend on the timing of the disruption. If access to service recovery information is denied because of a power outage, recovery may be delayed and the work of government agencies disrupted. Special Factors Affecting Availability Impact Determination: Service recovery planning processes are usually tolerant of delay. In contrast, the implementation of recovery plans is not tolerant of delays. For service recovery implementation, the consequences of access disruption depend on the time period of the disruption and the criticality of the disrupted processes. The consequent impact level may range from low to high.

+ + +

The provisional availability impact level recommended for service recovery information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information.

+ + +

The provisional integrity impact level recommended for service recovery information is low.

+ + + + Revenue Collection + Debt Collection + +

Debt Collection supports activities associated with the collection of money owed to the United States government from both foreign and domestic sources.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of debt collection information on the ability of responsible agencies to properly and efficiently collect money owed to the United States government from both foreign and domestic sources. The consequences of unauthorized disclosure of debt collection information are generally dependent on the identity of the debtor and of the nature and value of the debt being collected. Typically, unauthorized disclosure of debt collection information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will commonly be personal information subject to the Privacy Act of 1974, information that is proprietary to a corporation or other organization, or information that is politically sensitive by a foreign government. The Privacy Act Information provisional impact levels + are documented in the Personal Identity and Authentication information type. Such information will often be associated with debt collection processes. Where the amount of the debt is significant, and unauthorized knowledge might imperil successful collection, then the associated confidentiality impact assigned to debt collection information might be moderate (or even high in the case of extremely high dollar value cases).

+ + +

The provisional confidentiality impact level recommended for debt collection information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the debt collection information. Most Federal debt collection processes are tolerant of delays. Also, the consequences of temporary inability to access information concerning foreign or domestic debt will be minimal.

+ + +

The provisional availability impact level recommended for debt collection information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Therefore, the consequences of unauthorized modification or destruction of debt collection information depend on the type of property being managed and on the immediacy with which the information is expected to be used. Special Factors Affecting Integrity Impact Determination: If the modified or destroyed information is substantive financial data, there is a greater potential for harm to result from actions being taken based on incomplete or false information. This can have serious adverse effects on individual financial actions with consequent loss of revenue from, or other unanticipated consequences regarding the personal property under disposition. The severity of the consequences depends on the type of the debt and of the debtor but would be most likely be moderate.

+ + +

The provisional integrity impact level recommended for debt collection information is low.

+ + + + Revenue Collection + User Fee Collection + +

User fee Collection involves the collection of fees assessed on individuals or organizations for the provision of Government services and for the use of Government goods or resources (i.e. National Parks).

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of user fee collection information on the ability of responsible agencies to correctly and efficiently enforce, regulate, and effect the collection of fees assessed on individuals or organizations for the provision of Government services and for the use of Government goods or resources. In general, particularly in aggregate, this information is public record.

+ + +

The recommended provisional confidentiality impact level for user fee collection information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the user fee collection information. The missions supported by user fee collection information are generally tolerant of delay. However, any extended period of unavailability would likely be seriously disruptive to the operations for which fees are collected.

+ + +

The provisional availability impact level recommended for user fee collection information is moderate.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. For example, there may be some circumstances when the unauthorized modification or destruction of user fee collection information is undertaken as part of a scheme to divert payments, conceal underpayment of failure to make payment of fees, or otherwise defraud the government. In addition, the consequences of unauthorized modification or destruction of user fee collection information may depend on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be needed urgently or acted upon immediately. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications might have an adverse effect on agency operations, + image and reputation. The integrity impact level assigned may be moderate.

+ + +

The provisional integrity impact level recommended for user fee collection information is low.

+ + + + Revenue Collection + Federal Asset Sales + +

Federal Asset Sales encompasses the activities associated with the acquisition, oversight, tracking, and sale of non-internal assets managed by the Federal Government with a commercial value and sold to the private sector.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of the unauthorized disclosure of Federal asset sales information on the ability of responsible agencies to properly and efficiently acquire, oversee, track, and sell non-internal assets managed by the Federal Government with a commercial value and sold to the private sector. The consequences of unauthorized disclosure of Federal asset sales information are generally dependent on the nature and value of the property being disposed. Generally, Federal asset sales information is public. Most managed property would not be of sufficient individual value to occasion such an occurrence (bid rigging, etc.). Special Factors Affecting Confidentiality Impact Determination: Where unauthorized knowledge regarding the property being disposed of might lead to unfair advantage (i.e., ability to accurately bid on an auction lot to the detriment of other bidders), then the associated confidentiality impact assigned to Federal asset sales + information might be moderate. Such an instance might arise if a disruption of the proper procedures could reasonably cause an adverse effect on future operations of the responsible agency, or if the agency’s image, or individual reputations might be damaged.

+ + +

The provisional confidentiality impact level recommended for Federal asset sales information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the Federal asset sale information. The missions supported by Federal asset sale information are generally tolerant of delay. Generally, the consequences of temporary inability to access solicitations for bid, official notices of disposition, etc., will be minimal.

+ + +

The provisional availability impact level recommended for Federal asset sale information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of Federal asset sale information is partially dependent on the type of property being managed and whether the data is time-critical. If the modified or destroyed information is substantive financial data, actions that are taken based on incomplete or false information could have serious adverse effects on individual financial actions. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, solicitations for bid, official notices of disposition, etc.) may adversely affect the operations, image or reputation of an agency. However, the damage to the management mission would usually be of more immediate concern. The severity of the consequent integrity impact depends on the nature of + the property but would be most likely be moderate.

+ + +

The provisional integrity impact level recommended for Federal asset sales information is moderate.

+ + + + Public Affairs + Customer Services + +

Customer Service supports activities associated with providing and managing the delivery of information and support to the government’s customers.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of customer service information on the ability of responsible agencies to provide and manage the delivery of information and support to the government’s customers. Most customer service information is likely to be in the public domain and poses no confidentiality impact. In most cases, unauthorized disclosure of customer service information will have at most a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Some customer service information may include customer-provided information covered by the provisions of the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Unauthorized disclosure of large volumes of information protected under the Privacy Act can be expected to have a serious to severe effect on public + confidence in the agency. Actions taken that are intended to establish blame, compensate victims, or repair damage done with the exposed information can cause serious disruption of an agency’s mission capability. In such cases, the confidentiality impact can be moderate.

+ + +

The provisional confidentiality impact level recommended for customer service information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the customer service information. The effects of disruption of access to or use of customer service information can usually be In addition, customer service operations are not typically tolerant of delay. Even temporary loss of availability of customer service information is likely to disrupt customer operations. In most cases, disruption of access to customer service information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: While most outages will result in only limited adverse effects on government operations, repeated outages can have a serious adverse effect on public confidence in the agency. In such cases, the availability impact might be moderate.

+ + +

The provisional availability impact level recommended for customer service information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Typically, the adverse effects of unauthorized modification or destruction of customer service information on overall agency mission functions or public confidence in the agency are limited. The more serious integrity impacts become increasingly likely as E-government initiatives progress. Typically, the unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) will result in limited adverse affect on operations or public confidence in the agency and the damage to most missions would usually be limited. Special Factors Affecting Integrity Impact Determination: An increasing proportion of customer service activities are interactive. Consequently, there is a potential for customer actions being taken based on modified or + incomplete information. Similarly, unauthorized modification or deletion of customer-supplied information can result in government mishandling of interactions with customers. If this occurs on a large-scale serious damage to public confidence in the agency may result. In such cases, a moderate integrity may be associated with customer service information.

+ + +

The provisional integrity impact level recommended for customer service information is low.

+ + + + Public Affairs + Official Information Dissemination + +

Official Information Dissemination includes all efforts to provide official government information to external stakeholders through the use of various types of media, such as video, paper, web, etc.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of official information dissemination information on the ability of responsible agencies to provide official Federal government information to external stakeholders through the use of various communications media. Official information dissemination information is usually in the public domain and poses no confidentiality impact.

+ + +

The provisional confidentiality impact level recommended for official information dissemination information is low.

+ + +

mission, not on the time required to re-establish access to the official information dissemination information. Official information dissemination processes are generally tolerant of limited delays. However, even temporary loss of availability of official information dissemination information is likely to have an adverse effect on public confidence in the agency. In most cases, disruption of access to official information dissemination information can be expected to have only a limited adverse effect on overall agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: While most cases will result in only limited consequences, repeated outages can have a serious adverse effect on public confidence in the agency. This can significantly degrade the official information dissemination mission capability. In such cases, the availability impact might be moderate.

+ + +

The provisional availability impact level recommended for official information dissemination information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In general, the adverse effects of unauthorized modification or destruction of official information dissemination information on overall agency mission functions will be limited. Special Factors Affecting Integrity Impact Determination: There is a potential for customer actions taken based on modified or incomplete information. In addition, unauthorized modification or destruction of official information dissemination information may result in distribution of false and misleading information (e.g., modified web pages, electronic mail, video). Such events can adversely affect operations or public confidence in the agency. This can significantly degrade the official information dissemination mission capability. In such cases, a moderate integrity impact may exist. Also, the more serious + integrity impacts become increasingly likely as E-government initiatives progress.

+ + +

The provisional integrity impact level recommended for official information dissemination information is low.

+ + + + Public Affairs + Product Outreach + +

Product Outreach relates to the marketing of government services products, and programs to the general public in an attempt to promote awareness and increase the number of customers/beneficiaries of those services and programs.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of product outreach information on the ability of responsible agencies to market government services products, and programs to the general public in an attempt to promote awareness and increase the number of customers/beneficiaries of those services and programs. Product outreach information is usually in the public domain and poses no confidentiality impact.

+ + +

The provisional confidentiality impact level recommended for product outreach information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the product outreach information. Product outreach processes are generally tolerant of limited delays. In most cases, disruption of access to product outreach information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for product outreach information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effect of unauthorized modification or destruction of product outreach information on overall agency mission functions will be limited. Special Factors Affecting Integrity Impact Determination: The unauthorized modification or destruction of product outreach information may result in distribution of false and misleading information. Such events may adversely affect operations or public confidence in the agency and may significantly degrade the product marketing mission capability. In such cases, a moderate integrity impact may exist.

+ + +

The provisional integrity impact level recommended for product outreach information is low.

+ + + + Public Affairs + Public Relations + +

Public Relations activities involve the efforts to promote an organizations image through the effective handling of citizen concerns.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of public relations information on the ability of responsible agencies to promote an organizations image through the effective handling of citizen concerns. Public relations information itself is usually in the public domain and poses no confidentiality impact. Special Factors Affecting Confidentiality Impact Determination: Internal correspondence associated with development of public relations information can contain information, the unauthorized disclosure of which can have a serious adverse effect on agency operations. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for public relations information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the public relations information. Public relations processes are generally tolerant of limited delays. In most cases, disruption of access to public relations information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for public relations information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effects of unauthorized modification or destruction of public relations information on overall agency mission functions will be limited. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of public relations information may result in distribution of false and misleading information. Such events can be expected to adversely affect operations and/or public confidence in the agency. This can significantly degrade the public relations mission capability. In such cases, a moderate integrity impact may exist.

+ + +

The provisional integrity impact level recommended for public relations information is low.

+ + + + Legislative Relations + Legislation Tracking + +

Legislation Tracking involves following legislation from conception to adoption.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of legislation tracking information on the ability of responsible agencies to follow legislation from conception to adoption. Legislation tracking information itself is usually in the public domain and poses no confidentiality impact. Special Factors Affecting Confidentiality Impact Determination: In some cases, internal correspondence associated with legislation tracking information can contain information, that if improperly disclosed, will have a serious adverse effect on agency relationships with other agencies and with the legislative branch. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for legislation tracking information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the legislation tracking information. Legislation tracking processes are generally tolerant of limited delays. In most cases, disruption of access to legislation tracking information will have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for legislation tracking information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effects of unauthorized modification or destruction of legislation tracking information on overall agency mission functions will be limited.

+ + +

The provisional integrity impact level recommended for legislation tracking information is low.

+ + + + Legislative Relations + Legislative Testimony + +

Legislation Testimony involves activities associated with providing testimony/evidence in support or, or opposition to, legislation from conception to adoption.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of legislation testimony information on the ability of responsible agencies to provide testimony/evidence in support or, or opposition to, legislation from conception to adoption. Most testimony regarding legislation is in the public domain, and even premature release should result in no more than limited harm to agency assets, personnel, or operations. Special Factors Affecting Confidentiality Impact Determination: The effects of loss of confidentiality of some information applicable to pending testimony may result in attempts by competing interests to influence and/or impede a specific legislative process. The consequences to agency programs and of the ability of an agency to perform its mission can be very serious. Premature public release of draft testimony before internal coordination and review has been conducted can result in unnecessary criticism of the proposed testimony and damage public + confidence in the agency. These consequences are particularly likely where the release includes unedited internal commentary and discussion. The results of unauthorized disclosure of information to the public can imperil specific agency programs, but a consequent loss of public confidence can do persistent harm to an agency’s ability to effectively perform its mission. This can result in assignment of a moderate impact level to such information. Some information associated with legislative testimony is classified national security information and is outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for legislation testimony information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the legislation testimony information. The legislation testimony processes are usually tolerant of delays. Special Factors Affecting Availability Impact Determination: Excessive recovery delays can result in damage to agency reputation and to interests associated with specific legislation. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional availability impact level recommended for legislation testimony information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external publication of testimony associated with legislation (e.g., web pages, electronic mail) may adversely affect inter-agency relationships, relations with Congress, or public confidence in the agency. However, damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for legislation testimony information is low.

+ + + + Legislative Relations + Proposal Development + +

Proposal Development involves drafting proposed legislation that creates or amends laws subject to Congressional legislative action.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of proposal development information on the ability of responsible agencies to draft proposed legislation that creates or amends laws subject to Congressional legislative action. Legislation is normally in the public domain. However, the effects of loss of confidentiality of background information used in the development of proposed legislation or of early drafts of proposed legislation could result in attempts by competing interests to influence and/or impede a specific legislative process. The consequences to agency programs and of the ability of an agency to perform its mission can be very serious. Premature public release of proposed legislation before internal coordination and review has been conducted can result in unnecessary criticism of the proposed legislation and even damage public confidence in the agency. These consequences are particularly likely where the release includes unedited + internal commentary and discussion. In general, unauthorized disclosure of much legislative proposal information, particularly in early phases of the process, is likely to result in serious harm to agency assets or operations. 40 Special Factors Affecting Confidentiality Impact Determination: Some proposal development information used by specific Federal agencies (e.g., homeland security, law enforcement, defense, intelligence community) is very sensitive or classified national security information. National security information is outside the scope of this guideline. The sensitivity level recommended for the very sensitive information is high. If the proposal development information is moved to the public domain, the confidentiality impact level becomes Not Applicable (NA).

+ + +

In order to accommodate event-driven consequences of unauthorized disclosure of pre-release drafts, the provisional confidentiality impact level recommended for proposal development information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the proposal development information. Proposal development processes are usually tolerant of delays. Special Factors Affecting Availability Impact Determination: Excessive recovery delays can result in damage to agency reputation and to interests associated with specific legislation. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional availability impact level recommended for proposal development information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external publication of proposed legislation (e.g., web pages, electronic mail) might adversely affect inter-agency relationships, relations with Congress, or public confidence in the agency. However, damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for proposal development information is low.

+ + + + Legislative Relations + Congressional Liaison Operations + +

Congressional Liaison Operations involves all activities associated with supporting the formal relationship between a Federal Agency and the U.S. Congress.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of Congressional liaison information on the ability of responsible agencies to support their formal relationships with U.S. Congress. The effects of loss of confidentiality of information associated with Congressional liaison can facilitate attempts by competing interests to influence and/or impede a specific legislative process or poison inter-branch relations. The consequences to agency programs and even of the ability of an agency to perform its mission can be very serious. Premature public release of information associated with Congressional liaison before internal coordination and review has been conducted can result in unnecessary criticism of the preliminary data or positions, and even damage public confidence in the agency. These consequences are particularly likely where the release includes unedited internal commentary and discussion. In general, unauthorized disclosure of much + Congressional liaison information is likely to result in serious harm to agency assets and/or operations. If the Congressional liaison information is moved to the public domain, the confidentiality impact level becomes Not Applicable (NA). Special Factors Affecting Confidentiality Impact Determination: Some Congressional liaison information used by Federal agencies (e.g., homeland security, law enforcement, defense, intelligence community) is very sensitive or even classified national security information. National security information is outside the scope of this guideline. The sensitivity level associated with the very sensitive information is high.

+ + +

The provisional confidentiality impact level recommended for Congressional liaison information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the Congressional liaison information. Congressional liaison processes are usually tolerant of delays. Special Factors Affecting Availability Impact Determination: Excessive recovery delays can result in damage to agency reputation and to interests associated with specific legislation. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional availability impact level recommended for Congressional liaison information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information.

+ + +

The provisional integrity impact level recommended for Congressional liaison information is low.

+ + + + General Government + Central Fiscal Operations + +

Central Fiscal Operations includes the fiscal operations that the Department of Treasury performs on behalf of the Government.14 [Note: Tax-related functions are associated with the Taxation Management information type.] Impacts to some information and information systems associated with central fiscal operations may affect the security of the critical banking and finance infrastructure. In most cases, the effect on public welfare of a loss of central fiscal operations functionality can be expected to be delayed rather than immediate. The potential for consequent loss of human life or of major national assets is low.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of central fiscal operations information on the fiscal operations that the Department of Treasury performs on behalf of the Government. The effects of loss of confidentiality can reasonably be expected to jeopardize relationships and administrative actions necessary to mission fulfillment and/or to seriously damage public confidence in the agency. For example, the unauthorized disclosure of investigative and enforcement information can have serious economic impact on both individual companies and the broader market place (e.g., short-term stock market perturbations). The consequences of such unauthorized disclosures may have a serious adverse effect on public confidence in the agency. Special Factors Affecting Confidentiality Impact Determination: Where the operations in question involve liaison with law enforcement or homeland security organizations, the consequences of unauthorized disclosure can + imperil operations critical to the security of human life, critical infrastructure protection, ore the protection of key national assets. For those operations, the consequences to key financial infrastructure elements can be serious to severe. In such cases, the associated confidentiality impact level will be high.

+ + +

The confidentiality impact level recommended for most central fiscal operations information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the central fiscal operations information. Central fiscal operations processes are usually tolerant of delays.

+ + +

The provisional availability impact level recommended for central fiscal operations information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications that include central fiscal operations information (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for central fiscal operations information is normally low.

+ + + + General Government + Legislative Functions + +

Legislative functions include the service support activities associated with costs of the Legislative Branch other than the Tax Court, the Library of Congress, and the Government Printing Office revolving fund.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of legislative functions information on the ability of responsible agencies to provide service support activities associated with costs of the Legislative Branch other than the Tax Court, the Library of Congress, and the Government Printing Office revolving fund. The effects of loss of confidentiality of information associated with legislative functions can be expected to have only a limited impact on Federal government assets, operations, or personnel welfare.

+ + +

The provisional confidentiality impact level recommended for legislative functions information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the legislative service support information. Legislative functions processes are usually tolerant of delays. Special Factors Affecting Availability Impact Determination: Excessive recovery delays can result in damage to agency reputation and to interests associated with specific legislation. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional availability impact level recommended for legislative functions information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Misunderstandings resulting from modified information that is actually exchanged can usually be resolved and any resulting damage to the support function from modified information that is exchanged would usually be limited. Unauthorized modification or destruction of information affecting external publication of legislative service support information (e.g., web pages, electronic mail) may adversely affect inter-agency relationships, relations with Congress, or public confidence in the agency. However, damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for legislative functions information is low.

+ + + + General Government + Executive Functions + +

[No description provided.]

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level associated with the executive information type is associated with executive functions. The effects of loss of confidentiality of policies and guidance during the formative stage can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guidance development process. Premature public release of formative policies and guidance before internal coordination and review can result in unnecessary damage to public confidence in the executive office. These consequences may occur when the release includes unedited internal commentary and discussion.

+ + +

The provisional confidentiality impact level recommended for executive functions information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the executive information.

+ + +

The provisional availability impact level recommended for executive functions information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications that contain executive information (e.g., web pages, electronic mail) may adversely affect public confidence in the government.

+ + +

The provisional integrity impact level recommended for executive information is low.

+ + + + General Government + Central Property Management + +

Central Property Management involves most of the operations of the General Services Administration.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of central property management information on the ability of the General Services Administration to acquire, provide, and centrally administer offices buildings, fleets, machinery, and other capital assets and consumable supplies used by the Federal government. The consequences of unauthorized disclosure of most central property management information are likely to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of information associated with very large procurements can result in fraud, waste, abuse, and/or legal proceedings that can have a serious to severe effect on Federal government assets and operations. Also, information associated with acquisition, maintenance, administration, and operation of many Federal government office buildings, transportation fleets, and + operational facilities can be of material use to criminals seeking to gain access to Federal facilities to facilitate or perpetrate fraud, theft, or some other criminal enterprise. In this case, unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, or individuals. The consequent confidentiality impact would be at least moderate. Information associated with maintenance, administration, and operation of other Federal government facilities can be of material use to terrorists seeking to penetrate and/or commandeer such facilities as part of operations intended to harm critical infrastructures, key national assets, or people. Examples of more potentially damaging information include architectural, maintenance and administrative information that might permit either covert pedestrian or unimpeded vehicular access to government buildings (e.g., Congressional office buildings, FBI Headquarters, the National Archives, + Smithsonian Institution buildings, dams, nuclear power plants, etc.). In such cases, the confidentiality impact level may be high. [Some information is classified as national security and is outside the scope of this guideline.] Anticipated or realized unauthorized disclosure of one agency’s central property management information by GSA could result in negative impacts on cross-jurisdictional coordination within the central property management infrastructure and the general effectiveness of organizations tasked with acquiring and managing government facilities and supplies.

+ + +

The provisional confidentiality impact level recommended for central property management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the central property management information. The functions supported by most central property management information are tolerant of delays. Typically, the disruption of access to central property management information will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency response aspects of disaster management. In such cases, delays measured in hours can cost lives and major property damage. Consequently, the availability impact level associated with unauthorized modification or destruction of central property management information needed to respond to emergencies may be high.

+ + +

The provisional availability impact level recommended for central property management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In addition, the consequences of unauthorized modification or destruction of central property management information usually depends on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be time-critical or acted upon immediately. Unauthorized modification or destruction of information affecting external publication of central property management information (e.g., web pages, electronic mail) may adversely affect public confidence in the agency. However, damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for central property management information is low.

+ + + + General Government + Central Personnel Management + +

Central Personnel Management involves most of the operating activities of the Office of Personnel Management and related agencies.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of central personnel management information on the ability of the Office of Personnel Management (OPM) to build a high quality and diverse Federal workforce, based on merit system principles. Central personnel management information includes human resources management and consulting services, education and leadership development services, and investigation services. The unauthorized disclosure of most central personnel management information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Very sensitive information is typically personal information subject to the Privacy Act of 1974. (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) Such information will often be assigned a moderate confidentiality impact level. Some + information associated with investigative services may be particularly sensitive and require a high confidentiality impact level.

+ + +

The provisional confidentiality impact level recommended for central personnel management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the central personnel management information. Central personnel management processes are generally tolerant of reasonable delays. In most cases, disruption of access to central personnel management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for central personnel management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of undetected unauthorized modification or destruction of central personnel management information can conceivably disrupt central personnel management operations (e.g., (e.g., by modifying sensitive private personal information or compromising confidentiality mechanisms). Unauthorized modification or destruction of information affecting external publication of central personnel management information (e.g., web pages, electronic mail) may adversely affect public confidence in the government. However, damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for central personnel management information is low.

+ + + + General Government + Taxation Management + +

Taxation Management includes activities associated with the implementation of the Internal Revenue Code and the collection of taxes in the United States and abroad.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of taxation management information on the ability of the Internal Revenue Service (IRS) to enforce the Internal Revenue Code and to collect taxes in the United States and abroad. The IRS Guidebook for Information Sensitivity Analysis provides guidelines for identifying IRS Official Use Only (OUO) Information. Sensitive information is identified in the IRM as any information which if lost, stolen, (accessed), or altered without proper authorization may adversely affect Service operations. The IRM states that unauthorized disclosure of sensitive information may cause lawsuits against Service officials as well as the Service, unwanted notoriety for the Service, and public distrust of the Service’s ability to protect such information – all of which may result in an increase in noncompliance with tax laws. It notes that unauthorized release of information such as the name and address of an informant (in + cases of tax evasion or fraud) may threaten a person’s life.17 Additionally, sensitive information is defined in Section 25.10 of the IRM as information that requires protection due to the risk or magnitude of loss that could result from inadvertent or deliberate disclosure of the information. Sensitive information includes information whose improper use could adversely affect the ability of the agency to accomplish its mission, proprietary information, records about individuals that require protection under the Privacy Act, and information not releasable under the Freedom of Information Act. The IRS OUO guideline notes that prevention of unauthorized disclosure of information revealing internal matters, the disclosure of which would risk circumvention of a legal requirement or agency rules and regulations has assumed an increasingly important role in homeland security. Unauthorized disclosure of sensitive or private IRS information can be expected to have a serious + effect on both the welfare of individuals and public confidence in the government. Special Factors Affecting Confidentiality Impact Determination: In cases where unauthorized disclosure of taxation information can impede anti-terrorism or other homeland security activities or endanger the lives of agents or informants, the confidentiality impact level is high.

+ + +

The provisional confidentiality impact level recommended for taxation management information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the taxation management information. Taxation management processes are generally tolerant of limited delays. In most cases, disruption of access to taxation management information can be expected to have only a limited adverse effect on overall agency operations, agency assets, or individuals. However, even temporary loss of availability of taxation management information is likely to have an adverse effect on public confidence in the agency and on Federal government cash flow. Special Factors Affecting Availability Impact Determination: While most cases will result in only limited consequences, repeated disruptions can have a serious adverse effect on public confidence in the agency. This can significantly degrade the taxation management mission capability. In such cases, the availability impact might be moderate. Loss + of availability of significant amounts of taxation management information over long periods of time can do serious harm to Federal government operations. The economic ramifications would potentially be severe.

+ + +

The provisional availability impact level recommended for taxation management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In addition, the consequences of unauthorized modification or destruction of taxation management information may depend on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be needed urgently or acted upon immediately. Also, the adverse effects of unauthorized modification or destruction of taxation management information on overall agency mission functions is expected to be limited. Special Factors Affecting Integrity Impact Determination: There is a potential for tax code enforcement, other law enforcement, or anti-terrorism actions being taken based on modified or incomplete information. Also, unauthorized modification or destruction of taxation management information may result in + distribution of false and misleading information. Such events can be expected to adversely affect individuals, operations, and/or public confidence in the agency. This can significantly degrade the taxation management mission capability. In extreme cases (e.g., misidentification of an informant), the consequences can be life threatening. In such cases, a high integrity impact may exist.

+ + +

The provisional integrity impact level recommended for taxation management information is low.

+ + + + General Government + Central Records and Statistics Management + +

Central Records and Statistics Management involves the operations surrounding the management of official documents, statistics, and records for the entire Federal Government. This information type is intended to include information and information systems associated with the management of records and statistics for the Federal government as a whole, such as the records management performed by NARA or the statistics and data collection performed by the Bureau of the Census. Note: Many agencies perform records and statistics management for a particular business function and as such should be mapped to the service support, management, or mission area associated with that business function. The central records and statistics management information type is intended for functions performed on behalf of the entire Federal government.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of central records and statistics management information on the ability of responsible agencies to manage official documents, statistics, and records for the entire Federal Government. Unauthorized disclosure of raw data and other source information for central records and statistics management operations is likely to violate the Privacy Act of 1974 and other regulations applicable to the dissemination of personal and government information. (The provisional impact levels for personnel information are documented in the Personal Identity and Authentication, Income, Representative Payee, and Entitlement Event information types.) Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some centrally managed records can pose a threat to human life or a loss of major assets. In such cases, the confidentiality impact is high.

+ + +

The provisional confidentiality impact level recommended for central records and statistics management information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the central records and statistics management information. Central records and statistics management processes are generally tolerant of reasonable delays. Generally, disruption of access to central records and statistics management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for central records and statistics management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In addition, the consequences of unauthorized modification or destruction of central records and statistics management information may depend on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be time-critical or acted upon immediately.

+ + +

The provisional integrity impact level recommended for central records and statistics management information is low.

+ + + + General Government + Income Information + +

Income information includes all the wages, self-employment earnings, savings data and other financial resources information that is needed to help determine the amount of Retirement, Survivor, or Disability benefits that individuals may be entitled to receive or not receive from the Supplementary Security Income or RSDI Title II Programs. In most cases, the impact levels are based on the effects of unauthorized disclosure, modification, or loss of availability of income information on the ability of the Federal government to identify citizen entitlements and obligations and to protect individuals against identity theft and the Federal government against fraud.

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is based on the effects of unauthorized disclosure of income information on the ability of the Federal government to identify citizen entitlements and obligations and to protect individuals against identity theft and the Federal government against fraud. Unauthorized disclosure of raw data and other source information for benefits determination and revenue collection operations is likely to violate the Privacy Act of 1974 and other regulations applicable to the dissemination of personal and government information. Unauthorized disclosure of centrally managed income information can have a serious adverse effect on agency missions. Therefore, for agencies that manage large income information involving records of the general public, the provisional confidentiality impact level can be expected to be at least moderate.

+ + +

The provisional confidentiality impact level recommended for income information is moderate.

+ + +

The availability impact level is based on the specific purpose to which income information is put; and not on the time required to re-establish access to the income information. Benefits determination and liability calculation (e.g., taxation) processes are generally tolerant of reasonable delays. In many cases, disruption of access to income information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In the case of very large data bases containing income information relating to the general public, there is a significant probability that processing delays will affect the benefits entitlements or liabilities (e.g., tax liabilities) of large numbers of individuals. The larger the number of records affected, the longer the delays that can be expected to result. This can result in financial hardship for citizens and in serious disruption of the agency + operations due to large time and resource requirements for backlog processing. In such cases, the availability impact level would be at least moderate. In the case of permanent loss of records, the impact might even be high.

+ + +

The provisional availability impact level recommended for income information is moderate.

+ + +

The integrity impact level is based on the specific purpose to which income information is put; and not on the time required to detect the modification or destruction of information. In the case of very large data bases containing income information relating to the general public, there is a significant probability that erroneous actions will be taken affecting the benefits entitlements or liabilities (e.g., tax liabilities) of large numbers of individuals. This can result in at least short-term financial hardship for citizens. It can also be expected to result in very serious disruption of the agency operations due to large time and resource requirements for taking corrective actions. In such cases, the integrity impact level would be at least moderate. Special Factors Affecting Integrity Impact Determination: In the case of smaller organizations, and where the information affected is limited to employees, the consequences may justify only a low provisional impact + rating.

+ + +

The provisional integrity impact level recommended for income information is moderate.

+ + + + General Government + Personal Identity and Authentication Information + +

Personal identity and authentication information includes that information necessary to ensure that all persons who are potentially entitled to receive any federal benefit are enumerated and identified so that Federal agencies can have reasonable assurance that they are paying or communicating with the right individuals. This information include individual citizen’s Social Security Numbers, names, dates of birth, places of birth, parents’ names, etc.

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is based on the effects of unauthorized disclosure of personal identity and authentication information on the ability of Federal agencies to determine that communications with and payments to individuals are being made with or to the correct individuals - and to protect individuals against identity theft and the Federal government against fraud. Unauthorized disclosure of raw data and other source information for identity authentication operations is likely to violate the Privacy Act of 1974 and other regulations applicable to the dissemination of personal and government information. There are many cases in which unauthorized disclosure of personal identity and authentication information will have only a limited adverse effect on government operations, assets, or individuals. However, the potential for use of such information by criminals to perpetrate identity theft and related fraud can do serious harm to individuals. Unauthorized + disclosure of centrally managed personal identity and authentication information, such as passport and visa control databases can have a serious adverse effect on agency missions. Special Factors Affecting Confidentiality Impact Determination: For agencies that manage large income information involving records of the general public, the provisional confidentiality impact level can be expected to be at least moderate. Where personal identity and authentication information is used in controlling access to facilities (e.g., Federal facilities, critical infrastructure facilities, key national assets) or for border control purposes, the consequences of unauthorized disclosure that permits credentials forgery can justify a high impact assignment.

+ + +

The provisional confidentiality impact level recommended for personal identity and authentication information is moderate.

+ + +

The availability impact level is based on the specific purpose to which personal identity and authentication information is put; and not on the time required to re-establish access to the personal identity and authentication information. Benefits determination processes are generally tolerant of reasonable delays. In many cases, disruption of access to personal identity and authentication information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In the case of very large data bases containing personal identity and authentication information relating to the general public, there is a significant probability that processing delays will affect the benefits entitlements of or access to facilities by large numbers of individuals. The larger the number of records affected, the longer the delays that can be expected to result. This can result in financial + hardship for citizens and in serious disruption of the agency operations due to large time and resource requirements for backlog processing. In such cases, the availability impact level would be at least moderate. In the case of permanent loss of records or access to facilities by emergency personnel, the impact might even be high.

+ + +

The provisional availability impact level recommended for personal identity and authentication information is moderate.

+ + +

The integrity impact level is based on the specific purpose to which personal identity and authentication information is put; and not on the time required to detect the modification or destruction of information. In the case of very large databases containing personal identity and authentication information relating to the general public, there is a significant probability that erroneous actions will be taken affecting benefits entitlements of or access to facilities by large numbers of individuals. In the case of benefits, this can result in at least short-term financial hardship for citizens. It can also be expected to result in very serious disruption of the agency operations due to large time and resource requirements for taking corrective actions. Special Factors Affecting Integrity Impact Determination: In the case of smaller organizations, and where the information affected is limited to employees, there will still be an impact, but the consequences may justify + only a low provisional impact rating. Where a data modification permits access to facilities (or ingress into the United States) by individuals to whom access should be prohibited, the integrity impact could be high.

+ + +

The provisional integrity impact level recommended for personal identity and authentication information is moderate.

+ + + + General Government + Entitlement Event Information + +

Entitlement event information includes information about events such as death and date of occurrence, date of a disabling event and the relating data that can reasonably prove the severity of such disability, proof of age for retirement benefits, birth and relationship of spouse and/or children who may be entitled to benefits only as auxiliaries of the primary beneficiary, and other related information needed to process a claim for benefits. This also includes means-related information required to administer all the means related benefits associated with the Title XVI (Supplementary Security Income Program) and the new drug provisions of the recently revised Medicare Program.

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is based on the effects of unauthorized disclosure of entitlement event information on the ability of the Federal government to establish qualifications of individuals to receive government benefits - and to protect individuals and the Federal government against fraud. Unauthorized disclosure of raw data and other source information for entitlement operations is likely to violate the Privacy Act of 1974 and other regulations applicable to the dissemination of personal information. Unauthorized disclosure of centrally managed entitlement event information can have a serious adverse effect on agency missions. Therefore for agencies that manage large income information involving records of the general public, the provisional confidentiality impact level can be expected to be at least moderate.

+ + +

The provisional confidentiality impact level recommended for entitlement event information is moderate.

+ + +

The availability impact level is based on the specific use of the entitlement event information and not on the time required to re-establish access to the income information. Benefits determination processes are generally tolerant of reasonable delays. In many cases, disruption of access to entitlement event information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In the case of very large data bases containing entitlement event information relating to the general public, there is a significant probability that processing delays will affect the benefits entitlements of large numbers of individuals. The larger the number of records affected, the longer the delays that can be expected to result. This can result in financial hardship for citizens. It can also result in very serious disruption of the agency operations due to large time and resource + requirements for backlog processing. In such cases, the availability impact level would be at least moderate. In the case of permanent loss of records, the impact might even be high.

+ + +

The provisional availability impact level recommended for income information is moderate.

+ + +

The integrity impact level is based on the specific use of the entitlement event information and not on the time required to detect the modification or destruction of information. In the case of very large databases containing entitlement event information relating to the general public, there is a significant probability that erroneous actions will be taken affecting the benefits entitlements of large numbers of individuals. This can result in at least short-term financial hardship for citizens. It can also be expected to result in serious disruption of the agency operations due to the time and resource requirements for taking corrective actions. In such cases, the integrity impact level would be at least moderate. Special Factors Affecting Integrity Impact Determination: In the case of smaller organizations, and where the information affected is limited to employees, the consequences may justify only a low provisional impact rating.

+ + +

The provisional integrity impact level recommended for entitlement event information is moderate.

+ + + + General Government + Representative Payee Information + +

Representative payee information includes the information required to determine the need for representative payees and the data that is gathered to make the determination of who should serve as the representative payee for all beneficiaries of federal benefits who are unable to manage their own funds. This also includes accountability information required to provide reasonable assurance that the funds are being used appropriately for the well being of entitled individuals.

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is based on the effects of unauthorized disclosure of representative payee information on the ability of the Federal government to determine that entitlement funds are being used appropriately for the well being of entitled individuals - and to protect individuals against identity theft and the Federal government against fraud. Unauthorized disclosure of data for representative payee operations is likely to violate the Privacy Act of 1974 and other regulations applicable to the dissemination of personal information. Unauthorized disclosure of centrally managed representative payee information can have a serious adverse effect on agency missions and on large numbers of individuals. Therefore, in the case of large representative payee information databases, the provisional confidentiality impact level can be expected to be at least moderate.

+ + +

The provisional confidentiality impact level recommended for representative payee information is moderate.

+ + +

The availability impact level is based on the specific use of the representative payee information and not on the time required to re-establish access to the representative payee information. Benefits payment processes are not necessarily tolerant of delays. In many cases, disruption of access to representative payee information can be expected to have a very serious adverse effect on individuals. Special Factors Affecting Availability Impact Determination: In the case of very large data bases containing representative payee information relating to the general public, there is a significant probability that processing delays will affect the benefits payments to large numbers of individuals. The larger the number of records affected, the longer the delays that can be expected to result. This can result in financial hardship for some individuals and in serious disruption of agency operations. In such cases, the availability impact level would be at least moderate. In the + case of permanent loss of records, the impact might even be high.

+ + +

The provisional availability impact level recommended for representative payee information is moderate.

+ + +

The integrity impact level is based on the specific use of the payee information and not on the time required to detect the modification or destruction of information. In the case of very large databases containing representative payee information relating to the general public, there is a significant probability that erroneous actions will be taken affecting the benefits payments to large numbers of individuals. This can result in at least short-term financial hardship for our most vulnerable citizens. Loss of integrity can result in serious disruption of the agency operations. In such cases, the integrity impact level would be at least moderate. Special Factors Affecting Integrity Impact Determination: In the case of fraudulent diversion of payments intended for particularly dependent individuals, there can be life-threatening consequences. In such cases, a high integrity impact rating may be justified.

+ + +

The provisional integrity impact level recommended for representative payee information is moderate.

+ + + + General Government + General Information + +

An additional management and support sub-function information type has been defined to address General Information as a catch-all information type that may not be defined by the FEA BRM. As such, agencies may find it necessary to identify additional information types not defined in the BRM and assign impact levels to those types. Agency personnel may uniquely identify information types using a FIPS 199 process to identify information not contained neatly in the FEA BRM. Not all of these information types are likely to have the same impact levels. The impacts to some information types will jeopardize system functionality and the agency mission more than other information types. General Information impact levels must be assessed in the context of the agencies mission.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is based on the effects of unauthorized disclosure of representative general information on the ability of the agency to accomplish its mission.

+ + +

The provisional confidentiality impact level recommended for general information is low.

+ + +

The availability impact level is based on the specific use of the general information and not on the time required to re-establish access to the general information.

+ + +

The provisional availability impact level recommended for general information is low.

+ + +

The integrity impact level is based on the specific use of the general information and not on the time required to detect the modification or destruction of information.

+ + +

The provisional integrity impact level recommended for general information is low.

+ + + + Administrative Management + Facilities, Fleet, and Equipment Management + +

Facilities, Fleet, and Equipment management involves the maintenance, administration, certification, and operation of office buildings, fleets, machinery, and other capital assets considered as possessions of the Federal government. Impacts to some information and information systems associated with facilities, fleet, and equipment management may affect the security of some key national assets (e.g., nuclear power plants, dams, and other government facilities).

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of facilities, fleet, and equipment management information on the ability of responsible agencies to maintain, administer, and operate offices buildings, fleets, machinery, and other capital assets of the Federal government. The consequences of unauthorized disclosure of most facilities, fleet, and equipment management information are likely to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Information associated with maintenance, administration, and operation of many Federal government office buildings, transportation fleets, and operational facilities can be of material use to criminals seeking to gain access to Federal facilities in order to facilitate or perpetrate fraud, theft, or some other criminal enterprise (e.g., extract inmates from Federal detention facilities). In this case, + unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, or individuals. The consequent confidentiality impact would be at least moderate. Information associated with maintenance, administration, and operation of other Federal government office buildings, transportation fleets, and operational facilities can be of material use to terrorists seeking to penetrate and/or commandeer such facilities as part of operations intended to harm critical infrastructures, key national assets, or people. Examples of this information include information that reveals specific measures respecting limiting access to and operation of government aircraft, maintenance and administrative information that might permit either covert pedestrian or unimpeded vehicular access to government buildings (e.g., Congressional office buildings, FBI Headquarters, the National Archives, Smithsonian Institution buildings, dams, nuclear power plants, + etc.), and schedules/itineraries of government surface transportation fleets (e.g., for transport of executive personnel or hazardous materials). In these cases, the confidentiality impact must be considered to be high. [Some information regarding transportation and storage of nuclear materials is classified as national security related and is outside the scope of this guideline. Other information, such as Nuclear Regulatory Commission “SAFEGUARDS” information is not national security information, but must have a high confidentiality impact level.] Anticipated or realized unauthorized disclosure of one agency’s facilities, fleet, and equipment management information by another agency could result in negative impacts on cross-jurisdictional coordination within the facilities, fleet, and equipment management infrastructure and the general effectiveness of organizations tasked with facilities, fleet, and/or equipment management.

+ + +

The provisional confidentiality impact level recommended for facilities, fleet, and equipment management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the facilities, fleet, and equipment management information. Functions supported by most facilities, fleet, and equipment management information are tolerant of delays. Typically, disruption of access to facilities, fleet, and equipment management information has a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency response aspects of disaster management or leadership protection. In such cases, delays measured in seconds can cost lives and major property damage. Consequently, the availability impact level associated with unauthorized modification or destruction of facilities, fleet, and equipment management information needed to respond to + emergencies will be high.

+ + +

The provisional availability impact level recommended for facilities, fleet, and equipment management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In addition, the consequences of unauthorized modification to or destruction of facilities, fleet, and equipment management information may depend on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be time-critical or acted upon immediately. Special Factors Affecting Integrity Impact Determination: Exceptions may include emergency response aspects of disaster management or leadership protection. In such cases, the integrity impact level associated with unauthorized modification or destruction of facilities, fleet, and equipment management information can be high.

+ + +

The provisional integrity impact level recommended for facilities, fleet, and equipment management information is low.

+ + + + Administrative Management + Help Desk Services + +

Help Desk Services involves the management of a service center to respond to government employees' technical and administrative questions.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of help desk service information on the ability of responsible agencies to manage of service center responses to government employees' technical and administrative questions. The consequences of unauthorized disclosure of most help desk service information are likely to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Information associated with service center responses can provide useful information to adversaries seeking to penetrate Federal systems. If the contents or functions of a system have sufficient sensitivity and/or criticality, a moderate or high impact level may be considered for help desk information.

+ + +

The provisional confidentiality impact level recommended for help desk service information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to help desk service information. Typically, disruption of access to help desk service information will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency response components of disaster management or other time-critical functions (e.g., some systems that support air traffic control functions). Consequently, the availability impact level associated with unauthorized modification or destruction of help desk service information needed to respond to emergencies can be high.

+ + +

The provisional availability impact level recommended for help desk service information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In addition, the consequences of unauthorized modification to or destruction of help desk service information usually depends on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be time-critical or acted upon immediately. Special Factors Affecting Integrity Impact Determination: In relatively few cases would the consequences of unauthorized modification of help desk information that is acted upon immediately result in more than limited damage to agency operations or assets. Exceptions may include bogus information regarding operation of communications processors, data base systems, or other systems necessary to emergency response aspects of disaster management, criminal apprehension, + air traffic control or other time-critical missions. In such cases, a moderate or high integrity impact level might be considered for unauthorized modification or destruction of help desk service information.

+ + +

he provisional integrity impact level recommended for help desk service information is low.

+ + + + Administrative Management + Security Management + +

Security Management involves the physical protection of an organization’s personnel, assets, and facilities (including security clearance management). Impacts to some information and information systems associated with security management may affect the security of some critical infrastructure elements and key national assets (e.g., nuclear power plants, dams, and other government facilities). Impact levels associated with security information directly relate to the potential threat to human life associated with the asset(s) being protected (e.g., consequences to the public of terrorist access to dams or nuclear power plants).

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of security management information on the ability of responsible organizations to physically protect their personnel, assets, and facilities. The consequences of unauthorized disclosure of most security management information depend on the likelihood that the information might jeopardize the physical security of an organization’s assets and the value, and potential for damage of the assets being protected. Information associated with the physical security of many Federal government office buildings, transportation fleets, and operational facilities can be of material use to criminals seeking to gain access to Federal facilities in order to perpetrate a major crime (e.g., extraction of inmates from Federal detention facilities, theft of commodities market projections, access to information associated with a felony criminal investigation or prosecution, theft of blank license issuing facilities + and/or materials, access to competition-sensitive information associated with major procurements, undetected access to national archives or museum properties, access to currency printing facilities or materials, theft of major currency or bullion storage facilities). In such cases, unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, or individuals. Unauthorized disclosure of one agency’s security management information by another agency could result in negative impacts on cross-jurisdictional coordination within the security management infrastructure and the general effectiveness of organizations tasked with physical protection of Federal facilities. The consequences of physical protection failures at most Federal facilities are more likely to result in serious21 adverse effects. Special Factors Affecting Confidentiality Impact Determination: Information associated with security management at other Federal + government office buildings, transportation fleets, and operational facilities can be of material use to terrorists seeking to penetrate and/or commandeer such facilities as part of operations intended to harm critical infrastructures, key national assets, or people. Examples of more potentially damaging information includes information that reveals specific measures for protecting government aircraft, information that might permit access that creates an opportunity to bomb a government building (e.g., Congressional office buildings, FBI Headquarters, the National Archives, Smithsonian Institution buildings, dams, nuclear power plants, etc.), and leadership protection details that could result in assassination opportunities. In these cases, the confidentiality impact must be high. Unauthorized disclosure of security management information that can be reasonably expected to pose a serious threat to human life (including those of security guards) must also be assigned a + high confidentiality impact. [Security management information associated with some Federal government assets is classified. The classified information is national security related and is outside the scope of this guideline.] Other security management information, such as that affecting Nuclear Regulatory Commission “SAFEGUARDS” or Internal Revenue Service “Limited For Official Use Only” information is not national security information, but must be treated as having high confidentiality impact.

+ + +

The confidentiality impact level recommended for most security management information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the security management information. Functions supported by most security management information are tolerant of delays. Typically, disruption of access to security management information will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include alarm and alert communications and interconnections for security management systems and automated control systems that support security management processes (e.g., door and gate operations in buildings to which access is limited such as detention facilities and many Federal office buildings For these exceptions, the data is time-critical. The availability impact level associated with unauthorized + modification or destruction of such alarm, alert, and automated process security management information may be high.

+ + +

The provisional availability impact level recommended for security management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of security management information may depend on the urgency with which the information is needed or the immediacy with which the information is used. In cases of intrusion indications, security management information can be time-critical. The consequences of unauthorized modification or destruction of time-critical security management information can reasonably be expected to result in physical security vulnerabilities. The range of potential consequences is covered above in Confidentiality.

+ + +

The provisional integrity impact level recommended for most security management information is moderate.

+ + + + Administrative Management + Travel Information + +

Travel involves the activities associated with planning, preparing, and monitoring of business related travel for an organization’s employees.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of travel information on the abilities of responsible agencies to plan, prepare, and monitor business related travel for the organization’s employees. Generally, the consequences of unauthorized disclosure of the majority of travel information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of employee identification information coupled with credit information (e.g., name, social security number, credit card number) can result in moderate to serious consequences for individuals and local organizations. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Unauthorized disclosure of information concerning carrier/provider contract negotiations can have significant financial or legal + consequences and put an agency at a serious disadvantage. Also, severe consequences may result from unauthorized disclosure of information regarding leadership travel plans that might jeopardize personnel security or the confidentiality of sensitive operations plans. In the most sensitive cases, the confidentiality impact level may be high.

+ + +

The provisional confidentiality impact level recommended for travel information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the travel information. The nature of travel processes is usually tolerant of reasonable delays, at least on the agency mission scale.

+ + +

The provisional availability impact level recommended for travel information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of travel information partially depends on the urgency with which the information is normally needed and the consequences of aborted or modified travel. In the case of travel planning information, the effects of such modifications are generally limited with respect to agency mission capabilities or assets. There may be scenarios in which integrity compromise of travel information may expose Federal leadership to harm or endanger a sensitive or critical operation. However, most such scenarios are dealt with in the context of impacts to mission operations information (Appendix D).

+ + +

The provisional integrity impact level recommended for travel information is low.

+ + + + Administrative Management + Workplace Policy Development and Management + +

Workplace policy development and management includes all activities required to develop and disseminate workplace policies such as dress codes, time reporting requirements, telecommuting, etc.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of workplace policy development and management information on the abilities of responsible agencies to develop and disseminate workplace policies such as dress codes, time reporting requirements, and telecommuting. The consequences of unauthorized disclosure of the majority of workplace policy development and management information will result in a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional confidentiality impact level recommended for workplace policy development and management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the workplace policy development and management information. Generally, workplace policy development and management processes are tolerant of reasonable delays.

+ + +

The provisional availability impact level recommended for workplace policy development and management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification to or destruction of workplace policy development and management information depends primarily on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. Typically, the effects of modification or deletion of this information are generally limited.

+ + +

The provisional integrity impact level recommended for workplace policy development and management information is low.

+ + + + Financial Management + Assets and Liability Management + +

Assets and Liability Management provide accounting support for the management of assets and liabilities of the Federal government. Assets and liability management activities measure the total cost and revenue of Federal programs, and their various elements, activities and outputs. Assets and liability management is essential for providing accurate program measurement information, performance measures, and financial statements with verifiable reporting of the cost of activities.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of assets and liability management information on the ability of responsible agencies to provide accounting support for the management of assets and liabilities of the Federal government. Generally, the unauthorized disclosure of assets and liability management information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some asset and liability management information for programs that process high-impact information can assist some criminals to evade enforcement activities. Examples range from tax evasion resulting from unauthorized disclosure of information regarding audit budgets to unauthorized disclosure of budget details for specific border control, antiterrorism, or witness protection expenditures. Where actions taken based on unauthorized disclosure of assets and + liability management details pose a threat to human life or a loss of major assets, the confidentiality impact is high.

+ + +

The recommended provisional confidentiality impact level for assets and liability management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the assets and liability management information. Assets and liability management processes are generally tolerant of delay. Typically, disruption of access to assets and liability management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for assets and liability management information is low.

+ + +

The accuracy of assets and liability management information is essential to providing accurate program measurement information, performance measures, and financial statements with verifiable reporting of the cost of activities. The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Also, the consequences of unauthorized modification or destruction of assets and liability management information may depend on the urgency with which the information is needed. Assets and liability management activities are not generally time-critical and a compromise would have only limited adverse effects on agency operations, agency assets, or individuals. Special Factors Affecting Integrity Impact Determination: If reports based on modified or incomplete information are circulated, the adverse effect on mission functions and public confidence in the agency can be + serious. In such cases, the integrity impact would be moderate.

+ + +

The provisional integrity impact level recommended for assets and liability management information is low.

+ + + + Financial Management + Reporting and Information + +

Reporting and Information includes providing financial information, reporting and analysis of financial transactions. Financial reporting includes the activities necessary to support: management’s fiduciary role; budget formulation and execution functions; fiscal management of program delivery and program decision making; and internal and external reporting requirements.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of financial reporting information on an agency’s ability to provide financial information and reporting and analysis of financial transactions. Typically, the unauthorized disclosure of financial reporting information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of financial reporting information for programs that process high-impact information can give adversaries damaging insights into details of agency plans, priorities, and operations. In relatively rare cases, actions taken based on unauthorized disclosure of financial reporting details pose a threat to human life or a loss of major assets, so the confidentiality impact is high.

+ + +

The provisional confidentiality impact level recommended for reporting and information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the assets and liability management information. Financial reporting processes are generally tolerant of delay. Typically, disruption of access to financial reporting information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact recommended for reporting and information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Financial reporting activities are not generally time-critical. Many integrity compromises would result in limited adverse effects on agency operations, agency assets, or individuals. If planning documents, proposals, or reports based on modified or incomplete information are circulated; the adverse effect on mission functions or public confidence in the agency can be serious. In most cases, serious adverse effects on agency operations, agency assets, or individuals can be expected. The extensive audit and investigative actions that often follow discovery of an agency’s use of falsified financial reports or omission of financial reporting data can place the agency at a significant disadvantage.

+ + +

The provisional integrity impact level recommended for reporting and information is moderate.

+ + + + Financial Management + Funds Control + +

Funds Control includes the management of the Federal budget process including the development of plans and programs, budgets, and performance outputs as well as financing Federal programs and operations through appropriation and apportionment of direct and reimbursable spending authority, fund transfers, investments and other financing mechanisms. Funds control management includes the establishment of a system for ensuring an organization does not obligate or disburse funds in excess of those appropriated or authorized.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of funds control information on the ability of responsible agencies to develop plans and programs, budgets, and performance outputs and outcomes; and to finance Federal programs and operations through appropriation and apportionment of direct and reimbursable spending authority, fund transfers, investments and other financing mechanisms. In general, unauthorized disclosure of funds control information, particularly of budget allocations for specific programs or program elements, can be seriously detrimental to government interests in procurement processes. In many instances, such unauthorized disclosure is prohibited by executive order or by law (e.g., Federal Acquisition Regulation). Premature release of draft funds control information can yield advantages to competing interests and seriously endanger agency operations – or even agency mission. Special Factors Affecting Confidentiality Impact + Determination: Unauthorized disclosure of funds control information for programs that process classified or high-impact information can give adversaries damaging insights into details of agency plans, priorities, and operations. (Classified programs and systems are outside the scope of this guideline.) In rare cases, actions taken based on unauthorized disclosure of funds control details can pose a threat to human life or a loss of major assets, so the confidentiality impact would be high.

+ + +

While, in many cases, unauthorized disclosure of funds control information will have only a limited adverse effect on agency operations, assets, or individuals, the potential for serious harm is such that the provisional confidentiality impact level recommended for funds control information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the funds control information. Funds control processes are generally tolerant of delay. Typically, disruption of access to funds control information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for funds control information is low. C.3.2.4 Accounting Information Type

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Funds control activities are not generally time-critical. An accumulation of small changes to data or deletion of small entries can result in budget shortfalls or cases of excessive obligations or disbursements.

+ + +

In most cases, the adverse effects of consequent negative publicity on mission functions, image or public confidence in the agency can be serious. Therefore, the provisional integrity impact level recommended for funds control information is moderate.

+ + + + Financial Management + Accounting + +

Accounting entails accounting for assets, liabilities, fund balances, revenues and expenses associated with the maintenance of Federal funds and expenditure of Federal appropriations (Salaries and Expenses, Operation and Maintenance, Procurement, Working Capital, Trust Funds, etc.), in accordance with applicable Federal standards (FASAB, Treasury, OMB, GAO, etc.).

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of accounting information on the abilities of government agencies to maintain Federal funds and expenditure of Federal appropriations in accordance with applicable Federal standards. Unauthorized disclosure of accounting information for programs that process classified or high-impact information can give adversaries damaging insights into details of agency plans, priorities, and operations. In most cases, unauthorized disclosure of accounting information will have only a limited adverse effect on agency operations, assets, or individuals. (Classified programs and systems are outside the scope of this guideline.) Special Factors Affecting Confidentiality Impact Determination: In relatively rare cases, actions taken based on unauthorized disclosure of accounting details can pose a threat to human life or a loss of major assets, so the confidentiality impact would be high. In some cases, unauthorized + disclosure of accounting information can violate proprietary information or other non-disclosure agreements. In such cases, the government may suffer not only a loss of public confidence, but may become vulnerable to legal actions. Where sensitive or proprietary information is involved, the impact of unauthorized disclosure is likely to be moderate. Where the accounting information is involved in an audit associated with suspected fraud or other criminal activities, the investigation may be imperiled. Here too, the impact of unauthorized disclosure is likely to be moderate.

+ + +

The provisional confidentiality impact level recommended for accounting information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the accounting information. Accounting processes are generally tolerant of delay. Typically, disruption of access to accounting information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for accounting information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Accounting activities are not generally time-critical. An accumulation of small changes to data or deletion of small entries can result in cost overruns and other cases of excessive obligations or disbursements. In most cases, the adverse effects of consequent negative publicity and institution of corrective action programs on mission functions and public confidence in the agency can be serious. Special Factors Affecting Integrity Impact Determination: In some cases, undetected integrity compromises can be extremely expensive to the government and its employees in terms of both monetary losses and loss of reputation.

+ + +

The provisional integrity impact level recommended for accounting information is moderate.

+ + + + Financial Management + Payments + +

Payments include disbursements of Federal funds, via a variety of mechanisms, to Federal and private individuals, Federal agencies, state, local and international Governments, and the private sector, to effect payment for goods and services, or distribute entitlements, benefits, grants, subsidies, loans, or claims. Payment management provides appropriate control over all payments made by or on behalf of an organization, including but not limited to payments made to: vendors in accordance with contracts, purchase orders and other obligating documents; state governments under a variety of programs; employees for salaries and expense reimbursements; other Federal agencies for reimbursable work performed; individual citizens receiving Federal benefits; and recipients of Federal loans.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of payments information on the ability of responsible agencies to provide appropriate control over all payments made by or on behalf of an organization. In most cases, unauthorized disclosure of payments information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Payment information typically includes information needed for electronic payments such as bank account numbers. Unauthorized access to this type of information could result in significant financial loss for both the Federal government and its payees. Where payment activities are part of an agency’s service delivery mission (e.g., payment of benefits), Privacy Act information and other information subject to statutory or regulatory dissemination controls must appear in the payment vehicles (e.g., name and social security number on check + records). (The provisional impact levels for personnel information are documented in the Personal Identity and Authentication, Income, Representative Payee, and Entitlement Event information types.) In such cases, the confidentiality impact level can be at least moderate. (See C.2.8.8.)

+ + +

The provisional confidentiality impact level recommended for payments information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the payments information. Payment processes are generally tolerant of delay. Typically, disruption of access to payments information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Where payment activities are part of an agency’s service delivery mission (e.g., payment of benefits), the consequences of loss of information availability that result in failure of payments to go to the appropriate entity can range from minor to life-threatening. In such cases, the availability impact level can be moderate or high. (See C.2.8.11.)

+ + +

For most Federal government payment systems, the provisional availability impact level recommended for payments information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Payments activities are not generally time-critical. An accumulation of small changes to data or deletion of small entries can result in cost overruns and other cases of excessive disbursements. In most cases, the adverse effects of consequent negative publicity and institution of corrective action programs on mission functions or public confidence in the agency can be serious. Special Factors Affecting Integrity Impact Determination: Where payment activities are part of an agency’s service delivery mission (e.g., payment of benefits), the consequences of integrity compromises that result in failure of payments to go to the appropriate entity can range from minor to life-threatening. In such cases, the availability impact level can be high. (See C.2.8.11.)

+ + +

For most Federal government payment systems, the provisional integrity impact level recommended for payments information is moderate.

+ + + + Financial Management + Collections and Receivables + +

Collections and Receivables include deposits, fund transfers, and receipts for sales or service. Receivable management supports activities associated with recognizing and recording debts due to the Government, performing follow-up actions to collect on these debts, and recording cash receipts.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of collections and receivables information on the ability of responsible agencies to recognize and record debts due to the Government, perform follow-up actions to collect on these debts, and record cash receipts. In most cases, unauthorized disclosure of receivable management information will have only a limited adverse effect on agency operations, assets, or individuals.

+ + +

The provisional confidentiality impact level recommended for collections and receivables information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the collections and receivables information. Collections and receivables processes are generally tolerant of delay. Typically, disruption of access to collections and receivables information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for collections and receivables information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. An accumulation of small changes to data or deletion of small entries can result in revenue shortfalls. In most cases, the adverse effects of consequent negative publicity and institution of corrective action programs on mission functions or public confidence in the agency can be serious.

+ + +

The provisional integrity impact recommended for collections and receivables information is moderate.

+ + + + Financial Management + Cost Accounting/ Performance Measurement + +

Cost Accounting / Performance Measurement is the process of accumulating, measuring, analyzing, interpreting, and reporting cost information useful to both internal and external groups concerned with the way in which an organization uses, accounts for, safeguards, and controls its resources to meet its objectives. Cost accounting information is necessary in establishing strategic goals, measuring service efforts and accomplishments, and relating efforts to accomplishments. Also, cost accounting, financial accounting, and budgetary accounting all draw information from common data sources.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of cost accounting / performance measurement information on the ability of responsible agencies to process accumulating, measuring, analyzing, interpreting, and reporting cost information useful to both internal and external groups concerned with the way in which an organization uses, accounts for, safeguards, and controls its resources to meet its objectives, and will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, unauthorized disclosure of cost accounting / performance measurement information can violate proprietary information or other non-disclosure agreements. In such cases, the government may suffer not only a loss of public confidence, but may become vulnerable to legal actions. Where sensitive or proprietary information is involved, the impact of unauthorized disclosure is likely + to be moderate. Where the cost accounting information is involved in an audit associated with suspected fraud or other criminal activities, the investigation may be imperiled. Here too, the impact of unauthorized disclosure is likely to be moderate.

+ + +

The provisional confidentiality impact level recommended for cost accounting / performance measurement information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to cost accounting / performance measurement information. Cost accounting / performance measurement processes are generally tolerant of delay. Typically, disruption of access to cost accounting / performance measurement information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for cost accounting / performance measurement information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effects of consequent negative publicity and institution of corrective action programs on mission functions or public confidence in the agency can be serious.

+ + +

The provisional integrity impact level recommended for cost accounting / performance measurement information is moderate.

+ + + + Human Resource Management + HR Strategy + +

HR Strategy develops effective human capital management strategies to ensure federal organizations are able to recruit, select, develop, train, and manage a high-quality, productive workforce in accordance with merit system principles. This sub-function includes: conducting both internal and external environmental scans; developing human resources and human capital strategies and plans; establishing human resources policy and practices; managing current and future workforce competencies; developing workforce plans; developing succession plans; managing the human resources budget; providing human resources and human capital consultative support; and measuring and improving human resources performance.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of HR strategy information on the ability of responsible agencies to develop effective human capital management strategies to ensure federal organizations are able to recruit, select, develop, train, and manage a high-quality, productive workforce in accordance with merit system principles, and will have only a limited adverse effect on agency operations, assets, or individuals. The consequences of unauthorized disclosure of the majority of HR strategy information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974, the Health Insurance Portability and Accountability Act of 1996, or other laws and executive orders affecting the dissemination of information regarding + individuals. In such cases, the consequences of unauthorized disclosure of HR strategy information could be serious. In such cases, the confidentiality impact level might be moderate. In a few cases (e.g., where some employees are potential targets for retaliation by criminal elements or targets of foreign intelligence organizations), unauthorized disclosure of some HR strategy information (e.g., succession plans, names, addresses, title, organization, dependents’ information) can have life-threatening consequences and has a high confidentiality impact level.

+ + +

The provisional confidentiality impact level recommended for disclosure of HR strategy information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to HR strategy information. HR strategy processes are generally tolerant of delay. Typically, disruption of access HR strategy information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for HR strategy information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of HR strategy information depends mostly on the criticality of the information with respect to agency mission, protection of agency assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets.

+ + +

The provisional integrity impact level recommended for HR strategy information is low.

+ + + + Human Resource Management + Staff Acquisition + +

Staff Acquisition establishes procedures for recruiting and selecting high-quality, productive employees with the right skills and competencies, in accordance with merit system principles. This sub-function includes: developing a staffing strategy and plan; establishing an applicant evaluation approach; announcing the vacancy, sourcing and evaluating candidates against the competency requirements for the position; initiating pre-employment activities; and hiring employees.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of staff acquisition information on the ability of responsible agencies to establish procedures for recruiting and selecting high-quality, productive employees with the right skills and competencies, in accordance with merit system principles will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for disclosure of staff acquisition information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to staff acquisition information. Staff acquisition processes are generally tolerant of delay. Typically, disruption of staff acquisition information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for staff acquisition information is low

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of staff acquisition information depends mostly on the criticality of the information with respect to agency mission, protection of agency assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets.

+ + +

The provisional integrity impact level recommended for staff acquisition information is low.

+ + + + Human Resource Management + Organization & Position Management + +

Organization and Position Management designs, develops, and implements organizational and position structures that create a high-performance, competency-driven framework that both advances the agency mission and serves agency human capital needs.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of organization and position management information on the ability of responsible agencies to design, develop, and implement organizational and position structures creating a high-performance, competency-driven framework that both advances the agency mission and serves agency human capital needs. In most cases, unauthorized disclosure of organization and position management information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for disclosure of organization and position management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to organization and position management information. Organization and position management processes are generally tolerant of delay. Typically, disruption of organization and position management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for organization and position management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of organization and position management information depends mostly on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals.

+ + +

The provisional integrity impact level recommended for organization and position management information is low.

+ + + + Human Resource Management + Compensation Management + +

Compensation Management designs, develops, and implements compensation programs that attract, retain and fairly compensate agency employees. In addition, designs, develops, and implements pay for performance compensation programs to recognize and reward high performance, with both base pay increases and performance bonus payments. This sub-function includes: developing and implementing compensation programs; administering bonus and monetary awards programs; administering pay changes; managing time, attendance, leave and pay; and managing payroll.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of compensation management information on the ability of responsible agencies to design, develop, and implements compensation programs that attract, retain and fairly compensate agency employees will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. In a few cases (e.g., where some employees are potential targets for retaliation by criminal elements or targets of foreign intelligence organizations), unauthorized disclosure of some compensation management information (e.g., name, address, title, organization, dependents’ information) can have + life-threatening consequences and has a high confidentiality impact level.

+ + +

The provisional confidentiality impact level recommended for disclosure compensation management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to compensation management information. Compensation management processes are generally tolerant of delay. Typically, disruption compensation management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended compensation management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Compensation management activities are not generally time-critical. Special Factors Affecting Integrity Impact Determination: An accumulation of small changes to data or deletion of small entries can result in excessive disbursements of payroll, bonus and monetary awards or affects pay changes, time and attendance, etc. In some cases, the adverse effects of consequent negative publicity on mission functions or public confidence in the agency can be serious. In some other cases, integrity compromises that adversely affect a significant subset of the workforce can result in staff issues and work stoppages that adversely affect the agency’s mission. Where interruptions to agency missions can have serious or life-threatening consequences for individuals, the impacts of integrity compromises can be + moderate or even high.

+ + +

The provisional integrity impact level recommended for compensation management information is low.

+ + + + Human Resource Management + Benefits Management + +

Benefits Management designs, develops, and implements benefit programs that attract, retain and support current and former agency employees. This sub-function includes: establishing and communicating benefits programs; processing benefits actions; and interacting as necessary with third party benefits providers.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure benefits management information on the ability of responsible agencies to design, develop, and implement benefit programs that attract, retain and support current and former agency employees will have only a limited adverse effect on agency operations, assets, or individuals. The consequences of unauthorized disclosure of the majority of benefits management information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974, the Health Insurance Portability and Accountability Act of 1996, or information that is proprietary to a corporation or other organization. In such cases, the consequences of unauthorized disclosure of benefits management information could be serious + (particularly in cases of exposure of large data bases that might reveal private medical information or facilitate identity theft or other financial fraud). (The provisional impact levels for personnel information are documented in the Personal Identity and Authentication, Income, and Entitlement Event information types.) In such cases, the confidentiality impact level would be moderate.

+ + +

The provisional confidentiality impact level recommended for disclosure of benefits management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to benefits management information. Benefits management processes are generally tolerant of delay. Typically, disruption benefits management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended benefits management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of benefits management information depends mostly on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. In general, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets.

+ + +

The provisional integrity impact level recommended for benefits management information is low.

+ + + + Human Resource Management + Employee Performance Management + +

Employee Performance Management designs, develops, and implements a comprehensive performance management approach to ensure agency employees are demonstrating competencies required of their work assignments. Design, develop and implement a comprehensive performance management strategy that enables managers to make distinctions in performance and links individual performance to agency goal and mission accomplishment. This sub-function also includes managing employee performance at the individual level and evaluating the overall effectiveness of the agency’s employee development approach.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of employee performance management information regarding the agencies ability to design, develop, and implement a comprehensive performance management approach to ensure agency employees are demonstrating competencies required of their work assignments. In most cases, unauthorized disclosure of employee performance management information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for disclosure of employee performance management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to employee performance management information. Employee performance management processes are generally tolerant of delay. Typically, disruption employee performance management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended employee performance management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of employee performance management information depends mostly on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets.

+ + +

The provisional integrity impact level recommended for employee performance management information is low.

+ + + + Human Resource Management + Employee Relations + +

Employee Relations designs, develops, and implements programs that strive to maintain an effective employer-employee relationship that balance the agency’s needs against its employees’ rights. This sub-function includes: addressing employee misconduct; addressing employee performance problems; managing administrative grievances; providing employee accommodation; administering employees assistance programs; participating in administrative third party proceedings; and determining candidate and applicant suitability.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of employee relations information on the ability of responsible agencies to design, develop, and implement programs that strive to maintain an effective employer-employee relationship that balance the agency’s needs against its employees’ rights. The consequences of unauthorized disclosure of the employee relations information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974, the Health Insurance Portability and Accountability Act of 1996, or other laws and executive orders affecting the dissemination of information regarding individuals. (The provisional impact levels for personnel information are documented in the Personal Identity and Authentication.) In such cases, the + consequences of unauthorized disclosure of Employee Relations information could be serious. In such cases, the confidentiality impact level might be moderate.

+ + +

The provisional confidentiality impact level recommended for disclosure of employee relations information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access employee relations information. Employee relations processes are generally tolerant of delay. Typically, disruption employee relations information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended employee relations information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of employee relations information depends mostly on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets. Special Factors Affecting Integrity Impact Determination: In some cases, integrity compromises that adversely affect a significant subset of the workforce can result in work stoppages that adversely affect the agency’s mission. Where interruptions to agency missions can have serious or life-threatening consequences for individuals, the impacts of + integrity compromises can be moderate or even high.

+ + +

The provisional integrity impact level recommended for employee relations information is low.

+ + + + Human Resource Management + Labor Relations + +

Labor Relations manages the relationship between the agency and its unions and bargaining units. This includes negotiating and administering labor contracts and collective bargaining agreements; managing negotiated grievances; and participating in negotiated third party proceedings.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of labor relations information on the ability of responsible agencies to manage the relationship between the agency and its unions and bargaining units. This includes negotiating and administering labor contracts and collective bargaining agreements; managing negotiated grievances; and participating in negotiated third party proceedings. The consequences of unauthorized disclosure of the majority of labor relations information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In cases where the consequences of unauthorized disclosure of labor relations information could seriously affect the agencies mission capability, protection of agency assets, and safety of individuals, the confidentiality impact level might be moderate.

+ + +

The provisional confidentiality impact level recommended for disclosure of labor relations information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to labor relations information. Labor relations processes are generally tolerant of delay. Typically, disruption labor relations information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In some cases (e.g., where an agency’s mission is strongly dependent on organized labor), loss of availability of information that adversely affects a significant subset of the workforce can result in work stoppages that adversely affect the agency’s mission. Where interruptions to agency missions can have serious or life-threatening consequences for individuals, the impacts of availability compromises can be moderate or even high.

+ + +

The provisional availability impact level recommended labor relations information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of labor relations information depends mostly on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets. Special Factors Affecting Integrity Impact Determination: In some cases (e.g., where an agency’s mission is strongly dependent on organized labor), integrity compromises that adversely affect a significant subset of the workforce can result in work stoppages that adversely affect the agency’s mission. Where interruptions to agency missions can have + serious or life-threatening consequences for individuals, the impacts of integrity compromises can be moderate or even high.

+ + +

The provisional integrity impact level recommended for labor relations information is low.

+ + + + Human Resource Management + Separation Management + +

Separation Management conducts efficient and effective employee separation programs that assist employees in transitioning to non-Federal employment; facilitates the removal of unproductive, non-performing employees; and assists employees in transitioning to retirement.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of separation management information on the ability of responsible agencies conducts efficient and effective employee separation programs that assist employees in transitioning to non-Federal employment; facilitates the removal of unproductive, non-performing employees; and assists employees in transitioning to retirement. In most cases, unauthorized disclosure of separation management information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for disclosure of separation management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access separation management. Separation management processes are generally tolerant of delay. Typically, disruption separation management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended separation management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of separation management information is generally limited with respect to agency mission capabilities or assets.

+ + +

The provisional integrity impact level recommended for separation management information is low.

+ + + + Human Resource Management + Human Resources Development + +

Human Resources Development designs, develops, and implements a comprehensive employee development approach to ensure that agency employees have the right competencies and skills for current and future work assignments. This sub-function includes conducting employee development needs assessments; designing employee development programs; administering and delivering employee development programs; and evaluating the overall effectiveness of the agency’s employee development approach.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of human resources development information on the ability of responsible agencies to design, develop, and comprehensive employee development approach to ensure that agency employees have the right competencies and skills for current and future work assignments. In most cases, unauthorized disclosure of human resource development information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will probably be personal information subject to the Privacy Act of 1974. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for disclosure of human resources development information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish human resources development information. Human resources development information is generally tolerant of delay. Typically, disruption of human resources development information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended human resources development information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of human resource development information depends mostly on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. Although there can be serious short-term effects for individuals, the effects of modifications or deletion of this information are generally limited with respect to agency mission capabilities or assets.

+ + +

The provisional integrity impact level recommended for human resources development information is low.

+ + + + Supply Chain Management + Goods Acquisition + +

Goods acquisition involves the procurement of physical goods, products, and capital assets to be used by the Federal government.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of goods acquisition information on the ability of agencies to procure physical goods, products, and capital assets to be used by the Federal government. The consequences of unauthorized disclosure of most goods acquisition information will have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of information associated with large procurements can result in fraud, waste, abuse, and/or legal proceedings that can have a serious to severe effect on Federal government assets and operations. Also, information associated with acquisition of many Federal government facilities can be useful to criminals seeking to gain access to those facilities. In these cases, unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, or individuals. + The consequent confidentiality impact would range from moderate to high. Also, unauthorized disclosure of one agency’s goods acquisition information by another agency could result in negative impacts on cross-jurisdictional coordination within the goods acquisition infrastructure and the general effectiveness of organizations tasked with acquisition of government facilities and supplies. Additionally, some procurement information associated with proposals is proprietary. In the case of competitive procurements, much information associated with unsuccessful bids remains proprietary following award of the contract (e.g., pricing information). Unauthorized disclosure of proprietary information can have serious consequences for agencies and have at least a moderate confidentiality impact level. Some procurement information is classified. The classified information is national security related and is outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for goods acquisition information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the goods acquisition information. Functions and processes supported by most goods acquisition information are tolerant of delays i.e., the data supporting the functions/processes are not time-critical. Typically, disruption of access will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency procurements necessary to support response aspects of disaster management. In such cases, delays may cost lives and major property damage. Consequently, the availability impact level associated with disruption of access to goods acquisition information needed to respond to emergencies may be high.

+ + +

The provisional availability impact level recommended for goods acquisition information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of goods acquisition information usually depends on the urgency with which the information is needed or the immediacy with which the information is used Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external publication of goods acquisition information (e.g., web pages, electronic mail) may adversely affect public confidence in the agency. However, damage to the mission would usually be limited. Unauthorized modification or destruction of information relating to procurement actions (particularly proposal information) can result in serious disruption of procurement processes that can be important or even critical to agency operations. In such cases, the + integrity impact level can be moderate or even high.

+ + +

The provisional integrity impact level recommended for modification or destruction of most goods acquisition information is low.

+ + + + Supply Chain Management + Inventory Control + +

Inventory control refers to the tracking of information related to procured assets and resources with regards to quantity, quality, and location.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of inventory control information on the ability of agencies to track information related to procured assets and resources with regards to quantity, quality, and location. The consequences of unauthorized disclosure of most inventory control information are likely to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of information associated with inventories of hazardous materials (e.g., radioactive materials, toxins, bio-hazardous items, explosives) can facilitate terrorist or other criminal activities that may result in serious effects on Federal government assets and operations and on the general public. In general, inventory control information can be of material use to criminals seeking to perpetrate fraud, theft, or some other criminal enterprise. In these cases too, + unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, or individuals. The consequent confidentiality impact of these types of criminal exploitation of unauthorized disclosure of inventory control information would range from moderate to high. Also, unauthorized disclosure of one agency’s inventory control information by another agency could result in negative impacts on cross-jurisdictional coordination within the inventory control infrastructure and the general effectiveness of organizations tasked with the distribution and accounting of government facilities and supplies. Some inventory control information is classified. The classified information is national security related and is outside the scope of this guideline.

+ + +

Regardless of the moderate or high impact associated with unauthorized disclosure of some inventory control information, the provisional confidentiality impact level recommended for inventory control information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to inventory control information. Functions and processes supported by most inventory control information are tolerant of delays i.e., the data supporting the functions/processes are not time-critical. Typically, disruption of access to inventory control information will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency requirements to access and distribute materials necessary for disaster management. In such cases, delays may cost lives and major property damage. Consequently, the impact level for inventory control information needed to respond to emergencies will be high.

+ + +

The provisional availability impact level recommended for inventory control information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of inventory control information usually depends on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, it is unlikely that the information will be needed urgently or acted upon immediately. Unauthorized modification or destruction of information affecting external publication of inventory control information (e.g., web pages, electronic mail) may adversely affect public confidence in the agency. However, damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for inventory control information is low.

+ + + + Supply Chain Management + Logistics Management + +

Logistics management involves the planning and tracking of personnel and their resources in relation to their availability and location.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of logistics management information on the ability of agencies to plan and track the availability and location of personnel and their resources. The consequences of unauthorized disclosure of most logistics management information are likely to have only limited adverse effects on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of logistics information associated with homeland security, law enforcement and some transportation activities (e.g., air transport) can facilitate terrorist or other criminal activities that may result in serious on Federal government assets and operations and on the general public. Logistics management information associated with a broad range of mission areas can be of material use to criminals seeking to perpetrate fraud, theft, or other criminal enterprises. Also, this information + is a key intelligence target for those seeking information on defense or law enforcement capabilities, dispositions and intent. In all these cases, the unauthorized disclosure of logistics management information may result in serious adverse effects on agency operations, agency assets, and individuals. Therefore, the confidentiality impact level for these types of criminal exploitation of unauthorized disclosure of logistics management information will range from moderate to high. Some logistics management information is classified (e.g., some military logistics information). The classified information is national security related and is outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for most logistics management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to logistics management information. Functions and processes supported by most logistics management information are tolerant of delays i.e., the data supporting the functions/processes are not time-critical. Typically, disruption of access to logistics management information will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency requirements to deploy personnel and their resources to support disaster management. In such cases, delays may cost lives and major property damage. Consequently, the impact level for logistics management information needed to respond to emergencies will be high.

+ + +

The availability impact level recommended for logistics management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of logistics management information usually depends on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, the information will not be needed urgently or acted upon immediately. Unauthorized modification or destruction of information affecting external publication of logistics management information (e.g., web pages, electronic mail) may adversely affect public confidence in the agency. However, damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for logistics management information is low.

+ + + + Supply Chain Management + Services Acquisition + +

Services acquisition involves the oversight and/or management of contractors and service providers from the private sector.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of services acquisition information on the ability of agencies to oversee and/or manage contractors and service providers from the private sector. The consequences of unauthorized disclosure of most services acquisition information are likely to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of information associated with very large procurements can result in fraud, waste, abuse, and/or legal proceedings that can have a serious effect on Federal government assets and operations. Also, information associated with acquisition of some services (e.g., security or protection services) can be of material use to criminals seeking to gain access to Federal facilities or information in order to facilitate or perpetrate sabotage, murder, fraud, theft, or other criminal enterprises. + In these cases, unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, and/or individuals. The consequent confidentiality impact will range from moderate to high. Additionally, some procurement information associated with proposals is proprietary. In the case of competitive procurements, much information associated with unsuccessful bids remains proprietary following award of the contract (e.g., pricing information). Unauthorized disclosure of proprietary information can have serious consequences for agencies and have at least a moderate confidentiality impact level. Some services procurement information is classified. The classified information is national security related and is outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for most services acquisition information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to services acquisition information. Functions and processes supported by most services acquisition information are tolerant of delays i.e., the data supporting the functions/processes are not time-critical. In most cases, disruption of access to services procurement information can be expected to have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals.

+ + +

The provisional availability impact level recommended for services acquisition information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of services acquisition information usually depends on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, the information will not be needed urgently or acted upon immediately. Also, unauthorized modification or destruction of information affecting external publication of services acquisition information (e.g., web pages, electronic mail) may adversely affect public confidence in the agency. However, damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information relating to procurement actions (particularly proposal information) can result in serious disruption of + procurement processes and loss of availability of services that can be important or even critical to agency operations. In such cases, the integrity impact level can be moderate or even high.

+ + +

The provisional integrity impact level recommended for most services acquisition information is low.

+ + + + Information and Technology Management + System Development + +

System Development supports all activities associated with the in-house design and development of software applications.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of system development information on the ability of responsible agencies to design and develop software applications in-house. In the system development phase, a system’s security configuration baseline is established. In most cases, the system development information is not particularly sensitive and is distributed to the users. In general, disclosure of the system development information is likely to result in only limited adverse effects on the confidentiality of system information and processes.

+ + +

The provisional confidentiality impact level recommended for system development information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to system development information. Functions and processes supported by most system development information are not time-critical. That is, temporary disruption of access to system development information will usually have only a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals.

+ + +

The provisional availability impact level recommended for system development information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of system development information depend on the maximum aggregate sensitivity and criticality of the information and processes associated with the system. Special Factors Affecting Integrity Impact Determination: The Recommended Integrity Impact Level may range from low to high to national security information (outside the scope of this guideline).

+ + +

The provisional integrity impact level recommended for most system development information is moderate.

+ + + + Information and Technology Management + Lifecycle/Change Management + +

Lifecycle/Change Management involves the processes that facilitate a smooth evolution, composition, and workforce transition of the design and implementation of changes to agency resources such as assets, methodologies, systems, or procedures.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of lifecycle/change management information on the ability of responsible agencies to execute processes that facilitate a smooth evolution, composition, and workforce transition of the design and implementation of changes to agency resources such as assets, methodologies, systems, or procedures. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some lifecycle/change management information can provide adversaries with intelligence information that may be useful in efforts to compromise the system. This can result in assignment of a moderate impact level to such information. Additionally, there are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade secrets will generally be assigned a moderate confidentiality impact level.

+ + +

The provisional confidentiality impact level recommended for lifecycle/change management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to lifecycle/change management information. Functions and processes supported by most lifecycle/change management information are not time-critical. That is, temporary disruption of access to lifecycle/change management information will usually have only a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals.

+ + +

The provisional availability impact level recommended for lifecycle/change management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of undetected or unauthorized modification or destruction of lifecycle/change management information depends on the maximum aggregate sensitivity and criticality of the information and processes associated with the system. Special Factors Affecting Integrity Impact Determination: The Recommended Integrity Impact Level can range from low to high to national security information (outside the scope of this guideline).

+ + +

The provisional integrity impact level recommended for lifecycle/change management information is moderate.

+ + + + Information and Technology Management + System Maintenance + +

System Maintenance supports all activities associated with the maintenance of in-house designed software applications.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of system maintenance information on the ability of responsible agencies to maintain in-house designed software applications. In most cases, system maintenance information is not particularly sensitive and is distributed to the users. In general, disclosure of system maintenance information is likely to result in only limited adverse effects on the confidentiality of system information and processes.

+ + +

The provisional impact level recommended for system maintenance information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to maintenance information. Functions and processes supported by most maintenance information are not time-critical. That is, temporary disruption of access to maintenance information will usually have only a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals.

+ + +

The provisional availability impact level recommended for system maintenance information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of system maintenance information can be particularly serious because specific modifications to system changes can be difficult to identify. Special Factors Affecting Integrity Impact Determination: The consequences of undetected or unauthorized modification or destruction of system maintenance information may depend on the maximum aggregate sensitivity and criticality of the information and processes associated with the system. The Recommended Integrity Impact Level can range from low to high to national security information (outside the scope of this guideline).

+ + +

The provisional integrity impact level recommended for system maintenance information is moderate.

+ + + + Information and Technology Management + IT Infrastructure Maintenance + +

IT infrastructure maintenance involves the planning, design, implementation, and maintenance of an IT Infrastructure to effectively support automated needs (i.e. operating systems, applications software, platforms, networks, servers, printers, etc.). IT infrastructure maintenance also includes information systems configuration and security policy enforcement information. This information includes password files, network access rules and implementing files and/or switch setting, hardware and software configuration settings, and documentation that may affect access to the information system’s data, programs, and/or processes. The impact levels associated with IT infrastructure maintenance information are primarily a function of the information processed in and through that infrastructure. The IT Maintenance Information type represents a complex set of data elements that are used to secure the design, implementation, and maintenance of systems and networks. The security of + each of these data elements is dependent on the security of the other data elements. Security compromise of one data element type will propagate to others.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of IT infrastructure maintenance information on the ability of responsible agencies to plan, design, implement, and maintain an IT Infrastructure to effectively support automated needs (i.e. operating systems, applications software, platforms, networks, servers, printers, etc.). [See also Appendices C.3.5.5, IT Security Information and C.3.5.7, Information Management Information.] IT infrastructure maintenance also includes information systems configuration and security policy enforcement information. Unauthorized disclosure of some IT infrastructure maintenance information can lead to confidentiality compromise of information processed by the system (e.g., password files, file access tables, cryptographic keying information, network access rules, and hardware and software configuration settings, and documentation that may affect access to the information system’s data, programs, and/or processes). + As a result, the confidentiality impact associated with this information is that of the highest impact information processed by the system. Also, a higher confidentiality impact may be associated with information in aggregate than is associated with any single element of information.

+ + +

Particularly in the case of passwords and cryptographic keys, the provisional impact level recommended for IT infrastructure maintenance information depends on the sensitivity and criticality of system information and processes. Although an individual organization’s IT infrastructure maintenance information type base may include data elements that will require a higher rating, the recommended provisional impact is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to IT infrastructure maintenance information. Functions and processes supported by most IT infrastructure maintenance information are not time-critical. Also, disruption of access will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency response aspects of disaster management or other high load and time critical functions (e.g., some systems that support air traffic control functions). The effects of disruption of access to IT infrastructure maintenance information or information systems may be to deny mission-critical IT resources to all affected organizations. The availability impact level associated with denial-of-service to IT + infrastructure maintenance information needed to respond to emergencies or critical to public safety can be high.

+ + +

The provisional availability impact level recommended for IT infrastructure maintenance information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of IT infrastructure maintenance information usually depends on the urgency with which the data processed in the IT infrastructure is needed or the time-critical nature of the data. In most cases, it is unlikely that the information will be needed urgently or acted upon immediately. In most cases, the consequences of unauthorized modification of IT infrastructure maintenance information will result in limited damage to agency operations or assets. Special Factors Affecting Integrity Impact Determination: Exceptions may include incorrect information used for emergency response aspects of disaster management, criminal apprehension, air traffic control or other time-critical missions. In such cases, a moderate or high integrity impact + level might be considered.

+ + +

The provisional integrity impact level recommended for IT infrastructure maintenance information is low.

+ + + + Information and Technology Management + Information Security + +

IT Security involves all functions pertaining to the securing of Federal data and systems through the creation and definition of security policies, procedures and controls covering such services as identification, authentication, and non-repudiation.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of IT security information on the ability of responsible agencies to secure Federal data and systems through the creation and definition of security policies, procedures and controls covering such services as identification, authentication, and non-repudiation. In most cases, the security policy, procedures, and available controls are not particularly sensitive. Typically, the security information is used in initializing and implementing the controls (e.g., passwords, cryptographic keys) that need to be protected. In general, disclosure of the security policies, procedures, and controls will result in only limited adverse effects on the confidentiality of system information and processes.

+ + +

The recommended provisional confidentiality impact level recommended for IT security information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to IT security information. Temporary disruption of access to IT security information can usually be expected to have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals.

+ + +

provisional availability impact level recommended for IT security information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information.

+ + +

The provisional integrity impact level recommended for IT security information is moderate.

+ + + + Information and Technology Management + Record Retention + +

Records Retention involves the operations surrounding the management of the official documents and records for an agency.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of record retention information on the ability of responsible organizations to store, track, account for, maintain, retrieve, and disseminate official documents and records. When the data being retained belongs to one of the information types described in this guideline, the confidentiality impact assigned the data and system is at least that of the highest impact information type collected. Typically, the unauthorized disclosure of most business management information retained will have only a limited adverse effect on agency operations, assets, or individuals. National security information and national security systems are outside the scope of this guideline. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will most commonly be personal information subject to the Privacy Act of 1974 or information that is proprietary to a + corporation or other organization. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Such information will often be assigned a moderate confidentiality impact level. Where any of the information to be collected can reasonably be expected to have a high confidentiality impact level, then the record retention system must be assigned a high confidentiality impact level. In some cases, the impact assessment should consider that the aggregate of information retained might have a higher confidentiality impact than any individual information element.

+ + +

The provisional confidentiality impact level recommended for record retention information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to record retention information. Functions and processes supported by most record retention information are not time-critical. Record retention processes are generally tolerant of reasonable delays. In most cases, disruption of access to record retention information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Not many business management systems perform functions for which temporary loss of availability can cause significant degradation in mission capability, place the agency at a significant disadvantage, result in major damage to assets, or pose a threat to human life.

+ + +

The provisional availability impact level recommended for record retention information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Where integrity compromise adversely affects the ability of an organization to access its records or results in erroneous back-up information or archives, the impact on agency operations can be serious. In such cases, the integrity impact level would be moderate. In the case of large-scale archives or archives involving key national assets (e.g., national archives), the integrity impact can be particularly severe and the impact level would be high.

+ + +

The provisional integrity impact level recommended for record retention information is low.

+ + + + Information and Technology Management + Information Management + +

Information Management involves the coordination of information collection, storage, and dissemination, and destruction as well as managing the policies, guidelines, and standards regarding information management.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

management information on the ability of responsible agencies to perform the day-to-day processes of information collection, storage, dissemination, and destruction and managing the policies, guidelines, and standards regarding information management. The consequences of unauthorized disclosure depend largely on the content and use of the information being managed. The unauthorized disclosure of information management information relevant to most information managed by the government will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Information collection and storage involve the day-to-day processes of gathering and storing data from agency programs, partners, and stakeholders. More sensitive information being managed is usually personal information subject to the Privacy Act of 1974 or information that is proprietary to a corporation or other organization. The Privacy Act + Information provisional impact levels are documented in the Personal Identity and Authentication information type. Such information will often be assigned a moderate confidentiality impact level Where any of the information to be managed can be expected to have a high confidentiality, impact level, then the information management information must be assigned a high confidentiality impact level. When the data being managed belongs to one of the information types described in this guideline, the confidentiality impact assigned to the system is that of the highest impact information type processed by the system. Depending on the agency and the mission being supported, the sensitivity of the information can range from none (public information) to high. (National security information and national security systems are outside the scope of this guideline.)

+ + +

Particularly in the case of passwords and cryptographic keys, the provisional impact level recommended for information management information depends on the sensitivity and criticality of system information and processes. Although an individual organization’s IT infrastructure maintenance information type base may include data elements that will require a higher rating, the recommended provisional impact is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to information management information. The effects of disruption of access to information management information may temporarily impair agency operations. The level of impact depends on the sensitivity of the information being managed and the criticality of the system to the agency mission. Except for information needed by real-time processes (e.g., information that feeds real-time monitoring or audit functions), information management processes are generally tolerant of reasonable delays. In most cases, disruption of access to information management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Not many business management systems perform functions for which loss of availability can cause significant degradation in mission capability, place the agency + at a significant disadvantage, result in major damage to assets, or pose a threat to human life.

+ + +

The provisional availability impact level recommended for information management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of information management information (e.g., configuration settings, passwords, authorization codes, cryptographic keying material) can compromise the effectiveness of the system and impair agency operations. The level of impact depends on the criticality of system functionality to the agency mission Special Factors Affecting Integrity Impact Determination: The loss of integrity for some information management information (e.g., encryption keys) can be very serious for agency operations and can have serious consequences for public confidence in the agency. The integrity impact level recommended for information management information associated with highly critical information is high.

+ + +

Potentially serious adverse effects can be expected in most government organizations resulting from the unauthorized modification or deletion of information management information. Therefore, the provisional integrity impact level recommended for information management information is moderate.

+ + + + Information and Technology Management + System and Network Monitoring + +

System and Network Monitoring supports all activities related to the real-time monitoring of systems and networks for optimal performance. System and network monitoring describes the use of tools and observation to determine the performance and status of information systems and is closely tied to other Information and Technology Management sub-functions. System and network monitoring information type should be considered broadly to include an agency’s network [performance, health, and status] and security operations [intrusion monitoring, auditing, etc.] support.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of system and network monitoring information on the ability of responsible agencies to perform the day-to-day processes of real-time monitoring of systems and networks for optimal performance. The consequences of unauthorized disclosure depend largely on the content and use of the monitoring information gathered, retained, and reported. The unauthorized disclosure of system and network monitoring containing architectural information, vulnerabilities, and availability information may have a serious adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where the system and network monitoring information collected can be expected to have a high confidentiality impact level, then the system and network monitoring information must be assigned a high confidentiality impact level. When the system and network monitoring data being + collected supports information types described in this guideline, agency personnel should consider a confidentiality impact assignment of the highest impact information type processed by the system. Depending on the agency and the mission being supported, the sensitivity of the information can range from low to high. (National security information and national security systems are outside the scope of this guideline.)

+ + +

Particularly in the case of architectural information (IP addresses, etc.), vulnerabilities, and availability information, the provisional impact level recommended for system and network monitoring information depends on the sensitivity and criticality of system information and processes. The provisional confidentiality impact level recommended is Moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to system and network monitoring information. The effects of disruption of access to system and network monitoring information may temporarily impair or blind agency operations personnel from actual network and security performance. The level of impact depends on the sensitivity of the information and the criticality of the system to the agency mission. In most cases [the exception dual-fault situations], disruption of access to system and network monitoring information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Not many system and network monitoring systems perform functions for which loss of availability can cause significant degradation in mission capability, place the agency at a significant disadvantage, result in major damage to assets, or pose a threat to + human life.

+ + +

The provisional availability impact level recommended for system and network monitoring information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of system and network monitoring information can compromise the effectiveness of the system and impair agency network and security operations leading to inaction or incorrect decisions and actions. The level of impact depends on the criticality of system functionality to the agency mission Special Factors Affecting Integrity Impact Determination: The loss of integrity for some system and network monitoring information can be very serious for agency network and security operations, as well as, the functionality of the information system. Additionally, a loss of integrity can have severe consequences for the agency’s mission and critical business functions. The integrity impact level recommended for system and network monitoring + information associated with highly critical information is high.

+ + +

Potentially serious adverse effects can be expected in most government organizations resulting from the unauthorized modification or deletion of system and network monitoring information. Therefore, the provisional integrity impact level recommended for system and network monitoring information is moderate.

+ + + + Information and Technology Management + Information Sharing + +

The BRM provided in the FEA Consolidated Reference Model Document, Version 2.3, October 2007 specifies Information Sharing as relating to any method or function, for a given business area, facilitating: data being received in a usable medium by one or more departments or agencies as provided by a separate department or agency or other entity; and data being provided, disseminated or otherwise made available or accessible by one department or agency for use by one or more separate departments or agencies, or other entities, as appropriate. Since Information Sharing, as a function, is receiving and disseminating data [other information types] from business areas already identified, this BRM information type will not require its own impact assessment. Therefore, agency personnel should identify the information sharing information type as a pure resource management support activity for the evaluated information system. With the information sharing information type + identified, agency personnel can track the flow of information to interfacing systems.

+ + + na + + + na + + + na + + +

N/A

+ + +

N/A

+ + +

N/A

+ + +

N/A

+ + +

N/A

+ + +

N/A

+ + + + Homeland Security + Border and Transportation Security + +

Border and Transportation Security includes facilitating or deterring entry and exit of people, goods, and conveyances at and between U.S. ports of entry, as well as ensuring the security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States. Border control involves enforcing the laws regulating the admission of foreign-born persons (i.e., aliens) to the United States. This includes patrolling and monitoring borders and deportation of illegal aliens. Some border control information is also associated with other mission information types (e.g., criminal apprehension, and criminal investigation and surveillance information). In such cases, the impact levels of the associated mission information may determine impact levels associated with border control information. Some aspects of ensuring security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States are also + covered under the information types associated with the transportation mission. In some cases the border control information may be classified. Any classified information is treated under separate rules established for national security information.

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of border control information on the ability of responsible agencies to enforce laws regulating the admission of foreign-born persons (i.e., aliens) to the United States. Generally, the effects of unauthorized disclosure of border control information are usually confined to a single geographic region, immigration case, or deportation case. Even so, unauthorized disclosure may have a serious adverse effect on mission functions, cause significant degradation in mission capability, or place the agency at a significant disadvantage with respect to its border control responsibilities. Particularly in the case of immigration, naturalization, and deportation activities, unauthorized disclosure of information can violate privacy policies. Such unauthorized disclosures can have a serious effect on public confidence in the agency. Special Factors Affecting Confidentiality Impact Determination: Where border + control information is also associated with other mission information types (e.g., criminal apprehension, and criminal investigation and surveillance information), the confidentiality impact level associated with the information may be high. Where unauthorized disclosure of border control information may put the physical safety of personnel into serious jeopardy, the confidentiality impact level associated with the information may be high. Unauthorized disclosure of confidentiality of information associated with ensuring security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States can result in facilitation of terrorist activities that endanger human life. In some cases, the consequent threat to critical infrastructures, key national assets, and human life can be catastrophic. Consequently, the confidentiality impact level associated with information associated with ensuring security of transportation and + infrastructure networks, facilities, vehicles, and personnel within the United States is normally high

+ + +

The provisional confidentiality impact level recommended for most border control information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to border control information. Functions and processes supported by most border control information are not time-critical. Also, disruption of access will have only a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: There may be time critical cases, for example, information regarding transport of illegal aliens or information about a physical threat posed by aliens that border control personnel have been assigned to interdict. In such cased, the availability impact will be high. The consequences of disruption of access to information or information systems associated with ensuring security of transportation and infrastructure networks, facilities, vehicles, and personnel + within the United States may be severe. Also, anti-terrorism missions are not reliably tolerant of delays. The availability impact level for information systems that ensure the security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States is high.

+ + +

Except for such time-critical cases, cases where impact is driven by information shared with associated missions (e.g., anti-terrorism), the provisional availability impact level recommended for border control information is normally moderate.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. The consequences of unauthorized modification or destruction of information can be very serious if the information is critical to tactical operations. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information associated with ensuring security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States may seriously affect mission operations or result in the loss of human life. Unauthorized modification or destruction of information affecting + anti-terrorism information may adversely affect mission operations in a manner that results in unacceptable damage to critical infrastructures and/or key national assets or loss of key national assets and/or human life. Consequently, the integrity impact level associated with information that ensures the security of transportation and infrastructure networks, facilities, vehicles, and personnel within the United States is high.

+ + +

The provisional integrity impact level recommended for border control information is moderate.

+ + + + Homeland Security + Key Asset and Critical Infrastructure Protection + +

Key Asset and Critical Infrastructure Protection involves assessing key asset and critical infrastructure vulnerabilities and taking direct action to mitigate vulnerabilities, enhance security, and ensure continuity and necessary redundancy in government operations and personnel. The Critical Infrastructure Information Protection Act of 2002 (6 U.S.C. 131-134) places specific controls on the dissemination of critical infrastructure information (see Volume I, 3.5.2.3). Under the provisions of Executive Order 13292, some anti-terrorism information is subject to security classification. National security information is outside the scope of this guideline.

+ + + fips-199-high + + + fips-199-high + + + fips-199-high + + +

The confidentiality impact level is the effect of unauthorized disclosure of critical infrastructure protection information on the ability of responsible agencies to monitor and assess the leadership, motivations, plans, and intentions of foreign and domestic terrorist groups and their state and non-state sponsors. The effects of unauthorized disclosure of this information can reasonably be expected to jeopardize fulfillment of critical infrastructure protection missions. The consequent threat to critical infrastructures, key national assets, and human life can be catastrophic.

+ + +

The provisional confidentiality impact level recommended for critical infrastructure protection information is high.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to critical infrastructure protection information. Generally, critical infrastructure protection missions are not reliably tolerant of delays. Significant degradation in mission capability and resultant catastrophic consequences for critical infrastructures, key national assets, and/or human life may occur from disruption of access to critical infrastructure protection information.

+ + +

The provisional availability impact level recommended for critical infrastructure protection information is high.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting critical infrastructure protection operations may adversely affect mission operations and result in unacceptable damage to critical infrastructures, damage to key national assets, or loss of human life.

+ + +

The provisional integrity impact level recommended for critical infrastructure protection information is high.

+ + + + Homeland Security + Catastrophic Defense + +

Catastrophic Defense involves the development of technological countermeasures (chemical, biological, radiological and nuclear [CBRN]) to terrorist threats, conducting laboratory testing on new and promising devices, and conducting basic and applied science that can lead to the development of countermeasures. Under the provisions of Executive Order 13292, some anti-terrorism information is subject to security classification. National security information is outside the scope of this guideline.

+ + + fips-199-high + + + fips-199-high + + + fips-199-high + + +

The confidentiality impact level is the effect of unauthorized disclosure of catastrophic defense information on the ability of responsible agencies to monitor and assess the leadership, motivations, plans, and intentions of foreign and domestic terrorist groups and their state and non-state sponsors. The effects of unauthorized disclosure of this information can reasonably be expected to jeopardize fulfillment of catastrophic defense missions. The consequent threat to human life, critical infrastructures, and key national assets can be catastrophic.

+ + +

The provisional confidentiality impact level recommended for catastrophic defense information is normally high.

+ + +

The effects of disruption of access to or use of catastrophic defense information or The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to catastrophic defense information. Generally, disruption of access will have a severe adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Also, catastrophic defense missions are not tolerant of delays, with consequences of significant degradation in mission capability and resultant catastrophic consequences for human life, critical infrastructures, and/or key national assets.

+ + +

The provisional availability impact level recommended for catastrophic defense information is high.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting catastrophic defense activities may adversely affect mission operations in a manner that results in loss of human life, unacceptable damage to critical infrastructures, and/or damage to or loss of key national assets.

+ + +

The provisional integrity impact level recommended for catastrophic defense information is high.

+ + + + Homeland Security + Executive Functions of the Executive Office of the President + +

Executive Functions involve the Executive Office of the President (EOP).

+ + + fips-199-high + + + fips-199-high + + + fips-199-moderate + + +

The confidentiality impact level associated with the executive information type is associated with functions of the Executive Office of the President (EOP). The effects of loss of confidentiality of policies and guidance during the formative stage can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guidance development process. Premature public release of formative policies and guidance before internal coordination and review can result in unnecessary damage to public confidence in the EOP. These consequences may occur when the release includes unedited internal commentary and discussion. Most of the information processed in and by the EOP is classified national security information and is outside the scope of this guideline. Other information processed by the EOP is extremely sensitive and applicable to homeland security and law enforcement. The unauthorized disclosure of this extremely sensitive information + can seriously imperil human life, key national assets, and critical infrastructures.

+ + +

Based on the catastrophic harm that can be suffered by the nation due to unauthorized disclosure of executive information the provisional confidentiality impact level recommended for executive functions information is high.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the executive information. National defense and critical infrastructure protection aspects of EOP functions are not generally tolerant of delays. Excessive recovery delays can result in loss of coordination of critical defense and public welfare processes.

+ + +

The provisional availability impact level recommended for executive functions information is high.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications that contain EOP information (e.g., web pages, electronic mail) may adversely affect public confidence in the government. In the case of the EOP, the impact of such a loss of public confidence may be at least moderate.

+ + +

The provisional integrity impact level recommended for executive information is moderate.

+ + + + Intelligence Operations + Domestic Intelligence + +

Some agencies are charged with gathering domestic intelligence. Much domestic intelligence information is classified. Other domestic intelligence information may not be classified (e.g., some information obtained from state and local government sources). All classified information is treated under separate rules established for national security information.

+ + + fips-199-high + + + fips-199-high + + + fips-199-high + + +

The confidentiality impact level is the effect of unauthorized disclosure of domestic intelligence information on the ability of responsible agencies to develop and manage accurate, comprehensive, and timely domestic intelligence on homeland security topics and other national threats. The consequences of unauthorized disclosure of domestic intelligence information may include loss of the ability and/or authorization to collect information necessary to provide warning or to interdict from major threats (e.g., terrorist threats to critical infrastructures and/or key national assets).

+ + +

Given the criticality of much domestic intelligence information and the severe or catastrophic consequences to agencies that disclose domestic intelligence information without proper authorization (e.g., Privacy Act provisions, Fourth Amendment issues), the provisional confidentiality impact level recommended for the domestic intelligence information is high.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to domestic intelligence information. Generally, missions supported by domestic intelligence information are not reliably tolerant of delays. Significant degradation in mission capability and resultant catastrophic consequences for critical infrastructures, key national assets, and/or human life may result from disruption of access to domestic intelligence information.

+ + +

The provisional availability impact level recommended for domestic intelligence information is high.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Domestic intelligence information is generally associated with other mission-related information (e.g., anti-terrorism, firearms and explosive protection, narcotics interdiction). The consequences of unauthorized modification or destruction of domestic intelligence information is determined to a large extent on the missions being supported by the intelligence information and on whether the intelligence information is time-critical. Unauthorized modification or destruction of intelligence information may adversely affect mission operations in a manner that results in unacceptable damage to critical infrastructures, damage to or loss of key national assets, or loss of human life.

+ + +

The provisional integrity impact level recommended for domestic intelligence information is high.

+ + + + Disaster Management + Disaster Monitoring and Prediction + +

Disaster monitoring and prediction involves the actions taken to predict when and where a disaster may take place and communicate that information to affected parties. [Some disaster management information occurs in humanitarian aid systems under the International Affairs and Commerce line of business (e.g., State Department disaster preparedness and planning).]

+ + + fips-199-low + + + fips-199-high + + + fips-199-high + + +

The confidentiality impact level is the effect of unauthorized disclosure of disaster monitoring and prediction information on the ability of responsible agencies to predict when and where a disaster may take place and communicate that information to affected parties. The purpose of disaster monitoring and prediction activities is generally to disseminate information. Sharing of raw information by a diverse group of analysts often improves the quality of predictive analysis. Special Factors Affecting Confidentiality Impact Determination: The consequences of unauthorized disclosure of some disaster monitoring and prediction information may include public panic or other responses that jeopardize public safety, disaster prevention, emergency response, disaster repair, or restoration missions. For example, attempts of large populations to evacuate in an endangered area before necessary preparations are made for evacuation routes can result in a clogging of the routes and + failure to evacuate large parts of the population in time to save them from a life-threatening event. Most of the disaster monitoring and prediction information is critical in terms of potential loss of human life and major property damage. The unauthorized release of this information may interfere with disaster prevention or emergency response missions. The confidentiality impact level recommended for the information cited in the example can be moderate or high. The unauthorized disclosure of disaster monitoring and prediction information to terrorists may reveal weak or sensitive points to target, the most effective technique(s use in attacking a target, and information regarding the status, intent, and plans of our adversaries. Where unauthorized disclosure of disaster monitoring and prediction information is expected to be of direct use to terrorists, the confidentiality impact level is recommended to be high.

+ + +

The provisional confidentiality impact recommended for most disaster monitoring and prediction information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to disaster monitoring and prediction information. Generally, missions supported by disaster monitoring and prediction information are not reliably tolerant of delays. Delays may cost lives and irreplaceable property, e.g., degradation in mission capability and resultant catastrophic consequences for critical infrastructures, key national assets, and/or human life. For example, a loss of availability of information that prevents timely and accurate dissemination of tsunami and earthquake predictions can have life-threatening consequences.

+ + +

The provisional availability impact level recommended for disaster monitoring and prediction information is high.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of disaster monitoring and prediction information usually depends on whether the information is time-critical. Unauthorized modification or destruction of information affecting disaster monitoring and prediction information may jeopardize public safety, disaster prevention, and/or emergency response missions in a manner that results in unacceptable damage to critical infrastructures, damage to key national assets, or loss of human life. For example, an integrity compromise that prevents timely and accurate dissemination of tsunami and earthquake predictions can have life-threatening consequences.

+ + +

The provisional integrity impact level recommended for disaster monitoring and prediction information is high.

+ + + + Disaster Management + Disaster Preparedness and Planning + +

Disaster preparedness and planning involves the development of response programs to be used in case of a disaster. This involves the development of emergency management programs and activities as well as staffing and equipping regional response centers.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of disaster preparedness and planning information on the ability of responsible agencies to develop response programs to be used in case of a disaster. This involves the development of emergency management programs and activities as well as staffing and equipping regional response centers. The consequences of unauthorized disclosure of most disaster preparedness and planning information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: The consequences of unauthorized disclosure of some disaster preparedness and planning information may include revealing weak or sensitive critical infrastructure characteristics or inadequate security of U.S. targets to terrorists or other adversaries. Such information may reveal to an enemy the most effective technique(s) to use in attacking a target, + and/or information regarding the capabilities, intent, and plans of our adversaries. Where unauthorized disclosure of disaster preparedness and planning information associated with critical infrastructures, large groups of people, or key national assets is expected to be of direct use to terrorists, the confidentiality impact level is recommended to be high.

+ + +

The provisional confidentiality impact level recommended for most disaster preparedness and planning information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to disaster preparedness and planning information. Generally, missions supported by disaster preparedness and planning information are not reliably tolerant of delays. Special Factors Affecting Availability Impact Determination: If emergency responders and those responsible for repair and restoration activities are unable to access preparedness and planning information in the event of an actual emergency the consequences may include confusion and delays. In such cases, the availability impact level can be moderate or high.

+ + +

The provisional availability impact level recommended for disaster preparedness and planning information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of disaster preparedness and planning information depend on whether the information is time-critical. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission will usually be limited. The consequences of unauthorized modification or destruction of information can be very serious or catastrophic if the data is time-critical operational information. In such cases, the impact level assigned would be moderate or high.

+ + +

The provisional integrity impact level recommended for most disaster preparedness and planning information is low.

+ + + + Disaster Management + Disaster Repair and Restoration + +

Disaster repair and restoration involves the cleanup and restoration activities that take place after a disaster. This involves the cleanup and rebuilding of any homes, buildings, roads, environmental resources, or infrastructure that may be damaged due to a disaster.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of disaster repair and restoration information on the ability of responsible agencies to conduct cleanup and restoration activities that take place after a disaster. This involves the cleanup and rebuilding of any homes, buildings, roads, environmental resources, or infrastructure that may be damaged due to a disaster. The consequences of unauthorized disclosure of most disaster repair and restoration information would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional confidentiality impact level recommended for disaster repair and restoration information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to disaster repair and restoration information. Generally, missions supported by disaster repair and restoration information are tolerant of delay.

+ + +

The provisional availability impact level recommended for disaster repair and restoration information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of disaster repair and restoration information depends on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for most disaster repair and restoration information is low.

+ + + + Disaster Management + Emergency Response + +

Emergency Response involves the immediate actions taken to respond to a disaster (e.g., wildfire management). These actions include providing mobile telecommunications, operational support, power generation, search and rescue, and medical life saving actions. Impacts to emergency response information and the information systems that process and store emergency response information could result in negative impacts on cross-jurisdictional coordination within the critical emergency services infrastructure and the general effectiveness of organizations tasked with emergency response missions.

+ + + fips-199-low + + + fips-199-high + + + fips-199-high + + +

The confidentiality impact level is the effect of unauthorized disclosure of emergency response information on the ability of responsible agencies to respond to a disaster. These actions include providing mobile telecommunications, operational support, power generation, search and rescue, and medical life saving actions. The consequences of unauthorized disclosure of emergency response information will usually have little or no adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In cases where an attack is underway, unauthorized disclosure of emergency response information can provide information that might permit terrorists or other adversaries to target emergency response assets, thus jeopardizing emergency response resources and missions and public safety. Given the criticality that much emergency response information has in terms of potential loss of human life and major property damage, + where unauthorized release of information can reasonably be expected to facilitate interference with emergency response missions, the confidentiality impact level may be moderate or high. The unauthorized disclosure of one agency’s emergency response by another agency could result in negative impacts on cross-jurisdictional coordination within the critical emergency services infrastructure and the general effectiveness of organizations tasked with emergency response missions.

+ + +

The provisional confidentiality impact level recommended for emergency response information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to emergency response information. Generally, missions supported by emergency response information are not tolerant of delays. Delays may cost lives and result in major property damage. Denial of access to emergency response information may result in significant degradation in mission capability and resultant catastrophic consequences for critical infrastructures, key national assets, and/or human life.

+ + +

The provisional availability impact level recommended for emergency response information is high.

+ + +

The provisional confidentiality impact level recommended for emergency response information is low.

+ + +

The provisional integrity impact level recommended for emergency response information is normally high.

+ + + + International Affairs and Commerce + Foreign Affairs + +

Foreign Affairs refers to those activities associated with the implementation of foreign policy and diplomatic relations, including the operation of embassies, consulates, and other posts; ongoing membership in international organizations; the development of cooperative frameworks to improve relations with other Nations; and the development of treaties and agreements. Conflict resolution involves the mitigation and prevention of disputes stemming from inter and intra-state disagreements. Some conflict resolution information is subject to security classification. This classified information is treated under separate rules established for national security information and is outside the scope of this guideline. Treaties and agreements involves the negotiation and implementation of accords with foreign governments and organizations in efforts related to arms reduction and regulation, trade matters, criminal investigations and extraditions, and other various types of foreign + policy. When treaties and agreements information affects intelligence gathering and/or law enforcement cooperation, impacts to such information and the information systems that process and store the information could result in negative impacts on protection of a broad range of critical infrastructures and key national assets. Some information associated with treaties and agreements is subject to security classification. This classified information is treated under separate rules established for national security information.

+ + + fips-199-high + + + fips-199-moderate + + + fips-199-high + + +

The confidentiality impact level is the effect of unauthorized disclosure of conflict resolution information on the ability of responsible agencies to mitigate and prevent disputes stemming from inter and intra-state disagreements. Unauthorized disclosure of conflict resolution information can reasonably be expected to jeopardize fulfillment of conflict resolution missions. This is particularly true of premature release of resolution factors, personnel profiles, and proposed solutions to adversaries. Some information that has supported a conflict resolution process may undo the results of successful conflict resolution processes. The loss of public confidence in the agency may cause a catastrophic adverse effect on an agency’s mission capability. Where information includes candid opinions of agency personnel, or involvement of agency personnel in specific prior activities, the effectiveness of those personnel for many future agency missions may be permanently impaired. + The consequences of failed conflict resolution activities may pose threats to human life and major property assets The level of confidentiality impact assigned to treaties and agreements information is determined by the ability of responsible agencies to negotiate and implement accords with foreign governments and organizations in efforts related to arms reduction and regulation, trade matters, criminal investigations and extraditions, and other types of foreign policy. Unauthorized disclosure of information associated with treaties and agreements can reasonably be expected to prevent successful negotiation and/or ratification of treaties and agreements. This is particularly true of prematurely released resolution factors, personality assessments, and proposed solutions to adversaries. Some information that has supported a treaty or other international agreement process may undo the results of a successfully completed treaty or agreement. The subsequent threat to public + confidence in the agency can cause a catastrophic adverse effect on an agency’s mission capability. When the disclosed information includes candid opinions of agency personnel, or background information on agency personnel, the effectiveness of those personnel for future agency missions may be permanently impaired. The consequences of failure to successfully conclude treaties and other international agreements often pose threats to human life and major property assets.

+ + +

The provisional confidentiality impact level recommended for foreign affairs information is high.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to foreign affairs information. Special Factors Affecting Availability Impact Determination: Diplomatic missions are often tolerant of delays. Therefore, the availability impact level assigned to information associated with treaties and agreements that are associated with diplomatic missions is low. Where this is not the case, the availability impact for foreign affairs information associated with treaties and agreements may be high.

+ + +

The provisional availability impact level recommended for foreign affairs information is moderate.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of conflict resolution information depend on whether the information is time-critical. The consequences of unauthorized modification or destruction of information associated with treaties and agreements also depend on the time-critical nature of the information. The unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. The unauthorized modification or destruction of information affecting conflict resolution information may adversely affect mission operations in a manner that results in unacceptable consequences such as loss of human life and/or + major property assets. The consequences of unauthorized modification or destruction of information can be very serious if the modification is to time-critical operational information.

+ + +

The provisional integrity impact level recommended for foreign affairs information is high.

+ + + + International Affairs and Commerce + International Development and Humanitarian Aid + +

International Development and Humanitarian Aid refers to those activities related to the implementation of development and humanitarian assistance programs to developing and transitioning countries throughout the world. Development and aid may include technical assistance (the transfer of knowledge and expertise), and the delivery of equipment, commodities and humanitarian assistance including food aid. In some cases, international development and humanitarian aid information is subject to security classification. This classified information is treated under separate rules established for national security information.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of international development and humanitarian aid information on the ability of responsible agencies to execute programs relating to debt relief, foreign investments, poverty alleviation and food relief, foreign market expansion, and donations, as well as the establishment of policies and procedures to facilitate economic development. Special Factors Affecting Confidentiality Impact Determination: The unauthorized disclosure of international development and humanitarian aid information may not directly jeopardize foreign socio-economic and political development missions. However, the premature disclosure of this information may adversely affect agency credibility or give unfair competitive advantages to some candidates for mission support activities. These secondary effects may have a negative effect on the intended beneficiaries and can result, in extreme cases, in threats to human life, major + assets, or the ability of the agency to perform future missions. Some information that has supported an international development and humanitarian aid process can even undo the results of previously completed foreign socio-economic and political development processes. Where there is a possibility of catastrophic consequences such as threats to human life and major property assets, a high confidentiality impact level must be assigned.

+ + +

The provisional confidentiality impact level recommended for international development and humanitarian aid information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to international development and humanitarian aid information. Special Factors Affecting Availability Impact Determination: Generally, international development and humanitarian aid missions are tolerant of delays. Where this is not the case, the availability impact associated with international development and humanitarian aid information may be moderate or high.

+ + +

The provisional availability impact level recommended for international development and humanitarian aid information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of international development and humanitarian aid information depend on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: The consequences of unauthorized modification or destruction of information can be very serious or catastrophic if the modification is to time-critical operational information. In such cases, the impact level assigned would be moderate or high.

+ + +

The provisional integrity impact level recommended for most international development and humanitarian aid information is low.

+ + + + International Affairs and Commerce + Global Trade + +

Global Trade refers to those activities the Federal Government undertakes to advance worldwide economic prosperity by increasing trade through the opening of overseas markets and freeing the flow of goods, services, and capital. Trade encompasses all activities associated with the importing and exporting of goods to and from the United States. This includes goods declaration, fee payments, and delivery/shipment authorization. Export promotion involves the development of opportunities for the expansion of U.S. exports. Merchandise inspection includes the verification of goods and merchandise as well as the surveillance, interdiction, and investigation of imports/exports in violation of various Customs laws. Tariffs/quotas monitoring refers to the monitoring and modification of the schedules of items imported and exported to and from the United States.

+ + + fips-199-high + + + fips-199-high + + + fips-199-high + + +

The confidentiality impact level is the effect of unauthorized disclosure of export promotion information on the ability of responsible agencies to advance worldwide economic prosperity by increasing trade through the opening of overseas markets and freeing the flow of goods, services, and capital. Also, the confidentiality impact level is the effect of unauthorized disclosure of merchandise inspection information on the ability of responsible agencies to accurately determine, report, and record the discovered status of imported or exported merchandise as it bears on violations of various Customs laws. Generally, the unauthorized disclosure of merchandise inspection information will not jeopardize the completion of other merchandise inspection missions, as shipment status is generally information of public record. The confidentiality impact level is also the effect of unauthorized disclosure of tariffs/quotas monitoring information on the ability of responsible agencies + to enforce various Customs laws, and preserve statistical data concerning the historical compliance with such laws. Typically, the unauthorized disclosure of tariffs/quotas monitoring information will not jeopardize the completion of other tariffs/quotas monitoring missions because the information is publicly available. Unauthorized disclosure of information that has supported an export promotion process may undo the results of successful export promotion processes. The consequent threat to agency image or reputations can cause a catastrophic adverse effect on an agency’s mission capability. Consequently, the general confidentiality impact level associated with export promotion information is high. Some information that has supported a tariffs/quotas monitoring process might be of higher sensitivity, such as intelligence information36 that might point to a dumping situation. The unauthorized disclosure of this information might jeopardize the success of future + tariffs/quotas monitoring processes. Consequently, the confidentiality impact level associated with tariffs/quotas monitoring information is high. Intelligence information is included in national security systems. National security information and national security systems are outside the scope of this guideline. Some information that has supported a merchandise inspection process might be of higher sensitivity. The unauthorized disclosure of this information might jeopardize the success of future merchandise inspection processes. The consequent threat to agency image or reputations may cause a serious adverse effect on an agency’s mission capability. Consequently, the general confidentiality impact level associated with merchandise inspection information is high.

+ + +

The provisional confidentiality impact level recommended for global trade information is high.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to global trade information. Export promotion and merchandise inspection missions are generally tolerant of significant delays. If the export promotion and merchandise inspection information are time-critical, the availability impact may be high. This would be the case where such an occurrence could result in significant financial consequences as a result of uncertainty regarding the status of an imported or exported shipment. Tariffs/quotas monitoring missions are also tolerant of significant delays. Typically, this information is used in high level policy and strategic analysis, and denial of access might cause an inconvenience but no significant mission impact. However, the availability impact associated with tariffs/quotas monitoring information may be high, if denial of access could result in serious damage to the image + or reputation of an agency resulting from uncertainty regarding the compliance statistics of a major sovereign trade partner.

+ + +

he provisional availability impact level recommended for global trade information is high.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of global trade information depends on whether the information is time-critical. Unauthorized modification or destruction of information affecting export promotion information may adversely affect mission operations and result in potentially serious economic repercussions. Trade agreements that have been implemented are generally matters of public record. Therefore, the specific negotiated terms, etc., must be accurately recorded. The modification of merchandise inspection information may result in significant financial consequences to an importer or exporter whose shipment is in question and may adversely affect mission operations and result in potentially serious economic repercussions. The results of completed inspections are + matters of public record and must be accurately recorded. For tariffs/quotas monitoring information, the requirement for adequate means to detect data corruption is high. This information is used in policy and strategic analysis, and the accuracy of this statistical information is critical. Unauthorized modification or destruction of information affecting tariffs/quotas monitoring information may adversely affect mission operations and result in potentially catastrophic economic repercussions.

+ + +

The provisional integrity impact level recommended for global trade information is high.

+ + + + Natural Resources + Water Resource Management + +

Water Resource Management includes all activities that promote the effective use and management of the nation’s water resources. Notes: Environmental protection of water resources is included in the Environmental Management Line of Business. Hydroelectric energy production is included under the Energy Production mission.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of water resource management information on the ability of responsible agencies to promote the effective use and management of the nation’s water resources. The consequences of unauthorized disclosure of most water resource management information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: There may be some cases for which moderate confidentiality impact is associated with unauthorized disclosure of business/industry development. For example, unauthorized disclosure of details of current agency water resource management activities and plans may focus opposition and/or give an unfair advantage to competing interests. Consistent premature disclosure of agency plans may cause significant degradation in mission capability.

+ + +

The provisional confidentiality impact level recommended for water resource management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to water resource management information. Generally, missions supported by water resource management information are tolerant of delay.

+ + +

The provisional availability impact level recommended for water resource management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of water resource management information depends on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications associated with water resource management information (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for most water resource management information is low.

+ + + + Natural Resources + Conservation, Marine and Land Management + +

Conservation, Marine and Land Management involves the responsibilities of surveying, maintaining, and operating public lands and monuments, as well as activities devoted to ensuring the preservation of land, water, wildlife, and natural resources, both domestically and internationally. It also includes the sustainable stewardship of natural resources on federally owned/controlled lands for commercial use (mineral mining, grazing, forestry, fishing, etc.).

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of conservation, marine, and land management information on the ability of responsible agencies to survey, maintain, and operate public lands and monuments, as well as to ensure the preservation of land, water, wildlife, and natural resources, both domestically and internationally. The consequences of unauthorized disclosure of most conservation, marine, and land management information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: There may be some cases for which moderate confidentiality impact is associated with unauthorized disclosure of private or proprietary information associated with use of federally owned/controlled lands for commercial use (mineral mining, grazing, forestry, fishing, etc.). Additionally, unauthorized disclosure of details of current agency conservation, marine, and + land management activities and plans may focus opposition and/or give an unfair advantage to competing interests. Consistent premature disclosure of agency plans may cause significant degradation in mission capability. Also, conservation, marine, and land management include enforcement functions (e.g., the policing of marine fisheries). Confidentiality impacts associated with criminal apprehension, criminal investigation and surveillance, citizen protection, and property protection may cause the confidentiality impact of enforcement-related information to be moderate or high.

+ + +

The provisional confidentiality impact recommended for most conservation, marine, and land management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to conservation, marine, and land management information. Typically, missions supported by conservation, marine, and land management information are tolerant of delay. Special Factors Affecting Availability Impact Determination: Conservation, marine, and land management include enforcement functions (e.g., the policing of marine fisheries). Availability impacts associated with criminal apprehension, criminal investigation and surveillance, citizen protection, and property protection may cause the availability impact of enforcement-related information to be moderate or high. Particularly during fire season, the availability of land management information critical to fire-fighting operations can affect the safety of human life and large-scale property damage. Such information can have a high availability impact level.

+ + +

The provisional availability impact level recommended for most conservation, marine, and land management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of conservation, marine, and land management information depend on whether the information is time-critical. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications associated with conservation, marine, and land management information (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Conservation, marine, and land management include enforcement functions (e.g., the policing of marine fisheries). Integrity impacts associated with criminal apprehension, criminal investigation and surveillance, citizen protection, and property + protection may cause the integrity impact of enforcement-related information to be moderate. Particularly during fire season, the integrity of land management information critical to fire-fighting operations can affect the safety of human life and large-scale property damage. Such information can have a high integrity impact level.

+ + +

The provisional integrity impact level recommended for most conservation, marine, and land management information is low.

+ + + + Natural Resources + Recreational Resource Management and Tourism + +

Recreational Resource Management and Tourism involves the management of national parks, monuments, and tourist attractions as well as visitor centers, campsites, and park service facilities. Impacts to some information and information systems associated with tourism management may affect the security of some key national assets (e.g., some national monuments and icons).

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of recreational resource management and tourism information on the ability of responsible agencies to manage national parks, monuments, and tourist attractions as well as visitor centers, campsites, and park service facilities. The consequences of unauthorized disclosure of most recreational resource management and tourism information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Recreational resource management and tourism include enforcement functions (e.g., protective and enforcement functions of the National Park Service). Confidentiality impacts associated with criminal apprehension, criminal investigation and surveillance, citizen protection, and property protection may cause the confidentiality impact of enforcement-related information to be moderate or high. The consequences of + unauthorized disclosure of property and tourist protection information can be particularly severe in the case of protection of national monuments and icons.

+ + +

The provisional confidentiality impact level recommended for most recreational resource management and tourism information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to recreational resource management and tourism information. Generally, missions supported by recreational resource management and tourism information are tolerant of delays. Special Factors Affecting Availability Impact Determination: Recreational resource management and tourism include enforcement functions (e.g., protective and enforcement functions of the National Park Service). Availability impacts associated with criminal apprehension, criminal investigation and surveillance, citizen protection, and property protection may cause the confidentiality impact of enforcement-related information to be moderate or high. There may also be time-critical cases associated with protection of people and key national assets from natural disasters (such as fires, unexpected blizzards, or volcanic eruptions). In such cased, the + availability impact may be high. Except for time-critical information, the availability impact level recommended for protection-related information is typically moderate.

+ + +

Most recreational resource management and tourism information is routine in nature (not time-critical). Consequently, the provisional availability impact level recommended for most recreational resource management and tourism information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of recreational resource management and tourism information depends on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications associated with recreational resource management and tourism information (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: Recreational resource management and tourism include enforcement functions (e.g., protective and enforcement functions of the National Park Service). Integrity impacts associated with criminal apprehension, criminal investigation and + surveillance, citizen protection, and property protection may cause the integrity impact of enforcement-related information to be moderate or high. These types of enforcement-related information are time-critical. Where terrorists or other criminals pose a threat to key national assets, or pose a threat to human life, the integrity impact level recommended for recreational resource management and tourism enforcement information is high.

+ + +

The provisional integrity impact level recommended for most recreational resource management and tourism information is low.

+ + + + Natural Resources + Agricultural Innovation and Services + +

Agricultural Innovation and Services involves the creation and dissemination of better methods for farming and the development of better and healthier crops.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of agricultural innovation and service information on the ability of responsible agencies to create and disseminate of better methods for farming and the development of better and healthier crops. In most cases, unauthorized disclosure of agricultural innovation and service information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, unauthorized disclosure of preliminary findings or policies under consideration regarding proposed agricultural products may result in domestic or international public relations problems for the Federal government. In such cases, serious damage can result for agricultural innovation and service operations. Here, the confidentiality impact level may be moderate. In other cases, unauthorized disclosure of information regarding creation, storage, and + transportation of dangerous plant disease vectors, animal disease vectors, pesticides, and herbicides might facilitate malicious activities by terrorists or other criminals. Here, there is a potential for loss of human life, so the confidentiality impact level may be high.

+ + +

The provisional confidentiality impact level recommended for most agricultural innovation and service information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to agricultural innovation and service information. Loan assistance processes are generally tolerant of delay. In most cases, disruption of access to agricultural innovation and service information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for agricultural innovation and service information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Agricultural innovation and service activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification to or destruction of agricultural innovation and service information on agency mission functions and public confidence in the agency can be expected to be limited.

+ + +

The provisional integrity impact level recommended for agricultural innovation and service information is low.

+ + + + Energy + Energy Supply + +

Energy Supply involves all activities devoted to ensuring the availability of an adequate supply of energy for the United States and its citizens. Energy Supply includes the sale and transportation of commodity fuels such as coal, oil, natural gas, and radioactive materials. This function also includes distributing and transferring power, electric generation, and/or storage located near the point of use. Impacts to some information and information systems associated with energy supply may affect the security of critical infrastructures, particularly in the areas of energy transmission and transport.

+ + + fips-199-low + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of energy supply information on the ability of responsible agencies to conduct activities related to the sale and transportation of commodity fuels such as coal, oil, natural gas, and radioactive materials. This function also includes distributing and transferring power, electric generation, and/or storage located near the point of use. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Confidentiality Impact Determination: The consequences of unauthorized disclosure of energy supply information can have a serious economic impact with respect to competitive advantages and financial and commodity market dynamics. Also, the unauthorized disclosure of supply information may + assist terrorists in the theft of energy products or disruption of energy distribution channels. Facilitation of theft of nuclear materials is a particularly catastrophic potential result of unauthorized disclosure of specific types of energy supply information. In these cases, the confidentiality impact must be considered to be high. [Some information regarding transportation and storage of nuclear materials is classified. The classified information is national security related and is outside the scope of this guideline. Other information, such as Nuclear Regulatory Commission “SAFEGUARDS” information is not national security information, but must be treated as having high confidentiality impact.] With respect to possible use by terrorists of energy distribution information regarding petroleum, natural gas, and other flammable or explosive products, a realistic impact assessment must include energy distribution information from private companies. This information is + also susceptible to access by terrorists. Where distribution of hazardous energy products is involved, there is a potential unauthorized disclosure consequence of loss of human life and major property. In such cases the confidentiality impact level can be moderate or high. [Disclosure of transportation routes and storage facilities is often (i) both authorized and necessary to mission accomplishment and (ii) authorized, or even mandated, for public safety reasons.] Also, the unauthorized disclosure of one agency’s energy supply information by another agency could result in negative impacts on cross-jurisdictional coordination within the energy distribution infrastructure and the general effectiveness of organizations tasked with energy supply.

+ + +

The provisional confidentiality impact level recommended for most energy supply information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to energy supply information. Typically, disruption of access will have a limited adverse effect on agency operations (including mission, functions, or public confidence in the agency), agency assets, or individuals. Also, most energy supply information is not time-critical. Special Factors Affecting Availability Impact Determination: Mission-critical systems: Functions supported by mission-critical information or information systems (e.g., electrical power generation, transmission, and/or distribution; petroleum or gas pipelines) are often adversely impacted by lack of availability. Loss of availability of the information or information system can result in severe impacts to the environment, service, major assets and/or human safety. Consequently, the availability impact level associated with these types of mission-critical + processes/systems may be high. Non mission-critical systems: For information or information systems that do not directly impact mission-critical functions, the availability impact level may be downgraded to low.

+ + +

The availability impact level recommended for most energy supply information is moderate.

+ + +

The integrity impact level is based on the specific mission and the data and systems supporting that mission, not on the time required to detect the modification to or destruction of information or information system. The consequences of unauthorized modification to or destruction of energy supply information or information systems, usually depends on whether the information is mission-critical. Special Factors Affecting Integrity Impact Determination: Mission-critical systems: Unauthorized modification of mission-critical information or information systems (e.g., electrical power distribution, petroleum or gas pipelines) can result in severe impacts to the environment, service, major assets and/or human safety. Consequently, the integrity impact level associated with these types of mission-critical processes/systems may be high. Non mission-critical systems: For information or information systems that do not directly impact mission-critical functions, the integrity + impact level may be downgraded to low.

+ + +

The provisional integrity impact level recommended for energy supply information is moderate.

+ + + + Energy + Energy Conservation and Preparedness + +

Energy Conservation and Preparedness involves protection of energy resources from over-consumption to ensure the continued availability of fuel resources and to promote environmental protection. This mission also includes measures taken to ensure the provision of energy in the event of an emergency.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of energy conservation and preparedness information on the ability of responsible agencies to protect energy resources from over-consumption to ensure the continued availability of fuel resources and to promote environmental protection. In most cases, unauthorized disclosure of energy conservation and preparedness information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, unauthorized disclosure of preliminary findings or policies under consideration regarding proposed conservation measures or the distribution of energy in the event of an emergency may result in mobilization of special interests. These groups may successfully oppose necessary conservation measures and be given an unfair advantage for specific commercial interests. Also, the unauthorized disclosure may cause domestic + or international loss of confidence in the Federal government. In such cases, serious damage may result for energy conservation and preparedness operations. Therefore, the confidentiality impact level may be moderate. In other cases, unauthorized disclosure of information regarding measures taken to ensure the provision of energy in the event of an emergency may facilitate malicious activities of terrorists. Here, there is a potential for loss of human life resulting from extended outages, so the confidentiality impact level may be high.

+ + +

The provisional confidentiality impact level recommended for most energy conservation and preparedness information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to energy conservation and preparedness information. Loan assistance processes are generally tolerant of delay. In most cases disruption of access to energy conservation and preparedness information will have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Unavailability of information necessary to mission-critical procedures ensuring the provision of energy in the event of an emergency may result in extended outages. There is some potential for a consequent threat to critical energy infrastructure and to human life. In such cases, the availability impact level may be high.

+ + +

The provisional availability impact level recommended for energy conservation and preparedness information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effects of unauthorized modification or destruction of energy conservation and preparedness information on agency mission functions and public confidence in the agency will be limited Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information necessary to mission-critical procedures ensuring the provision of energy in the event of an emergency can result in extended outages. There is some potential for a consequent threat to critical energy infrastructure and to human life. In such cases, the integrity impact level may be high.

+ + +

The provisional integrity impact level recommended for energy conservation and preparedness information is low.

+ + + + Energy + Energy Resource Management + +

Energy resource management involves the management of energy producing resources including facilities, land, and offshore resources.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of energy resource management information on the activities of responsible agencies with respect to management of energy producing resources including facilities, land, and offshore resources. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of much energy resource management information can result in major financial consequences and impact financial markets and have a severe adverse effect on public confidence in the agency. In some cases, the probable consequences of damage to public confidence in the agency can even be high.

+ + +

The consequences of unauthorized disclosure of some energy resource management information would have only a limited adverse effect on agency operations. However, the consequences that can be expected to result from unauthorized disclosure of most energy resource management information justify a moderate provisional confidentiality impact level.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to energy resource management information. Generally, missions supported by energy resource management information are tolerant of delay.

+ + +

The provisional availability impact level recommended for energy resource management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of energy resource management information may depend on the urgency with which the information is typically needed. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited Special Factors Affecting Integrity Impact Determination: If the energy resource management information is mission-critical or very sensitive, the integrity impact level may be moderate or high.

+ + +

The provisional integrity impact level recommended for most energy resource management information is low.

+ + + + Energy + Energy Production + +

Energy production involves the transformation of raw energy resources into useable, deliverable energy. Impacts to some information and information systems associated with energy production may affect the security of the critical energy infrastructure.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of energy production information on the activities of responsible agencies with respect to transformation of raw energy resources into useable, deliverable energy. The consequences of unauthorized disclosure of most energy production information would have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some energy production information can result in major financial consequences. In some cases, premature disclosure of this information can impact financial markets. Unauthorized disclosure to a single institution could damage faith in government institutions, result in adverse financial events, and have a serious adverse effect on public confidence in the agency. Therefore, the confidentiality impact should be at least moderate for this energy production information.

+ + +

The provisional confidentiality impact level recommended for most energy production information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to energy production information. Missions supported by energy production information are generally tolerant of delays.

+ + +

The provisional availability impact level recommended for energy production information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of energy production information may depend on the urgency with which the information is typically needed. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: If the energy production information is time-critical or very sensitive, the integrity impact level may be moderate or high.

+ + +

The provisional integrity impact level recommended for most energy production information is low.

+ + + + Environmental Management + Environmental Monitoring and Forecasting + +

Environmental Monitoring and Forecasting involves the observation and prediction of environmental conditions. This includes b the monitoring and forecasting of water quality, water levels, ice sheets, air quality, regulated and non-regulated emissions, as well as the observation and prediction of weather patterns and conditions.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of environmental monitoring and forecasting information on the ability of responsible agencies to observe and predict environmental conditions. The consequences of unauthorized disclosure of most environmental monitoring information are unlikely to have a serious adverse effect on agency operations. Special Factors Affecting Confidentiality Impact Determination: The most serious adverse effects are likely to involve exposure of information that is proprietary to an organization or result in damaging publicity for an organization. [Unauthorized disclosure of some information can have serious economic impact on both individual companies and the broader market place. The consequences of such unauthorized disclosures may have an adverse effect on public confidence in the agency.] In such cases, the potential confidentiality impacts may be at least moderate.

+ + +

The provisional confidentiality impact level recommended for most environmental monitoring and forecasting information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to environmental monitoring and forecasting information. Except for cases of emergency bulletins necessary to correct existing threats to public safety, the nature of environmental monitoring and forecasting processes is usually tolerant of reasonable delays

+ + +

The provisional availability impact level recommended for environmental monitoring and forecasting information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of environmental monitoring information and forecasting can be serious if the public is exposed to harmful emissions, polluted water, etc. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency, but also the agency mission. In some cases, unauthorized modification or destruction of information can result in loss of human life - a high-impact potential.

+ + +

The provisional integrity impact level recommended for environmental monitoring and forecasting information is moderate.

+ + + + Environmental Management + Environmental Remediation + +

Environmental remediation supports the immediate and long-term activities associated with the correcting and offsetting of environmental deficiencies or imbalances, including restoration activities.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of environmental remediation information on the immediate and long-term activities of responsible agencies with respect to correcting and offsetting environmental deficiencies or imbalances. Serious adverse effects are likely to result from 1) exposure of information that is premature and not fully checked for accuracy and that can damage public confidence in an organization targeted for remedial action, 2) unauthorized disclosure of information that is proprietary to an organization, 3) unauthorized disclosure of information concerning proposed remediation that may be used by organizations opposing particular remedial actions, and 4) disclosure of an agency’s tactics for enforcing remediation that will have an adverse effect on the enforcement action. The consequences of such unauthorized disclosures may have a serious adverse effect on public confidence in the agency, have a serious adverse + effect on agency operations, and place the agency at a significant disadvantage.

+ + +

The provisional confidentiality impact level recommended for environmental remediation information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to pollution prevention and control information. Except for cases of emergency bulletins necessary to correct existing threats to public safety, pollution prevention and control processes are usually tolerant of delays.

+ + +

The provisional availability impact level recommended for pollution prevention and control information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of environmental remediation information may depend on the urgency with which the information is typically needed. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations, public confidence in the agency, and the agency mission.

+ + +

The provisional integrity impact level recommended for pollution prevention and control information is low.

+ + + + Economic Development + Business and Industry Development + +

Business and industry development supports activities related to the creation of economic and business opportunities and stimulus, and the promotion of financial and economic stability for corporations and citizens involved in different types of business.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of business and industry development information on the ability of responsible agencies to create economic and business opportunities and stimulus, and promote financial and economic stability for corporations and citizens involved in different types of business. The consequences of unauthorized disclosure of most business and industry development information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: There may be some cases for which moderate confidentiality impact is associated with unauthorized disclosure of business/industry development. For example, unauthorized disclosure of private information concerning individuals or businesses can result in legal expense and serious effects on public confidence in the agency. Similarly, unauthorized disclosure of details of current + agency business and industry development activities and plans can serve to focus opposition and/or give an unfair advantage to competing interests. Additionally, there are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade secrets will generally be assigned a moderate confidentiality impact level.

+ + +

The provisional confidentiality impact level recommended for business/industry development information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to business and industry development information. Missions supported by business and industry development information are generally tolerant of delay.

+ + +

The provisional availability impact level recommended for business and industry development information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of business and industry development information may depend on the urgency with which the information is typically needed. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for most business and industry development information is low.

+ + + + Economic Development + Intellectual Property Protection + +

The provisional availability impact level recommended for business and industry development information is low.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of intellectual property protection information on the abilities of responsible agencies to enforce intellectual property including inventions, literary and artistic works, and symbols, names, images, and designs used in commerce. The consequences of unauthorized disclosure of the majority of intellectual property protection information will result in, at most, a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: There are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade secrets will generally be assigned a moderate confidentiality impact level. In the case of patent activities, technical details of applications involving inventions with military applications and with deliberations concerning withholding patents as a result of national security considerations may be sensitive. + (In some cases, the patent application information may be classified or to contain information concerning weapons or weapons systems. In such cases, the information would be national security information, and outside the scope of this guideline.)

+ + +

The provisional confidentiality impact level recommended for intellectual property protection information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to intellectual property protection information. The nature of intellectual property protection processes is tolerant of reasonable delays.

+ + +

The provisional availability impact level recommended for intellectual property protection information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of intellectual property protection information depends on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. The effects of modification or deletion of this information are generally limited with respect to agency mission capabilities or assets.

+ + +

The provisional integrity impact level recommended for intellectual property protection information is low.

+ + + + Economic Development + Financial Sector Oversight + +

Financial Sector Oversight involves the regulation of private sector firms and markets (stock exchanges, corporations, etc.) to protect investors from fraud, monopolies, and illegal behavior. This also includes deposit protection.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of financial sector oversight information on the ability of responsible agencies to regulate private sector firms and markets (stock exchanges, corporations, etc.) to protect investors from fraud, monopolies, and illegal behavior. This also includes deposit protection, creation, regulation, and control of the nation’s currency and coinage supply and demand. Special Factors Affecting Confidentiality Impact Determination: While the consequences of unauthorized disclosure of some financial sector oversight information would have only a limited adverse effect on agency operations, agency assets, or individuals, there are significant exceptions. Unauthorized disclosure of much financial sector oversight information can result in major financial consequences. This can result in assignment of a high impact level to such information. In some cases, premature disclosure of regulatory information can impact + major financial markets and damage national banking and finance infrastructures. For example, unauthorized disclosure of a decision to increase the money supply or of an ongoing securities fraud investigation can have a dramatic effect on financial markets. This can result in assignment of a high impact level to such information. Unauthorized disclosure to a single institution (e.g., a major banking institution or brokerage house), could damage faith in regulatory institutions and result in even more market disruption and have a severe or catastrophic adverse effect on public confidence in the agency. This can result in assignment of a high impact level to such information. Even where the consequences are limited to giving an unfair market advantage to a single financial or commercial institution, unauthorized disclosure can have a serious adverse effect on public confidence in the agency and its staff. This can result in assignment of a high impact level to such + information.

+ + +

The provisional confidentiality impact level recommended for financial sector oversight information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to financial sector oversight information. Missions supported by financial sector oversight information are generally tolerant of delay.

+ + +

The provisional availability impact level recommended for financial sector oversight information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. T he consequences of unauthorized modification or destruction of financial sector oversight information depends on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: Where unauthorized modification or destruction of financial sector oversight information facilitates or enables catastrophic consequences, the integrity impact level may be high.

+ + +

The provisional integrity impact level recommended for most financial sector oversight information is low.

+ + + + Economic Development + Industry Sector Income Stabilization + +

Industry Sector Income Stabilization involves all programs and activities devoted to assisting adversely impacted industrial sectors (farming, commercial transportation, etc.) to ensure the continued availability of their services for the American public and the long-term economic stability of these sectors.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of industry sector income stabilization information on the ability of responsible agencies to assist adversely impacted industrial sectors (farming, commercial transportation, etc.) to ensure the continued availability of their services for the American public and the long-term economic stability of these sectors. In most cases, unauthorized disclosure of industry sector income stabilization information will have only a limited adverse effect on agency operations, assets, or individuals. However, unauthorized premature disclosure of Federal government plans for industry sector income stabilization actions (e.g., grants or subsidies) as well as of government economic forecasts and commentary preliminary to formulation of plans may result in major financial consequences. Unauthorized and premature disclosure to a single institution (e.g., a major manufacturing institution, a major agribusiness + institution, or a commodity brokerage house), could damage confidence in economic stabilization institutions and have a severe adverse effect on public confidence in the government.

+ + +

The provisional confidentiality impact level recommended for industry sector income stabilization information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to industry sector income stabilization information. Industry sector income stabilization processes are generally tolerant of delay. In most cases, disruption of access to industry sector income stabilization information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for industry sector income stabilization information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Industry sector income stabilization activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of industry sector income stabilization information on agency mission functions and public confidence in the agency will be limited.

+ + +

The provisional integrity impact level recommended for industry sector income stabilization information is low.

+ + + + Community and Social Services + Home-ownership Promotion + +

Home-ownership Promotion includes activities devoted to assisting citizens interested in buying homes and educating the public as to the benefits of home-ownership. Note: Activities devoted to the provision of housing to low-income members of the public are covered under the Housing Assistance mission.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of home-ownership promotion information on the ability of responsible agencies to assist citizens interested in buying homes and educating the public as to the benefits of home-ownership. The consequences of unauthorized disclosure of most home-ownership promotion information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information processed in training and employment systems (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate + impact level to such information.

+ + +

The provisional confidentiality impact level recommended for home-ownership promotion information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to home-ownership promotion information. The effects of disruption of access to most home-ownership promotion information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for home-ownership promotion information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of home-ownership promotion information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited

+ + +

The provisional integrity impact level recommended most home-ownership promotion information is low.

+ + + + Community and Social Services + Community and Regional Development + +

The Community and Regional Development mission involves activities designed to assist communities in preventing and eliminating blight and deterioration, assist economically distressed communities, and encourage and foster economic development through improved public facilities and resources.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of community and regional development information on the ability of responsible agencies to assist communities in preventing and eliminating blight and deterioration, assist economically distressed communities, and encourage and foster economic development through improved public facilities and resources. The consequences of unauthorized disclosure of most community and regional development information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information processed in training and employment systems (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional + impact levels are documented in the Personal Identity and Authentication information type. Another exception might be unauthorized disclosure of information that gives an individual or corporate entity an unfair competitive advantage in obtaining contracts or other funding for development activities. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for community and regional development information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to community and regional development information. The effects of disruption of access to most community and regional development information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for community and regional development information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of community and regional development information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited

+ + +

The provisional integrity impact level recommended for most community and regional development information is low.

+ + + + Community and Social Services + Social Services + +

Social Services are designed to provide meaningful opportunities for social and economic growth of the disadvantaged sector of the population in order to develop individuals into productive and self-reliant citizens and promote social equity. Included in this category are social welfare services extended to children and adults with special needs, such as the orphaned, neglected, abandoned, disabled, etc. Such services include family life education and counseling, adoption, guardianship, foster family care, rehabilitation services, etc. Note: This mission does not include services that are primarily for income support (Income Security) or are an integral part of some other mission area (e.g., Health, Workforce Management, etc.).

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of social services information on the ability of responsible agencies to provide meaningful opportunities for social and economic growth of the disadvantaged sector of the population in order to develop individuals into productive and self-reliant citizens and promote social equity. The consequences of unauthorized disclosure of most social services information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences include privacy information processed in training and employment systems (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal + Identity and Authentication information type. Other exceptions include unauthorized disclosure of information that might assist criminals to perpetrate fraud, particularly with respect to income security disbursements. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for social services information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to social services information. The effects of disruption of access to most social services information or information systems would have, at most, a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for social services information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of social services information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Another threat is that of unauthorized modification of information to support fraudulent activities. This might result in harm to individuals, but not to agency operations or missions.

+ + +

The provisional integrity impact level recommended for most social services information is low.

+ + + + Community and Social Services + Postal Services + +

Postal Services provide for the timely and consistent exchange and delivery of mail and packages between businesses, organizations, and residents of the United States or between businesses, organizations, and residents of the United States and the rest of the world. It also includes the nation-wide retail infrastructure required to make Postal Services easily accessible to customers. (Note: The commercial function of mail is more closely aligned with the “Business and Industry Development” mission in the “Economic Development mission area.” The international commercial function of mail is more closely aligned with the “Global Trade” mission in the “International Affairs” mission area).

+ + + fips-199-low + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of postal services information on the ability of responsible agencies to provide for the timely and consistent exchange and delivery of mail and packages between businesses, organizations, and residents of the United States or between businesses, organizations, and residents of the United States and the rest of the world. The consequences of unauthorized disclosure of most postal services information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences include privacy information (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal Identity + and Authentication information type. Other exceptions include unauthorized disclosure of information that might assist criminals to perpetrate fraud, particularly with respect to income security disbursements. Because registered mail can be employed to transmit classified information, information regarding some registered mail can facilitate unauthorized access to national security information. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for most postal services information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to postal services information. The effects of disruption of access to most postal services information or information systems would have an adverse effect on agency operations. Because most postal services information is time critical, extended widespread outages could seriously affect the commerce of the United States.

+ + +

The provisional availability impact level recommended for postal services information is moderate.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of postal services information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: The consequences of unauthorized modification or destruction of postal information might provide terrorists the tools to carry out an attack. The consequences in terms of critical infrastructure protection and risk to human life may be severe. In such cases, the integrity impact of compromise would be + high. Another threat is that of unauthorized modification of information to support fraudulent activities (e.g., misdirection of monetary instruments, execution of fraudulent financial transactions). This might result in harm to individuals, but not to agency operations or missions.

+ + +

The provisional integrity impact level recommended for most postal services information is moderate.

+ + + + Transportation + Ground Transportation + +

Ground Transportation involves the activities related to ensuring the availability of transit and the safe passage of passengers and goods over land. Water and fuel pipelines are included among ground transportation assets. Note: The protection of ground transportation from deliberate attack is included in the Transportation Security information type under the Homeland Security mission area.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of ground transportation information on the ability of responsible agencies to ensure the availability of transit and the safe passage of passengers and goods over land. The protection of ground transportation from deliberate attack is included in the Transportation Security information type under the Homeland Security mission area. For most cases, unauthorized disclosure of ground transportation information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Some regulatory and tariff enforcement functions associated with the safe passage of passengers and goods over land involve relatively sensitive information. These are included in Law Enforcement. Unauthorized disclosure of accident investigation information that has not yet been adequately researched, coordinated, or edited can result in serious + economic harm to individuals and to corporations. Loss in public confidence is a further potential consequence. Additionally, some information associated with ground transportation functions is proprietary to corporations or subject to privacy laws (e.g., the Privacy Act of 1974). (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) In such cases, the confidentiality impact resulting from unauthorized disclosure may be moderate. Some military ground transportation information is national security information and is outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for ground transportation information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to ground transportation information. Most ground transportation processes are tolerant of reasonable delays. In most cases, disruption of access to ground transportation information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Some ground transportation functions are time-critical (e.g., track switching functions associated with rail travel). Loss of availability of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. Such information will have a high integrity impact level.

+ + +

The provisional availability impact level recommended for ground transportation information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effects of unauthorized modification or destruction of ground transportation information on agency mission functions and public confidence in the agency will be limited. Special Factors Affecting Integrity Impact Determination: Some ground transportation functions are time-critical (e.g., track switching functions associated with rail travel). Unauthorized modification or destruction of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. Such information will have a high integrity impact level.

+ + +

The provisional integrity impact level recommended for ground transportation information is low.

+ + + + Transportation + Water Transportation + +

Water Transportation involves the activities related to ensuring the availability of transit and the safe passage of passengers and goods over sea and water. Note: The protection of maritime transportation from deliberate attack is included in the Transportation Security information type under the Homeland Security mission area.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of water transportation information on the ability of responsible agencies to ensure the availability of transit and the safe passage of passengers and goods over sea and water. The protection of water transportation from deliberate attack is included in the Transportation Security information type under the Homeland Security mission area. Some regulatory and tariff enforcement functions associated with the safe passage of passengers and goods over sea and water involve relatively sensitive information. These are included in Law Enforcement. In most cases, unauthorized disclosure of water transportation information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of accident investigation information that has not been adequately researched, coordinated, or edited can result + in serious economic harm to individuals and to corporations. Loss in public confidence is a further potential consequence. Additionally, some information associated with water transportation functions is proprietary to corporations or subject to privacy laws. In such cases, the confidentiality impact resulting from unauthorized disclosure can be moderate. Some military sea and water transportation information is national security information and is outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for water transportation information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to water transportation information. Most water transportation processes are tolerant of reasonable delays. In most cases, disruption of access to water transportation information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Some water and sea transportation functions are time-critical (e.g., distress signals, docking operations, collision avoidance, warnings of hazardous weather or sea conditions). Loss of availability of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. Such information would have a high integrity impact level.

+ + +

The provisional availability impact level recommended for water transportation information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. In most cases, the adverse effects of unauthorized modification or destruction of water transportation information on agency mission functions and public confidence in the agency will be limited. Special Factors Affecting Integrity Impact Determination: Some water and sea transportation functions are time-critical (e.g., distress signals, docking operations, collision avoidance, warnings of hazardous weather or sea conditions). Unauthorized modification or destruction of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. Such information would have a high integrity impact level. Communications management (e.g., frequency management) information also needs to be included in water transportation integrity impact + considerations. There may be circumstances when errors in frequency assignment information can result in an inability for Federal government agencies to communicate with state or local government activities. The subsequent loss of communications capabilities can result in life-threatening situations. Such information would have a high integrity impact level.

+ + +

The provisional integrity impact level recommended for water transportation information is low.

+ + + + Transportation + Air Transportation + +

Air Transportation involves the activities related to the safe passage of passengers or goods through the air. It also includes command and control activities related to the safe movement of aircraft through all phases of flight for commercial and military operations. Note: The protection of air transportation from deliberate attack is included in the Transportation Security information type under the Homeland Security mission area.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of air transportation information on the ability of responsible agencies to ensure the safe passage of passengers and goods through the air. The protection of air transportation from deliberate attack is included in the Transportation Security information type under the Homeland Security mission area. Some regulatory and tariff enforcement functions associated with the safe passage of passengers and goods over land involve sensitive information. These are treated under Law Enforcement. In most cases, unauthorized disclosure of air transportation information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of information (e.g., investigations, maintenance) that has not been adequately researched, coordinated, or edited can result in serious economic harm to individuals and to + corporations. Loss in public confidence is a further potential consequence. Additionally, some information associated with air transportation functions is proprietary to corporations or subject to privacy laws. In such cases, the confidentiality impact resulting from unauthorized disclosure can be moderate. The sensitivity of air transportation information (e.g., aircraft positioning data)can be time or event-driven. For example, passenger lists are not releasable to the general public before a flight takes off, but are placed in the public domain in the event of a crash. In such cases, the confidentiality impact resulting from unauthorized disclosure can be moderate. Also, much military air transport information is national security information and is outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for air transportation information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to air transportation information. Special Factors Affecting Availability Impact Determination: Some air transportation functions are time-critical (e.g., air traffic control instructions, position reports, situational awareness, separation, weather reports for the terminal area, microburst tracking, maintenance trouble reports). Loss of availability of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. Timing plays a large part in the availability impact of air transportation information. For example, the time criticality of weather information may be measured in minutes or hours in the case of pre-flight and mid-flight operations. However, on final landing approach, up to the second availability may be required (e.g., detection of microbursts in the + terminal area). Air operations are not tolerant of information loss. The Wide Area Augmentation System (WAAS) supplements the availability of information available from the Department of Defense's Global Positioning Systems (GPS). Because of the potential system-wide impacts from a loss of availability of this system, it would be appropriately categorized as having a high availability impact. The following example illustrates the use of controls to address a high integrity impact level: The systems designed for command and control for air traffic control (e.g., the NAS systems) have been designed for robust operations. However, in general, loss of availability for the majority of systems does not cause derogation in safety. The impacts of a loss of availability (or the loss of availability due to the loss of integrity) include local or system-wide air traffic delays, diversion of traffic to alternate airports, etc., and the economic losses related to those delays, + diversions, etc. Severe impacts are not the norm because the loss of availability is inevitable, and the systems have been designed to accommodate failures. In light of the above, the Recommended Availability Impact Level is moderate.

+ + +

The provisional availability impact level recommended for most air transportation information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Many air transportation functions do not process time-critical information. Special Factors Affecting Integrity Impact Determination: Some air transportation functions are time-critical (e.g., air traffic control instructions, position reports, situational awareness, separation, weather reports for the terminal area, microburst tracking, maintenance trouble reports). Communications management (e.g., frequency management) information also needs to be included in air transportation integrity impact considerations. There may be circumstances under which erroneous frequency assignment information can result in a loss of communications with aircraft that are affected by hazardous conditions (e.g., loss of communications with an aircraft in a crowded air space.) Unauthorized modification or + destruction of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. The Wide Area Augmentation System (WAAS) supplements the availability and integrity of position information available from the DoD's Global Positioning Systems (GPS). Because of the potential system-wide impacts from a loss of integrity of this system, a high integrity impact level is recommended. The following example illustrates the use of controls to address a high integrity impact level: Systems designed for command and control for air traffic control (e.g., the NAS systems) have been designed for robust operations. In the NAS, integrity and availability issues are closely linked. The loss of integrity in a system is monitored continuously, and the loss of integrity is treated as a loss of availability, and in general, loss of availability for the majority of systems does not cause derogation in safety. That is, if the operational + parameters for an Instrument Landing System are detected to be out of established tolerances, the system is immediately removed from service - it is powered down and users are notified that the particular service is not available. In most cases, a loss of availability is preferred to continued availability with degraded integrity. The impacts of the loss of availability due to the loss of integrity include system-wide air traffic delays, diversion of traffic to alternate airports - and the economic losses related to those delays, diversions, etc. Severe impacts are not the norm because the loss of availability is assumed to be inevitable, and the systems have been designed to accommodate failures. In light of the above, the Recommended Integrity Impact Level is moderate.

+ + +

The provisional integrity impact level recommended for most air transportation information is low.

+ + + + Transportation + Space Operations + +

Space Operations involves the activities related to the safe launches/missions of passengers or goods into aerospace and includes commercial, scientific, and military operations.

+ + + fips-199-low + + + fips-199-high + + + fips-199-high + + +

The confidentiality impact level is the effect of unauthorized disclosure of space operations information on the ability of responsible agencies to conduct safe launches/missions of passengers or goods into space and includes commercial, scientific, and military operations. The protection of space operations from deliberate attack involves military operations (D.1), homeland security operations (D.2), and law enforcement operations (D.16). In most cases, unauthorized disclosure of space operations information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Civilian space operations are intended to be conducted in the open. Administrative and business functions associated with space operations may involve proprietary, procurement-sensitive, and Privacy Act information. The Privacy Act Information provisional impact levels are documented in the Personal Identity and + Authentication information type. In such cases, the confidentiality impact resulting from unauthorized disclosure can be moderate. Some information regarding space operations (particularly military operations) is classified national security information and is outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for space operations information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to space operations information. Space operations are typically characterized by critical operational timing and safety parameters and low tolerance for error. Loss of availability of time-critical information necessary to these functions can result in large-scale property loss and in loss of human lives. Also, air operations are not tolerant of information loss.

+ + +

The provisional availability impact level recommended for space operations information is high.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Space operations are typically characterized by critical operational timing and safety parameters, and low tolerance for error. Unauthorized modification or destruction of time-critical information necessary to these functions may result in significant property loss and loss of human lives. Communications management (e.g., frequency management) information also needs to be included in integrity impact determination for space operations. Erroneous frequency assignment information can result in loss of communications with spacecraft that can endanger mission operations and human safety.

+ + +

The provisional integrity impact level recommended for space operations information is high.

+ + + + Education + Elementary, Secondary, and Vocational Education + +

Elementary, secondary, and vocational education refers to the provision of education in elementary subjects (reading and writing and arithmetic); education provided by a high school or college preparatory school; and vocational and technical education and training.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of elementary, secondary, and vocational education information on the ability of responsible agencies to provide guidance and consultative services. The consequences of unauthorized disclosure of most elementary, secondary, and vocational education information would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional confidentiality impact level recommended for elementary, secondary, and vocational education information is low.

+ + +

The effects of disruption of access to most elementary, secondary, and vocational education information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for elementary, secondary, and vocational education information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of elementary, secondary, and vocational education information would have a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for elementary, secondary, and vocational education information is low.

+ + + + Education + Higher Education + +

Higher Education refers to education beyond the secondary level; specifically, education provided by a college or university. It includes external higher educational activities performed by the government (e.g., Military Academies, ROTC, and USDA Graduate School).

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of higher education information on the ability of responsible agencies to support education beyond the secondary level (e.g., Military Academies, ROTC, USDA Graduate School, and other public and private universities and colleges). The consequences of unauthorized disclosure of most higher education information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions are based on the mission supported by the external training and education activity. In such cases, the impact on the system is defined by the information associated with the supported mission. This can result in assignment of a moderate or high impact level to such information.

+ + +

The provisional confidentiality impact level recommended for higher education information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to higher education information. The effects of disruption of access to most higher education information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for higher education information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of higher education information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: Exceptions that might result in more serious consequences are based on the mission supported by the higher education activity (e.g., undetected modification of weapons training information at a service academy where the modification could result in harm to the student or other individuals). In such + cases, the impact is determined by the information associated with the supported mission. This can result in assignment of a moderate or high impact level to such information.

+ + +

The provisional integrity impact level recommended for higher education information is low.

+ + + + Education + Cultural and Historic Preservation + +

Cultural and Historic Preservation involves all activities performed by the Federal Government to collect and preserve information and artifacts important to the culture and history of the United States and its citizenry and the education of U.S. citizens and the world.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of cultural and historic preservation information on the ability of responsible agencies to collect and preserve information and artifacts important to the culture and history of the United States and its citizenry and the education of U.S. citizens and the world. The consequences of unauthorized disclosure of most cultural and historic preservation information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In cases where disclosure of information might be useful to an individual or organization intent on destruction of historical materials, the potential consequences to key national assets could be serious to severe. In such cases, the confidentiality impact could be moderate to high.

+ + +

The provisional confidentiality impact level recommended for cultural and historic preservation information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to cultural and historic preservation information. The effects of disruption of access to most cultural and historic preservation information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for cultural and historic preservation information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of cultural and historic preservation information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: In cases where undetected modification of information might be useful to an individual or organization intent on destruction of historical materials, the potential consequences to key national assets could be serious to severe. Consequently, the integrity impact could be moderate to + high.

+ + +

The provisional integrity impact level recommended for cultural and historic preservation information is low.

+ + + + Education + Cultural and Historic Exhibition + +

Cultural and Historic Exhibition includes all activities undertaken by the U.S. government to promote education through the exhibition of cultural, historical, and other information, archives, art, etc.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of cultural and historic exhibition information on the ability of responsible agencies to promote education through the exhibition of cultural, historical, and other information, archives, art, etc. The consequences of unauthorized disclosure of most cultural and historic exhibition information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In cases where disclosure of information might be useful to an individual or organization intent on destruction of historical materials or archives, the potential consequences to key national assets could be serious to severe. Consequently, the confidentiality impact could be moderate to high.

+ + +

The provisional confidentiality impact level recommended for cultural and historic exhibition information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to cultural and historic exhibition information. The effects of disruption of access to most cultural and historic exhibition information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for cultural and historic exhibition information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of cultural and historic exhibition information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: In cases where undetected modification of information might be useful to an individual or organization intent on the destruction of historical materials or archives, the potential consequences to key national assets could be serious to severe. Consequently, the integrity impact could + be moderate to high.

+ + +

The provisional integrity impact level recommended for cultural and historic exhibition information is low.

+ + + + Workforce Management + Training and Employment + +

Training and Employment includes programs of job or skill training, employment services and placement, and programs to promote the hiring of marginal, unemployed, or low-income workers. Additionally, training information can include special training for personnel involved in Federal government operations (e.g., astronaut training).

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of training and employment information on the ability of responsible agencies to provide job or skill training, employment services and placement, and programs to promote the hiring of marginal, unemployed, or low-income workers. The consequences of unauthorized disclosure of most training and employment information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information processed in training and employment systems (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. + This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for training and employment information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to training and employment information. The effects of disruption of access to most training and employment information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for training and employment information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of training and employment information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Confidentiality Impact Determination: In the case of training aimed at achieving or improving proficiency in specialty occupations (e.g., astronaut training), the consequences of integrity compromises can threaten missions, or even human safety. In such cases, the integrity impact level can range from moderate to high.

+ + +

The provisional integrity impact level recommended for training and employment information is low.

+ + + + Workforce Management + Labor Rights Management + +

Labor Rights Management refers to those activities undertaken to ensure that employees and employers are aware of and comply with all statutes and regulations concerning labor rights, including those pertaining to wages, benefits, safety and health, whistleblower, and nondiscrimination policies.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of labor rights management information on the ability of responsible agencies to ensure that employees and employers are aware of and comply with all statutes and regulations concerning labor rights, including those pertaining to wages, benefits, safety and health, whistleblower, and nondiscrimination policies. In some cases, premature release of draft labor rights bulletins might adversely affect the effectiveness of agency operations. In general, the consequences of unauthorized disclosure of most labor rights management information would have, a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional confidentiality impact level recommended for labor rights management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to labor rights management information. The effects of disruption of access to most labor rights management information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for labor rights management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. The consequences of unauthorized modification or destruction of labor rights management information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional integrity impact level recommended for labor rights management information is low.

+ + + + Workforce Management + Worker Safety + +

Worker Safety refers to those activities undertaken to save lives, prevent injuries, and protect the health of America's workers.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of worker safety information on the ability of responsible agencies to protect the health and safety of America’s workers. In some cases, premature release of draft worker safety bulletins might adversely affect the effectiveness of agency operations. In general, the consequences of unauthorized disclosure of worker safety information would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional confidentiality impact level recommended for worker safety information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to worker safety information. The effects of disruption of access to most worker safety information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for worker safety information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of worker safety information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for worker safety information is low.

+ + + + Health + Access to Care + +

Access to Care focuses on the access to appropriate care. This includes streamlining efforts to receive care; ensuring care is appropriate in terms of type, care, intensity, location and availability; providing seamless access to health knowledge, enrolling providers; performing eligibility determination, and managing patient movement.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of access to care information on the ability of responsible agencies to focus on the access to appropriate care. This includes streamlining efforts to receive care; ensuring care is appropriate in terms of type, care, intensity, location and availability; providing seamless access to health knowledge, enrolling providers; performing eligibility determination, and managing patient movement will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Some information associated with health care involves confidential patient information subject to the Privacy Act and to HIPAA. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Other information (e.g., information proprietary to hospitals, pharmaceutical companies, insurers, and care + givers) must be protected under rules governing proprietary information and procurement management. In some cases, unauthorized disclosure of this information such as privacy-protected medical records can have serious consequences for agency operations. In such cases, the confidentiality impact level may be moderate.

+ + +

The provisional confidentiality impact level recommended for disclosure of access to care information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to care. Access to care is generally tolerant of delay. Typically, disruption of access to care information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Some access to care information could be deemed time-critical and is dependent on the severity of the health issue requiring immediate access to care, patient movements, etc.. Delays in the communication of specific situations may cause serious impacts to the patient or care provide. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional availability impact level recommended for access to care information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Many activities associated with access to care information are not time critical and the adverse effects of unauthorized modification or destruction of health care information on agency mission functions and/or public confidence in the agency will be limited. However, the consequences of unauthorized modification or destruction of health care information may result in incorrect, inappropriate, or excessively delayed treatment of patients. In these cases, serious adverse effects can include legal actions and danger to human life. Unauthorized modification or destruction of information affecting external communications that contain health care information (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency and the agency mission.

+ + +

The provisional integrity impact level recommended for access to care information is moderate.

+ + + + Health + Population Health Management and Consumer Safety + +

Population Health Management and Consumer Safety assesses health indicators and consumer products as a means to protect and promote the health of the general population. This includes monitoring of health, health planning, and health management of humans, animals, animal products, and plants, as well as tracking the spread of diseases and pests. It also includes evaluation of consumer products, drug, and foods to assess the potential risks and dangers; education of the consumer and the general population; and facilitation of health promotion and disease and injury prevention.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of population health management and consumer safety information on the ability of responsible agencies to assess health indicators and consumer products as a means to protect and promote the health of the general population that will have only a limited adverse effect on agency operations, assets, or individuals. The basic nature of this information type is to support the public and consumer market with information and supporting education. Special Factors Affecting Confidentiality Impact Determination: The most serious adverse effects are likely to involve premature release of health planning and management information, disclosure of sensitive mission support information [agencies’ means to combat spread of diseases or reacting to terrorist attacks on food, water, and other public consumables], or the exposure of information that is proprietary to an organization being evaluated by the agency + [Unauthorized disclosure of some information can have serious economic impact on both individual companies and the broader market place. The consequences of such unauthorized disclosures may have an adverse effect on public confidence in the agency.] This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for disclosure of Health Management and Consumer Safety information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish population health management and consumer safety. Population health management and consumer safety are generally tolerant of delay. Typically, disruption of population health management and consumer safety information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Delays in the communication of product deficiencies or issues associated with food, plant and animal sources may be life threatening. Delays in agency response to public health issues involving humans, animals, animal products, and plants, as well as tracking the spread of diseases and pests may also be life threatening or significantly degrade public safety. This can result in assignment of a high impact level to such information.

+ + +

The provisional availability impact level recommended for population health management and consumer safety information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of population health management and consumer safety information can be serious if the public is exposed to mislabeled, tainted, or otherwise harmful food, drugs, or consumer products. Special Factors Affecting Integrity Impact Determination: Impacts to some population health management and consumer safety information and supporting information systems associated with quality assurance of food, animal, plant and pharmaceuticals may affect the security of critical agriculture and food and public health infrastructures. Additionally, unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency and the + agency mission. In such cases, unauthorized modification or destruction of information can result in loss of human life. This can result in assignment of a high impact level to such information.

+ + +

The provisional integrity impact level recommended for population health management and consumer safety information is moderate.

+ + + + Health + Health Care Administration + +

Health Care Administration assures that federal health care resources are expended effectively to ensure quality, safety, and efficiency. This includes managing health care quality, cost, workload, utilization, and fraud/abuse efforts.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of Health Care Administration on the ability of responsible agencies to assure that federal health care resources are expended effectively to ensure quality, safety, and efficiency will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Much information associated with public health monitoring involves confidential patient information subject to the Privacy Act and to HIPAA. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. In some cases, unauthorized disclosure of this information such as privacy-protected medical records can have serious consequences for agency operations. In such cases, the confidentiality impact level may be moderate.

+ + +

The provisional confidentiality impact level recommended for disclosure of Health Care Administration information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish Health Care Administration information. Health Care Administration information is generally tolerant of delay. Typically, disruption of Health Care Administration information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for Health Care Administration information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications that contain Health Care Administration information (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency and also the agency mission. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of Health Care Administration information can result in inappropriate allocation or deployment of health care services and possible loss of human life. This can result in assignment of a high impact level to such information.

+ + +

The provisional integrity impact level recommended for Health Care Administration information is Moderate.

+ + + + Health + Health Care Delivery Services + +

Health Care Delivery Services provides and supports the delivery of health care to its beneficiaries. This includes assessing health status; planning health services; ensuring quality of services and continuity of care; and managing clinical information and documentation.

+ + + fips-199-low + + + fips-199-low + + + fips-199-high + + +

The confidentiality impact level is the effect of unauthorized disclosure of health care delivery services on the ability of responsible agencies to provide and support the delivery of health care to its beneficiaries will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Some information associated with health care involves confidential patient information subject to the Privacy Act and to HIPAA. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Other information (e.g., information proprietary to hospitals, pharmaceutical companies, insurers, and care givers) must be protected under rules governing proprietary information and procurement management. In some cases, unauthorized disclosure of this information such as privacy-protected medical records can have serious consequences for agency + operations. In such cases, the confidentiality impact level may be moderate.

+ + +

The provisional confidentiality impact level recommended for disclosure of health care delivery services information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish Health Care Administration information. Except for cases of emergency actions necessary to correct urgent threats to patient health, health care processes are usually tolerant of reasonable delays. Special Factors Affecting Availability Impact Determination: Some health care delivery services information is time-critical and is dependent on the severity of the health threat(s) and the rapidity with which the threat is spreading/ growing. Delays in the communication of specific situations may be life threatening. This can result in assignment of a moderate or high impact level to such information.

+ + +

The provisional availability impact level recommended for health care delivery services information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Many activities associated with health care delivery services are not time critical and the adverse effects of unauthorized modification or destruction of health care information on agency mission functions and/or public confidence in the agency will be limited. However, the consequences of unauthorized modification or destruction of health care information may result in incorrect, inappropriate, or excessively delayed treatment of patients. In these cases, serious adverse effects can include legal actions and danger to human life. Unauthorized modification or destruction of information affecting external communications that contain health care information (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency and the agency mission.

+ + +

Because of the potential for the loss of human life, the provisional integrity impact level recommended for health care delivery services information is high.

+ + + + Health + Health Care Research and Practitioner Education + +

Health Care Research and Practitioner Education fosters advancement in health discovery and knowledge. This includes developing new strategies to handle diseases; promoting health knowledge advancement; identifying new means for delivery of services, methods, decision models and practices; making strides in quality improvement; managing clinical trials and research quality; and providing for practitioner education.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of health care research and practitioner education on the ability of responsible agencies to fosters advancement in health discovery and knowledge will have only a limited adverse effect on agency operations, assets, or individuals.

+ + +

The provisional confidentiality impact level recommended for disclosure of health care research and practitioner education information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish health care research and practitioner education. Health care research and practitioner education information are generally tolerant of delay. Typically, disruption of health care research and practitioner education information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for health care research and practitioner education information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications that contain health care research and practitioner education information (e.g., web pages, electronic mail) may adversely affect operations and public confidence in the agency and also the agency mission.

+ + +

The provisional integrity impact level recommended for health care research and practitioner education information is moderate.

+ + + + Income Security + General Retirement and Disability + +

General Retirement and Disability involves the development and management of retirement benefits, pensions, and income security for those who are retired or disabled. Related information types affecting qualification and disbursement of benefits are discussed in Appendix C’s Sections C.2.8.8, C.2.8.9, C.2.8.10, C.2.8.11, and C.3.2.5.

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of general retirement and disability information on the ability of responsible agencies to develop and manage retirement benefits, pensions, and income security for those who are retired or disabled. The consequences of limited unauthorized disclosure of retirement and disability information would have a limited adverse effect on agency operations, agency assets, or individuals. The disclosure of privacy information (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals) may have serious consequences. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Unauthorized disclosure of large amounts of general retirement and disability information may result in significant damage to an agency’s image or operation.

+ + +

The confidentiality impact recommended for general retirement and disability information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to general retirement and disability information. The effects of disruption of access to general retirement and disability information or information systems would have, in many cases, a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Where provision of retirement and/or disability benefits is a primary agency service delivery mission, the consequences can be more severe. Availability compromises may result in reduction of benefits – and in extreme cases can be life threatening. This can result in assignment of a high impact level to such information.

+ + +

The provisional availability impact level recommended for general retirement and disability information is moderate.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Generally, the consequences of unauthorized modification or destruction of general retirement and disability information would have a limited adverse effect on agency operations, agency assets, or individuals. However, where provision of retirement and/or disability benefits is a primary agency service delivery mission, the consequences can be more severe. Special Factors Affecting Integrity Impact Determination: Integrity compromises may result in reduction of benefits– and in extreme cases can be life threatening. This can result in assignment + of a high impact level to such information.

+ + +

The provisional integrity impact level recommended for general retirement and disability information is moderate.

+ + + + Income Security + Unemployment Compensation + +

Unemployment Compensation provides income security to those who are no longer employed, while they seek new employment.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of unemployment compensation information on the ability of responsible agencies to provide income security to those who are no longer employed, while they seek new employment. The consequences of unauthorized disclosure of most unemployment compensation information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for unemployment compensation information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to unemployment compensation information. The effects of disruption of access to unemployment compensation information or information systems would have, at most, a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for unemployment compensation information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of unemployment compensation information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for unemployment compensation information is low.

+ + + + Income Security + Housing Assistance + +

Housing Assistance involves the development and management programs that provide housing to those who are unable to provide housing for themselves including the rental of single-family or multifamily properties, and the management and operation of federally supported housing properties.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of housing assistance information on the ability of responsible agencies to develop and manage programs that provide housing to those who are unable to provide housing for themselves including the rental of single-family or multifamily properties, and the management and operation of federally supported housing properties. The consequences of unauthorized disclosure of most housing assistance information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal + Identity and Authentication information type. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for housing assistance information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to housing assistance information. The effects of disruption of access to most housing assistance information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for housing assistance information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of housing assistance information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for housing assistance information is low.

+ + + + Income Security + Food and Nutrition Assistance + +

Food and Nutrition Assistance involves the development and management of programs that provide food and nutrition assistance to those members of the public who are unable to provide for these needs themselves.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of food and nutrition assistance information on the ability of responsible agencies to develop and manage of programs that provide food and nutrition assistance to those members of the public who are unable to provide for these needs themselves. The consequences of unauthorized disclosure of most food and nutrition assistance information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in + assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact recommended for food and nutrition assistance information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to food and nutrition assistance information. The effects of disruption of access to most food and nutrition assistance information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for food and nutrition assistance information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of food and nutrition assistance information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for food and nutrition assistance information is low.

+ + + + Income Security + Survivor Compensation + +

Survivor Compensation provides compensation to the survivors of individuals currently receiving or eligible to receive benefits from the Federal Government. This includes survivors such as spouses or children of veterans or wage earners eligible for social security payments.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of survivor compensation information on the ability of responsible agencies to provide compensation to the survivors of individuals currently receiving or eligible to receive benefits from the Federal Government. The consequences of unauthorized disclosure of most survivor compensation information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information (e.g., information required by the Privacy Act of 1974 or other statutes and executive orders to receive special handling to protect the privacy of individuals). The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. This can result in assignment of a moderate impact level to such + information.

+ + +

The provisional confidentiality impact level recommended for survivor compensation information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to survivor compensation information. The effects of disruption of access to most survivor compensation information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for survivor compensation information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of survivor compensation information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for survivor compensation information is low.

+ + + + Law Enforcement + Criminal Apprehension + +

Criminal apprehension supports activities associated with the tracking and capture of groups or individuals believed to be responsible for committing Federal crimes.

+ + + fips-199-low + + + fips-199-moderate + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of criminal apprehension information on the ability of responsible agencies to track and capture groups or individuals believed to be responsible for committing Federal crimes, on public safety, and on the safety of law enforcement officers. The consequences of unauthorized disclosure of criminal apprehension information depend 1) on the seriousness of the crime involved, 2) on the capability and predisposition of the criminal to injure or kill civilians or law enforcement officials, 3) timing (e.g., the ability of the criminal to access the information and use it to facilitate a crime or evade capture), and 4) statutory and regulatory requirements which vary by violation. Special Factors Affecting Confidentiality Impact Determination: In cases where 1) the crimes are not violent and do not involve large property losses, and 2) there is no history of violence on the part of the criminal, the + confidentiality impact may be low or moderate. For many crimes that are the responsibility of Federal law enforcement agencies, the consequences associated with unauthorized disclosure of criminal apprehension information must often be assumed to pose a threat to human life or result in a loss of major assets. In such cases, confidentiality impact level is high.

+ + +

For most Federal law enforcement systems that support criminal apprehension activities the harm that results from unauthorized disclosure will be limited. Therefore, the provisional confidentiality impact level recommended for criminal apprehension information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to criminal apprehension information. Missions supported by criminal apprehension information are not typically tolerant of delay. While there are many cases in which elements of criminal apprehension information are not urgent, there are many in which relatively short periods of unavailability can pose a threat to human life and/or result in a loss of major assets.

+ + +

The provisional availability impact level recommended for most criminal apprehension information is moderate.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of criminal apprehension information may depend on the urgency with which the information is needed and on the success of subsequent prosecution of the apprehended criminal(s). Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of criminal apprehension information may have an adverse effect on the subsequent prosecution of the apprehended criminal. Consequently, a serious adverse effect on agency operations can result. This can place the + agency at a significant disadvantage. In such cases, the integrity impact level recommended for criminal apprehension information is at least moderate. When the criminal apprehension information is time-critical, the unauthorized modification or destruction of this information may have a severe or catastrophic effect on public confidence in the agency, pose a significant threat to major assets, and/or pose a threat to human life. This is applicable for many crimes that are the responsibility of Federal law enforcement agencies. For this criminal apprehension information, the Recommended Integrity Impact Level is high.

+ + +

For most Federal law enforcement systems that support criminal apprehension activities the harm that results from unauthorized modification or destruction will be limited. Therefore, the provisional integrity impact level recommended for criminal apprehension information is low.

+ + + + Law Enforcement + Criminal Investigation and Surveillance + +

Criminal investigation and surveillance includes the collection of evidence required to determine responsibility for a crime and the monitoring and questioning of affected parties.

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of criminal investigation and surveillance information on the ability of responsible agencies to collect evidence required to determine responsibility for a crime, to monitor and question affected parties, and to protect the safety of witnesses and law enforcement officers. The consequences of unauthorized disclosure of criminal investigation and surveillance information depend 1] on the seriousness of the crime involved, 2] timing (e.g., the ability of the criminal39 to access the information and use it to facilitate a crime, to evade detection or surveillance, or eliminate probable cause for searches and warrants), and 3] on the capability and predisposition of the criminal to injure witnesses or law enforcement officials. Special Factors Affecting Confidentiality Impact Determination: In cases where 1) the crimes are not violent and do not involve large property losses, and 2) there is no + history of violence on the part of the criminal, the confidentiality impact may be low or moderate. Given the nature of many of the crimes that are the responsibility of Federal law enforcement agencies, the consequences associated with unauthorized disclosure of criminal investigation and surveillance information must often be assumed to pose a threat to human life or result in a loss of major assets. Information that reveals the identity and/or location of informants may be of particular concern. In such cases, the confidentiality impact level is high.

+ + +

The provisional confidentiality impact level recommended for criminal investigation and surveillance information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to criminal investigation and surveillance information. Missions supported by criminal investigation and surveillance information are not always tolerant of delay. Special Factors Affecting Availability Impact Determination: There are some cases in which relatively short periods of unavailability of criminal investigation and surveillance information may result in lost surveillance opportunities or opportunities to make an arrest. Where the crimes involved pose a threat to human life and/or result in a loss of major assets, the availability impact level recommended for criminal investigation and surveillance information is high.

+ + +

The provisional availability impact level recommended for criminal investigation and surveillance information is moderate.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of criminal investigation and surveillance information depends on the urgency with which the information is needed and on the success of subsequent prosecution of the apprehended criminal(s). Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Where unauthorized modification or destruction of criminal investigation and surveillance information can have an adverse effect on the granting or execution of a search or wiretap warrant or on the success of subsequent prosecution of the apprehended criminal a serious adverse effect on agency + operations can result. This can place the agency at a significant disadvantage. Special Factors Affecting Integrity Impact Determination: In some cases, major investigations can be jeopardized when the time-critical criminal investigation and surveillance information is modified or destroyed. Where the criminal case under investigation involves major property losses, large-scale financial frauds that have serious implications for financial markets, poses a threat to key national assets or human life, the Recommended Integrity Impact Level is high. In international matters, such as trade enforcement, tariff agreements, etc., or where foreign nationals might be involved, the integrity impact level for criminal investigation and surveillance information will be high. Any compromise of such information could result in catastrophic adverse effects on future operations, individual and agency reputations, and on human life.

+ + +

The provisional integrity impact level recommended for criminal investigation and surveillance information is moderate.

+ + + + Law Enforcement + Citizen Protection + +

Citizen protection involves all activities performed to protect the general population of the United States from criminal activity.

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of citizen protection information on the ability of responsible agencies to protect the general population of the United States from criminal activity. In some cases, the criminal activity is terrorist activity intended to cause mass casualties. While the results of unauthorized disclosure of most citizen protection information are unlikely to have a serious adverse effect on agency operations, the exceptions can have catastrophic consequences. Special Factors Affecting Confidentiality Impact Determination: The consequences of unauthorized disclosure of citizen protection information could be severe. If detailed intelligence information regarding a planned terrorist act was disclosed, the terrorists might succeed in countering the protection measures and carry out a devastating attack. The confidentiality impacts associated with information concerning defensive dispositions would be high. While the + adverse effects of unauthorized disclosure of some citizen protection information on law enforcement operations, assets, and individuals are limited; the stakes are usually higher. Federal citizen protection activities often seek to protect the public against life-threatening situations or against loss of major assets.

+ + +

The provisional confidentiality impact level recommended for most citizen protection information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to citizen protection information. Many citizen protection missions are usually tolerant of reasonable delays. Most criminal activity against citizen protection information is not life threatening but can result in serious property loss. Special Factors Affecting Availability Impact Determination: Emergency situations or elevated terrorist threat conditions are not tolerant of delays. Where systems support time-sensitive operations for life-threatening situations, the availability impact level for citizen protection information is high.

+ + +

In the case of most systems that support delivery of citizen protection services, the provisional availability impact level recommended for citizen protection information is moderate.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of citizen protection information may pose a potential threat to public safety particularly if the protective measures are compromised. Special Factors Affecting Integrity Impact Determination: In some cases (e.g., terrorist threats), unauthorized modification or destruction of citizen protection information can result in loss of human life - a high-impact potential.

+ + +

The provisional integrity impact level recommended for citizen protection information is moderate.

+ + + + Law Enforcement + Leadership Protection + +

Leadership protection involves all activities performed to protect the health and well being of the president, vice-president, their families, and other high-level government officials. Some leadership protection information may be classified. All classified information is treated under separate rules established for national security information and is outside the scope of this guideline.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of leadership protection information on the abilities of responsible agencies to protect the health and well being of the president, vice-president, their families, and other high-level government officials. The consequences of unauthorized disclosure of most leadership protection information are not directly life-threatening but can have serious consequences. Special Factors Affecting Confidentiality Impact Determination: For the unauthorized disclosure of information that can facilitate efforts to assassinate Federal leadership, the consequences not only pose a threat to human life, but can also have a disruptive effect on the continuity of Federal government operations. In such cases, the confidentiality impact level is high.

+ + +

Given the nature of most leadership protection information, the provisional confidentiality impact level recommended for the information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to leadership protection information. Special Factors Affecting Integrity Impact Determination: In the case of Secret Service operations, missions supported by leadership protection information are not tolerant of delays with resultant catastrophic consequences for mission capability and human life. In such cases, the availability impact level is high.

+ + +

The provisional availability impact level recommended for most leadership protection information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. That is, the consequences of unauthorized modification or destruction of leadership protection information may be determined by the specific operation(s) supported by the information. In addition, the consequences may depend on the urgency with which the intelligence information is needed. Special Factors Affecting Integrity Impact Determination: In the case of Secret Service operations, unauthorized modification or destruction of information affecting leadership protection information may adversely affect mission operations in a manner that results in loss of human life and disruption of government operations. In such cases, the integrity impact level is high.

+ + +

The provisional integrity impact level recommended for most leadership protection information is low.

+ + + + Law Enforcement + Property Protection + +

Property protection entails all activities performed to ensure the security of civilian and government property.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of property protection information on the ability of responsible agencies to ensure the security of civilian and government property. The consequences of unauthorized disclosure of property protection information are generally dependent on the nature of the property being protected. Where the property being protected is neither critical to agency operations nor of such value that its loss would degrade mission capability or place the agency at a significant disadvantage, unauthorized disclosure would have a limited adverse effect. Special Factors Affecting Confidentiality Impact Determination: Where critical infrastructure facilities or key national assets are being protected, the consequences of unauthorized disclosure of property protection information might reveal vulnerabilities in protection measures to terrorists or other adversaries. Where unauthorized disclosure of property protection + information associated with critical infrastructures, large groups of people, or key national assets is expected to be of direct use to terrorists, the confidentiality impact level is high. Most protected facilities are not part of national security, the critical infrastructure, or key national asset categories. If unauthorized disclosure of property protection information resulted in damage to these facilities, serious adverse effects on agency operations and assets could reasonably be expected to result. This can result in assignment of a moderate or high impact level to such information. Where the property being protected involves classified information, the property protection information itself might be classified. Some examples include command and control and other military facilities, foreign intelligence collection or processing facilities, weapons or weapons facilities, and cryptographic activities. National security information is outside the scope of this + guideline.

+ + +

The confidentiality impact level is the effect of unauthorized disclosure of property protection information on the ability of responsible agencies to ensure the security of civilian and government property. The consequences of unauthorized disclosure of property protection information are generally dependent on the nature of the property being protected. Where the property being protected is neither critical to agency operations nor of such value that its loss would degrade mission capability or place the agency at a significant disadvantage, unauthorized disclosure would have a limited adverse effect. Special Factors Affecting Confidentiality Impact Determination: Where critical infrastructure facilities or key national assets are being protected, the consequences of unauthorized disclosure of property protection information might reveal vulnerabilities in protection measures to terrorists or other adversaries. Where unauthorized disclosure of property protection + information associated with critical infrastructures, large groups of people, or key national assets is expected to be of direct use to terrorists, the confidentiality impact level is high. Most protected facilities are not part of national security, the critical infrastructure, or key national asset categories. If unauthorized disclosure of property protection information resulted in damage to these facilities, serious adverse effects on agency operations and assets could reasonably be expected to result. This can result in assignment of a moderate or high impact level to such information. Where the property being protected involves classified information, the property protection information itself might be classified. Some examples include command and control and other military facilities, foreign intelligence collection or processing facilities, weapons or weapons facilities, and cryptographic activities. National security information is outside the scope of this + guideline.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to property protection information. Missions supported by property protection information are not typically tolerant of delays, but the consequences of loss of availability of most property protection information are limited. Special Factors Affecting Availability Impact Determination: The consequences of inability of guard forces and other emergency responders to receive property protection information in a timely manner may result in catastrophic consequences for properties that could include critical infrastructures and key national assets. In general, the availability impact level assigned to property protection information is dependent on what is being protected. This can result in assignment of a moderate or high impact level to such information.

+ + +

The provisional availability impact recommended for most property protection information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of property protection information depends on the type of property being protected and on the immediacy with which the information is expected to be used. In most cases, unauthorized disclosure can be expected to have limited adverse consequences. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency. However, the potential damage to the protection mission will usually be of greater concern. If the modified or destroyed information is tactical i.e., time-critical, there is a greater potential for actions being taken based on incomplete or + false information. This can have serious adverse effects on protection operation. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional integrity impact level recommended for most property protection information is low.

+ + + + Law Enforcement + Substance Control + +

Substance control supports activities associated with the enforcement of legal substances (i.e., alcohol and tobacco) and illegal narcotics laws including trafficking, possession, sale, distribution, and other related activities.

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of substance control information on the ability of responsible agencies to enforce legal substances (i.e., alcohol and tobacco) and illegal narcotics laws including trafficking, possession, sale, distribution, and other related activities. Unauthorized disclosure of a significant proportion of substance control information can compromise investigations, cause apprehension operations to fail, and compromise prosecutions. This can have a serious adverse effect on agency operations and place the agency at a significant disadvantage. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some routine substance control information is unlikely to have more than a limited adverse effect on agency operations, agency assets, or individuals. The confidentiality impact associated with such information is low. Where the unauthorized disclosure of information exposes + sensitive information sources or compromises investigative or interdiction operations, the consequences of unauthorized disclosure of substance control information may have a serious adverse effect on agency operations, significantly degrade mission capability, and/or pose a threat to human life. Where unauthorized disclosure endangers investigations in process, investigative or intelligence information sources, or information regarding witnesses or other critical case file elements, the danger to human life and key agency missions can be significant. Where unauthorized disclosure endangers witnesses or law enforcement officers, the impact level must be rated as high. Other factors affecting confidentiality impacts associated with substance control information are discussed under Section D.16.1 (Criminal Apprehension) and Section D.16.2 (Criminal Investigation and Surveillance). Some substance control information is classified (e.g., some intelligence-derived + information). Classified information and other national security information are outside the scope of this guideline

+ + +

The provisional confidentiality impact level recommended for most substance control information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to substance control information. Most substance control processes are usually tolerant of reasonable delays. Special Factors Affecting Availability Impact Determination: The consequences of unavailability of information can be serious if the information is critical to tactical operations i.e., is time-critical. Failure of some processes during tactical operations can result in both threats to human life and severe harm to public confidence in the agency. The impact level assigned to information and information systems associated with these tactical processes is high.

+ + +

The provisional availability impact level recommended for most substance control information is moderate.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The amount of money available to perpetrators significantly increases the insider threat. The consequences of unauthorized modification or destruction of information can be serious if the information is critical to tactical operations i.e., is time-critical. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to most missions would usually be limited Special Factors Affecting Confidentiality Impact Determination: Unauthorized modification or destruction of information (particularly time-critical information) affecting internal communications can jeopardize investigations, prosecutions, the lives of witnesses, and the safety of enforcement + officers. In some cases, unauthorized modification or destruction of information can result in loss of human life. In such cased, the integrity impact level is high. Other factors affecting integrity impacts associated with substance control information are discussed under Section D.16.1 (Criminal Apprehension) and Section D.16.2 (Criminal Investigation and Surveillance).

+ + +

Because the consequences of unauthorized modification or destruction of information can be serious if the information is critical to tactical operations (i.e., is time-critical), the provisional integrity impact level recommended for substance control information is moderate.

+ + + + Law Enforcement + Crime Prevention + +

Crime prevention entails all efforts designed to create safer communities through the control and reduction of crime by addressing the causes of crime and reducing the opportunities of crime.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of crime prevention information on the ability of responsible agencies to create safer communities through the control and reduction of crime by addressing the causes of crime and reducing the opportunities of crime. Generally, the unauthorized disclosure of crime prevention information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In a few cases, details of crime prevention programs are sensitive (e.g., location of actively monitored surveillance cameras where only a fraction of camera feeds are monitored). In such cases, unauthorized disclosure of crime prevention information might have a serious adverse effect on crime prevention operations by eliminating uncertainty regarding surveillance patterns. Therefore, the confidentiality impact might be moderate.

+ + +

The provisional confidentiality impact level recommended for crime prevention information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to crime prevention information. Most crime prevention processes are tolerant of delay. In most cases, disruption of access to crime prevention information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In exceptional cases (e.g., orders associated with deployment of officers to provide a crime-discouraging presence in developing threat situations), loss of availability of information can have a serious adverse effect on crime prevention operations. In such cases, the availability impact might be moderate.

+ + +

The provisional availability impact level recommended for crime prevention information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Crime prevention activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of crime prevention information on agency mission functions and/or public confidence in the agency would be limited.

+ + +

The provisional integrity impact level recommended for crime prevention information is low.

+ + + + Law Enforcement + Trade Law Enforcement + +

Trade law enforcement refers to the enforcement of anti-boycott, international loan, and general trade laws.

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of trade law enforcement information on the ability of responsible agencies to enforce various Customs laws. Unauthorized disclosure of trade law enforcement information could potentially jeopardize fulfillment of other trade law enforcement missions. Some information that has supported a trade law enforcement process might be of higher sensitivity, and unauthorized disclosure of this information might jeopardize the success of future trade law enforcement processes. The subsequent threat to agency image or reputation can cause a serious adverse effect on an agency’s mission capability. Where information includes names of informants, informant contacts, or agency personnel, the effectiveness of those personnel in future enforcement activities can be permanently impaired, or their lives threatened. Intelligence information falls under national security systems. National security information and + national security systems are outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for most trade law enforcement information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to trade law enforcement information. The effects of disruption of access to trade law enforcement information or information systems can be serious or, in some cases, catastrophic if the information is time-critical. Trade law enforcement missions are typically intolerant of significant time delays.

+ + +

The provisional availability impact level recommended for most trade law enforcement information is moderate.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of trade law enforcement information may depend on whether the information is time-critical. The compromise of trade law enforcement information can be serious or, in some cases, catastrophic if the information is time-critical. Also, the results of trade law enforcement activities may become matters of public record, and thus must be accurately recorded. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting trade law enforcement information may adversely affect mission operations and result in unacceptable consequences such as loss of human life. The compromise of trade law enforcement information can be serious or catastrophic if the information is time-critical. + This can result in assignment of a high impact level to such information.

+ + +

The provisional integrity impact level recommended for most trade law enforcement information is moderate.

+ + + + Litigation and Judicial Activities + Judicial Hearings + +

Judicial hearings include activities associated with conducting a hearing in a court of law to settle a dispute.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of judicial hearings information on the ability of responsible entities to conducting a hearing in a court of law to settle a dispute. While much information associated with judicial hearings is public, some information is sealed by the court and unauthorized disclosure is punishable by law, fine and/or imprisonment. In the vast majority of cases, unauthorized disclosure of judicial hearings information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where the life of a victim, witness, or informant may be endangered by unauthorized disclosure, the confidentiality impact is high. Also, where the consequences are likely to endanger public safety, the confidentiality impact is high.

+ + +

Given the consequences of unauthorized disclosure, the provisional confidentiality impact level recommended for judicial hearings information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to judicial hearings information. Most judicial hearings processes are tolerant of delay. In most cases, disruption of access to judicial hearings information can be expected to have only a limited adverse effect on government operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In exceptional cases (e.g., orders associated with wiretap or search warrants), loss of availability of information can have a serious or severe adverse effect. In such cases, the availability impact might be moderate or high.

+ + +

The provisional availability impact level recommended for judicial hearings information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Judicial hearings activities are not typically time-critical. Modification or destruction of court records can result in disruption or jeopardy to legal proceedings. In most cases, the adverse effects of unauthorized modification or destruction of judicial hearings information on agency mission functions and/or public confidence in the agency will be limited.

+ + +

The provisional integrity impact level recommended for judicial hearings information is low.

+ + + + Litigation and Judicial Activities + Legal Defense + +

Legal defense refers to the representation of a defendant in a criminal/civil court of law in an attempt to provide constitutional guarantees to legal representation. The sensitivity of much legal information is highly lifecycle-dependent. From a confidentiality perspective, most information associated with litigation and judicial activities is in the public record after the information has been presented in court.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-high + + +

The confidentiality impact level is the effect of unauthorized disclosure of legal defense information on the representation of a defendant in a criminal/civil court of law and on the ability of the government to provide constitutional guarantees to legal representation. Dissemination of legal defense information is governed by privacy laws and by Rules of Criminal Procedure, Rules of Civil Procedure, and other laws governing adversarial legal proceedings. While much information associated with legal defense is public, some information is sealed by the court or is otherwise protected from disclosure. Violation of rules regarding unauthorized disclosure is punishable by law, disbarment, fine, and/or imprisonment. Generally, the unauthorized disclosure of legal defense information will have only a limited adverse effect on agency operations, assets, or individuals. Where unauthorized disclosure of information might have a serious adverse effect on legal defense, there is a + presumption of a miscarriage of justice. If an unauthorized disclosure is discovered, the legal proceeding may be jeopardized (e.g., a mistrial may be declared). The cost to the government and others in terms of finance, time, and disruption to normal operations can be severe. If suspicion is raised concerning government complicity or negligence, serious loss of public confidence in government agencies or the legal process may result. Special Factors Affecting Confidentiality Impact Determination: Where the life of a victim, witness, or informant may be endangered by disclosure, the confidentiality impact will be high. Also, where the consequences of a miscarriage of justice are likely to endanger public safety (e.g., release of a terrorist or other murderer), the confidentiality impact will be high.

+ + +

Given legal consequences of unauthorized disclosure, the provisional confidentiality impact level recommended for legal defense information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to legal defense information. Most legal defense processes are tolerant of delay. Delays can impact court schedules, cause significant taxpayer expense, and potentially jeopardize legal proceedings (see C17.2.2). In most cases, disruption of access to legal defense information can be expected to have only a limited adverse effect on government operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In exceptional cases (e.g., information affecting a ruling regarding an impending execution), loss of availability of information can have a severe adverse effect. The consequent availability impact level would be high.

+ + +

The provisional availability impact level recommended for legal defense information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Legal defense activities are not typically time-critical. In most cases, unauthorized modification or destruction of legal defense information will have only a limited adverse effect on government operations, government assets, or individuals. Special Factors Affecting Integrity Impact Determination: For legal defense information, when evidence or other defense information has been compromised the legal proceedings can be jeopardized. As a consequence, the cost to the government and other entities in terms of finance, time, and disruption to normal operations may be severe. If suspicion is raised concerning government complicity or negligence, serious loss of public confidence in government agencies or the legal process may result. In this case, the integrity impact level will be moderate. + When the modification or destruction of legal defense information endangers public safety (e.g., release of a terrorist or other murderer), the integrity impact will be high. Even if public safety is not endangered, the modification or destruction of legal defense information may result in expensive and disruptive civil or criminal proceedings.

+ + +

Given the legal consequences of unauthorized modification or destruction and potential consequences for human life, the provisional integrity impact level recommended for legal defense information is high.

+ + + + Litigation and Judicial Activities + Legal Investigation + +

Legal investigation supports activities associated with gathering information about a given party (government agency, citizen, corporation) that would be admissible in a court of law, in an attempt to prove guilt or innocence. The

+ + + fips-199-moderate + + + fips-199-moderate + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of legal investigation information on the ability of responsible agencies to gather information about a given party (government agency, citizen, corporation) that would be admissible in a court of law, in an attempt to prove guilt or innocence. Special Factors Affecting Confidentiality Impact Determination: The consequences of unauthorized disclosure of legal investigation information depend 1] on the seriousness of the crime involved, 2] timing (e.g., the ability of the criminal40 to access the information and use it to commit a crime or to evade detection or surveillance), and 3] on the capability criminal to injure witnesses or law enforcement officials. In cases where 1) the crimes are not violent and do not inextraordinarily large property losses, and 2) there is no indication of a record of violence on the part of the criminal, the confidentiality impact may be low or moderate. Given the + nature of many of the crimes that are the responsibility of Federal law enforcement agencies, the consequences associated with unauthorized disclosure of legal investigation information will pose a threat to human life or result in a loss of major assets. Additionally, when the disclosure concerns matters of multi-national interest, such as trade enforcement, tariff agreements, etc., or where foreign nationals might be involved, the confidentiality impact will be high. Information that reveals the identity and/or location of informants may be of particular concern.

+ + +

Given potentially serious to severe legal consequences of unauthorized disclosure, the provisional confidentiality impact level recommended for legal investigation information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to legal investigation information. Missions supported by legal investigation information are not typically tolerant of delay with resultant serious consequences for ongoing investigations. Special Factors Affecting Availability Impact Determination: Where the crimes involved pose a threat to human life and/or result in a loss of major assets, the availability impact level recommended for legal investigation information is high.

+ + +

The provisional availability impact level recommended for legal investigation information is moderate.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of legal investigation information may depend on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications associated with legal investigative organizations (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Where unauthorized modification or destruction of information has an adverse effect on the granting/executing of a search or wiretap warrant or on the success of the subsequent prosecution, a serious adverse effect on agency operations may result. This can place the agency at a significant disadvantage. Special Factors Affecting Integrity Impact + Determination: Legal investigation mission requirements may include time-critical information. In such cases, major investigations can be jeopardized by the unauthorized modification or destruction of legal investigation information. Where the criminal case under investigation involves major property losses, large-scale financial frauds, poses a threat to key national assets or human life, the integrity impact level recommended for legal investigation information is high. When legal investigation information addresses international matters, such as trade enforcement or tariff agreements or when foreign nationals are involved, the integrity level is high. Any deliberate or inadvertent corruption of such information could result in catastrophic adverse effects on future operations, individual or agency reputations, and human life.

+ + +

The provisional integrity impact level recommended for legal investigation information is moderate.

+ + + + Litigation and Judicial Activities + Legal Prosecution and Litigation + +

Legal prosecution/litigation includes all activities involved with presenting a case in a legal proceeding both in a criminal or civil court of law in an attempt to prove guilt/responsibility.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of legal prosecution/litigation information on the ability of responsible agencies to present a case in a legal proceeding either in a criminal or civil court of law in an attempt to prove guilt/responsibility. Dissemination of legal prosecution/litigation information is governed by privacy laws and by Rules of Criminal Procedure, Rules of Civil Procedure, and other laws governing adversarial legal proceedings. While most information associated with legal prosecution/litigation is public, some information is sealed by the court or is otherwise protected from disclosure. Violation of rules regarding unauthorized disclosure is punishable by law, disbarment, fine, and/or imprisonment. Generally, the unauthorized disclosure of legal prosecution/litigation information will have only a limited adverse effect on agency operations, assets, or individuals. In criminal cases, the consequences of unauthorized + disclosure of legal prosecution information are affected by 1] the seriousness of the crime involved, 2] timing (e.g., the ability of the criminal to access the information and use it to commit a crime or evade detection or surveillance), and 3] the capability of the criminal to injure witnesses or law enforcement officials. Special Factors Affecting Confidentiality Impact Determination: Where unauthorized disclosure of information might have a serious adverse effect on legal prosecution/ litigation, there is a presumption of a miscarriage of justice. If an unauthorized disclosure is discovered, the legal proceeding is jeopardized (e.g., a mistrial may be declared). The cost to the government and others in terms of finance, time, and disruption to normal operations can be severe. If suspicion is raised concerning government complicity or negligence, serious loss of public confidence in government agencies or the legal process may result. In this case, the + confidentiality impact of unauthorized disclosure will be moderate. Where the life of a complainant, victim, witness, or informant may be endangered by disclosure, the confidentiality impact will be high. Also, where the consequences of a miscarriage of justice are likely to endanger public safety (e.g., release of a terrorist or other murderer), the confidentiality impact will be high. Given the nature of many of the crimes that are the responsibility of Federal law enforcement agencies, the consequences associated with unauthorized disclosure of legal prosecution information must be assumed to pose a threat to human life or result in a loss of major assets. Additionally, when a legal proceeding concerns matters of trans-national interest, such as trade enforcement, tariff agreements, etc., or where foreign nationals might be involved, the confidentiality impact will be high. Information that reveals the identity and/or location of informants may be of particular + concern. [The impact of unauthorized disclosure of national security information is outside the scope of this guideline.]

+ + +

Given the public nature of and disclosure rules associated with most prosecution/litigation information, the provisional confidentiality impact level recommended is low. In cases where 1) the crimes are not violent and do not involve extraordinarily large property losses, and 2) there is no indication of a record of violence on the part of the criminal, the confidentiality impact may be low

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to legal prosecution/litigation information. Most legal prosecution/litigation processes are tolerant of delay even though the delays can impact court schedules, cause significant taxpayer expense, and potentially jeopardize legal proceedings (see C17.4.2). Typically, the disruption of access to legal prosecution/litigation information can be expected to have only a limited adverse effect on government operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: In exceptional cases (e.g., information affecting a ruling regarding an impending execution), loss of availability of information can have a severe adverse effect. The availability impact level recommended for this legal prosecution/litigation information is high.

+ + +

The provisional availability impact level recommended for legal prosecution/litigation information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Legal prosecution/litigation activities are not typically time-critical. Unauthorized modification or destruction of information affecting external communications associated with legal prosecution/litigation organizations (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. In general, the unauthorized modification or destruction of legal prosecution/litigation information will have only a limited adverse effect on government operations, government assets, or individuals. However, if evidence or other defense information has been compromised, legal proceedings may be affected (e.g., a mistrial may be declared). The subsequent cost to the government in terms of finance, time, and disruption + to normal operations may be severe. If suspicion is raised concerning government complicity or negligence, serious loss of public confidence in government agencies or the legal process may result. Special Factors Affecting Integrity Impact Determination: Where the life of a victim, witness, or informant may be endangered, the integrity impact will be high. Also, where the consequences of a miscarriage of justice are likely to endanger public safety (e.g., release of a terrorist or other murderer), the integrity impact will be high.

+ + +

Given the legal consequences of the unauthorized modification or destruction of legal prosecution/litigation information, the provisional integrity impact level recommended for legal prosecution/litigation information is moderate.

+ + + + Litigation and Judicial Activities + Resolution Facilitation + +

Resolution facilitation involves all activities outside of a court of law that may be used in an attempt to settle a dispute between two or more parties (government, citizen, corporation).

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of resolution facilitation information on the ability of responsible entities to settle a dispute between two or more parties (government, citizen, corporation) outside of a court of law. While some information associated with resolution facilitation is public, much of the information is private and/or proprietary. Unauthorized disclosure of such information can disrupt or defeat the dispute resolution process. The consequences typically depend on the nature of the dispute. Jeopardy to the resolution process will not usually involve threats to critical infrastructures, key national assets, or human life. Typically, the unauthorized disclosure of resolution facilitation information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where large monetary amounts and/or violent crimes are involved, the + confidentiality impact of unauthorized disclosure of resolution facilitation information is at least moderate. In exceptional cases human lives may be jeopardized by failure of the resolution facilitation process. Additionally, when resolution facilitation concerns matters of trans-national interest, such as trade enforcement, tariff agreements, etc., or where foreign nationals might be involved, the confidentiality impact will be high.

+ + +

Given the legal consequences of unauthorized disclosure, the provisional confidentiality impact level recommended for resolution facilitation information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to resolution facilitation information. Most resolution facilitation processes are tolerant of delay. In most cases, disruption of access to resolution facilitation information can be expected to have only a limited adverse effect on government operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for resolution facilitation information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Resolution facilitation activities are not typically time-critical. The modification or destruction of court records may result in disruption or jeopardy of legal proceedings. In most cases, the adverse effects of unauthorized modification or destruction of resolution facilitation information on agency mission functions and/or public confidence in the agency can be expected to be limited.

+ + +

The provisional integrity impact level recommended for resolution facilitation information is low.

+ + + + Federal Correctional Activities + Criminal Incarceration + +

Criminal incarceration includes activities associated with the housing, custody and general care of criminals sentenced to serve time in penitentiaries.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of criminal incarceration information on the ability of responsible agencies to provide housing, custody, and general care for criminals sentenced to serve time in a Federal penitentiary. The consequences of unauthorized disclosure of most criminal incarceration information are unlikely to have a serious adverse effect on agency operations. The most serious adverse effects are likely to involve exposure of information that is proprietary to prisoners that can result in damaging publicity for an organization. (Unauthorized disclosure of some information can conceivably have serious impact on the status or resolution of appeal actions). The consequences of unauthorized disclosures may have an adverse effect on public confidence in the agency.

+ + +

The provisional confidentiality impact level recommended for most criminal incarceration information is normally low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to criminal incarceration information. Criminal incarceration processes are usually tolerant of reasonable delays. Special Factors Affecting Availability Impact Determination: There may be cases (e.g. emergency bulletins affecting prisoner health and/or safety) in which emergency dissemination of information regarding life-threatening situations is delayed for excessive periods. Such cases can result in a high availability impact level.

+ + +

The provisional availability impact level recommended for criminal incarceration information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of criminal incarceration information can be serious if the information is time-critical and results in the premature release of a criminal, unjust retention of an individual in the prison system, or harm to a citizen’s reputation or public confidence in the government. Special Factors Affecting Integrity Impact Determination: In some cases (e.g., instructions regarding a need to isolate a prisoner from the general prison population for personal safety reasons), the unauthorized modification or destruction of criminal incarceration information can result in loss of human life a high impact potential.

+ + +

The provisional integrity impact level recommended for criminal incarceration information is moderate.

+ + + + Federal Correctional Activities + Criminal Rehabilitation + +

Criminal Rehabilitation includes all government activities devoted to providing convicted criminals with the educational resources and life skills necessary to rejoin society as responsible and contributing members.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of criminal rehabilitation information on the ability of responsible agencies to provide convicted criminals with the educational resources and life skills necessary to rejoin society as responsible and contributing members. The consequences of unauthorized disclosure of most criminal rehabilitation information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Exceptions that might have a potential for more serious consequences are based on privacy information processed in criminal rehabilitation systems (e.g., information required by the Privacy Act of 1974 (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type) or other statutes and executive orders to receive special handling to protect the privacy of individuals). This + can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for criminal rehabilitation information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to criminal rehabilitation information. The effects of disruption of access to most criminal rehabilitation information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for criminal rehabilitation information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of criminal rehabilitation information would have a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for most criminal rehabilitation information is low.

+ + + + General Sciences and Innovation + Scientific and Technological Research and Innovation + +

Scientific and Technological Research and Innovation includes all federal activities whose goal is the creation of new scientific and/or technological knowledge as a goal in itself, without a specific link to the other mission areas or information types identified in the BRM. Most sensitive information is developed under research and development programs that directly support another of the mission areas described in this Appendix and are not included here. Some information associated with scientific and technical research and innovation is national security information and is outside the scope of this guideline.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of scientific and technical research and innovation information on the ability of responsible agencies to create new scientific and/or technological knowledge as a goal in itself, without a specific link to other program areas or information types. Many scientific and technical research and innovation activities are conducted in association with public institutions of higher learning, and the findings resulting from those activities are intended for publication. Special Factors Affecting Confidentiality Impact Determination: The pre-publication disclosure or other unauthorized disclosure of information associated with competition for funding and recognition (e.g., grants, development contract, patent rights, and copyrights) can have a serious adverse effect on agency operations, agency assets, or individuals. In such cases, the confidentiality impact level associated for scientific and technical + research and innovation information will be moderate. In some cases, the information associated with scientific and technical research and innovation is classified or otherwise qualified as national security information. Such information is outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for most scientific and technical research and innovation information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to scientific and technical research and innovation information. Most research processes are tolerant of delay. In most cases, disruption of access to research and innovation information can be expected to have only a limited adverse effect on government operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for scientific and technical research and innovation information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of most information associated with scientific and technical research and innovation can be seriously disruptive to the progress of research activities. The effects on future funding can be quite serious and can have a serious adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be more limited.

+ + +

The provisional integrity impact level recommended for scientific and technical research and innovation information is moderate.

+ + + + General Science and Innovation + Space Exploration and Innovation + +

Space Exploration and Innovation includes all activities devoted to innovations directed at human and robotic space flight and the development and operation of space launch and transportation systems, and the general research and exploration of outer space. While some space exploration and innovation is national security information, most sensitive information is developed under research and development programs that directly support another of the mission areas described in this Appendix and are not included here.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of space exploration and innovation information on the ability of responsible agencies to conduct activities devoted to [1] innovations directed at human and robotic space flight and the development and operation of space launch and transportation systems, and [2] the general research and exploration of outer space. Many space exploration and innovation activities are conducted with public institutions of higher learning, and the findings resulting from those activities are intended for publication. Special Factors Affecting Confidentiality Impact Determination: The pre-publication disclosure or other unauthorized disclosure of information associated with competition for funding and recognition (e.g., grants, development contract, patent rights, and copyrights) can have a serious adverse effect on agency operations, agency assets, or individuals. In such cases, the confidentiality impact associated + with space exploration and innovation is moderate. In some cases, the space exploration and innovation information is classified or otherwise qualifies as national security information. This information is outside the scope of this guideline

+ + +

The provisional confidentiality impact level recommended for most space exploration and innovation information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to space exploration and innovation information. Most research and innovation processes are tolerant of delay. In most cases, disruption of access to research and innovation information will have only a limited adverse effect on government operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for space exploration and innovation information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of most space exploration and innovation information can be seriously disruptive to the progress of research activities. The effects on future funding can be quite serious and can have a serious adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for space exploration and innovation information is moderate.

+ + + + Knowledge Creation and Management + Research and Development + +

Research and Development involves the gathering and analysis of data, dissemination of results, and development of new products, methodologies, and ideas. The sensitivity and criticality of most research and development information depends on the subject matter involved.

+ + + fips-199-low + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level depends on the effect of unauthorized disclosure of research and development information on the ability of responsible agencies to gather and analyze data, disseminate results, and develop new products, methodologies, and ideas, and on the degree to which unauthorized disclosure of the information can assist hostile institutions to do harm to the interests of the government of the United States. Many research and development activities are conducted in association with public institutions of higher learning, and the findings resulting from those activities are intended for publication. Unauthorized disclosure of most research and development information can be expected to have only limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Most research and development information is proprietary. Unauthorized disclosure of proprietary information violates + several statures and Federal regulations (see Appendix E). Pre-publication disclosure or other unauthorized disclosure of research findings can have a serious adverse effect on agency operations, agency assets, or individuals. In such cases, the confidentiality impact level associated with research and development is moderate. Premature and/or partial release of preliminary research and development information can lead to misleading conclusions by policy makers, funding entities, news organizations, and/or the general public. Where the research and development activities are associated with security measures or law enforcement tools, potential adversaries may derive insights on countermeasures development. In extreme cases, the resulting confidentiality impact can be high. In some cases, the research and development information is classified or otherwise qualifies as national security information). Such information is outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for most government research and development information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to research and development information. Most research and innovation processes are tolerant of delay. In most cases, disruption of access to research and innovation information will have only a limited adverse effect on government operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for research and development information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of most research and development information can be seriously disruptive to the progress of research activities. The effects on future funding can be serious and can have a serious adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be more limited.

+ + +

The provisional integrity impact level recommended for research and development information is moderate.

+ + + + Knowledge Creation and Management + General Purpose Data and Statistics + +

General purpose data and statistics includes activities performed in providing empirical, numerical, and related data and information pertaining to the current state of the nation in areas such as the economy, labor, weather, international trade, etc.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of general purpose data and statistics information on the ability of responsible agencies to provide empirical, numerical, and related data and information pertaining to the current state of the nation in areas such as the economy, labor, weather, international trade, etc. The consequences of unauthorized disclosure of most general-purpose data and statistics information would have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized premature disclosure of much economic (e.g., agricultural commodity, economic indicators) data and statistics information can result in major financial consequences. In some cases, premature disclosure of this information can impact major financial markets and damage national banking and finance infrastructures. Unauthorized and premature disclosure to a single + institution (e.g., a major commodity brokerage house), could damage faith in general-purpose data and statistics gathering and development institutions, result in even more market disruption, and have a severe or catastrophic adverse effect on public confidence in the agency. Even when the consequences are limited to giving an unfair market advantage to a single financial or commercial institution, unauthorized disclosure can have a serious adverse effect on public confidence in the agency and its staff. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for most general-purpose data and statistics information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to general-purpose data and statistics information. Missions supported by general-purpose data and statistics information are generally tolerant of delay.

+ + +

The provisional availability impact level recommended for general-purpose data and statistics information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of general-purpose data and statistics information may depend on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for general-purpose data and statistics information is low.

+ + + + Knowledge Creation and Management + Advising and Consulting + +

Advising and Consulting activities involve the guidance and consultative services provided by the Federal Government to support the implementation of a specific service provided to citizens.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of advising and consulting information on the ability of responsible agencies to provide guidance and consultative services to support the implementation of a specific service to citizens. The consequences of unauthorized disclosure of advising and consulting information depends on the nature of the service being provided and on the sensitivity of the information with which advisory or consulting entities are working. The consequences of unauthorized disclosure of most advising and consulting information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where consulting support involves classified or other national security information, the consequences of unauthorized disclosure can be severe but are outside the scope of this guideline. In other cases, such as consultative services provided to + law enforcement institutions, the consequences of unauthorized disclosure can be serious or even life threatening. This can result in assignment of a moderate or high impact level to such information.

+ + +

The provisional confidentiality impact level recommended for advising and consulting information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to advising and consulting information. The effects of disruption of access to most advising and consulting information or information systems would have limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for advising and consulting information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of advising and consulting information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited.

+ + +

The provisional integrity impact level recommended for advising and consulting information is low.

+ + + + Knowledge Creation and Management + Knowledge Dissemination + +

Knowledge Dissemination addresses those instances where the primary method used in delivering a service is through the publishing or broadcasting of information, such as the Voice of America or web-based museums maintained by the Smithsonian. Knowledge Dissemination is not intended to address circumstances where the publication of information is a by-product of a mission rather than the mission itself.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of knowledge dissemination information on the ability of responsible agencies to publish or broadcast information. Premature and unauthorized disclosure of information being considered for broadcast can be harmful if the information is subsequently determined to be false or counterproductive to the knowledge dissemination mission. However, the consequences of unauthorized disclosure of most knowledge dissemination information would have, at most, a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some policies governing knowledge dissemination missions can be harmful to the agency mission (e.g., some internal Voice of America editorial policies). This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for knowledge dissemination information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to knowledge dissemination information. The effects of disruption of access to most knowledge dissemination information or information systems would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: An exception is the extended disruption of broadcast capabilities (e.g., Voice of America). Here, the agency mission is seriously harmed and the impact of the consequences will be moderate.

+ + +

The provisional availability impact level recommended for most knowledge dissemination information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of knowledge dissemination information may depend on whether the information is time-critical. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be limited. In most cases, the consequences of unauthorized modification or destruction of knowledge dissemination information would have a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Integrity Impact Determination: In cases of dissemination of erroneous/defamatory information, an agency mission can be seriously harmed and the impact level will be + moderate.

+ + +

The provisional integrity impact level recommended for knowledge dissemination information is low.

+ + + + Regulatory Compliance and Enforcement + Inspections and Auditing + +

Inspections and Auditing involves the methodical examination and review of regulated activities to ensure compliance with standards for regulated activity.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-moderate + + +

The confidentiality impact level is the effect of unauthorized disclosure of inspections and auditing information on the ability of responsible agencies to methodically examine and review regulated activities to ensure compliance with standards for regulated activity. If the inspections and auditing data belongs to one of the information types described in this guideline, the confidentiality impact assigned the data and system is dependent on the nature of the regulated activity. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of inspections and auditing information can alert personnel associated with programs being monitored to the focus of inspection or auditing activities. With this information, program personnel may divert attention from questionable program attributes or hide unfavorable information. Where a major program or human safety is at stake, actions taken based on unauthorized disclosure of inspections and auditing + information can pose a threat to human life or a loss of major assets. In such cases, the confidentiality impact is high. National security information and national security systems are outside the scope of this guideline.

+ + +

Although there are many Federal environments in which unauthorized disclosure will have only a limited adverse effect, there are enough circumstances in which serious adverse effects on agency operations, agency assets, or individuals can result to justify recommendation of a moderate provisional confidentiality impact level for inspections and auditing information.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to inspections and auditing information. In most cases, disruption of access to inspections and auditing information is expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Not many inspection or auditing operations involve activities for which temporary loss of availability is likely to cause significant degradation in mission capability, place the agency at a significant disadvantage, result in major damage to major assets, or pose a threat to human life.

+ + +

For most inspection and audit functions, the recommended provisional availability impact level is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of inspections and auditing information can compromise the effectiveness of the program. The damage likely to be caused by unauthorized modification or destruction may affect inspection or audit results with subsequent serious adverse effects on agency operations or public confidence in the agency. The consequences can be particularly serious if the destruction or modification of information invalidates oversight of major programs or the information threatens human safety. The integrity impact level depends on the laws or policies with which compliance is being determined and on the criticality of the processes being monitored (e.g., correctness of contract expenditure reporting versus safety regulations affecting manned space + flight).

+ + +

Although there are regulatory environments in which a low impact level is appropriate, the circumstances associated with most inspections and auditing support information require at least a moderate provisional integrity impact level.

+ + + + Regulatory Compliance and Enforcement + Standards Setting/Reporting Guideline Development + +

Standard Setting/Reporting Guideline Development involves the establishment of allowable limits associated with a regulated activity and the development of reporting requirements necessary to monitor and control compliance with allowable limits. This includes the development of requirements for product sampling and testing, emissions monitoring and control, incident reporting, financial filings, etc.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of standards setting/reporting guideline development information on the abilities of responsible agencies to establish allowable limits associated with a regulated activity and to develop reporting requirements necessary to monitor and control compliance with allowable limits. In a few cases, the unauthorized public dissemination of standards or guidelines information can harm the effectiveness of the function being supported (e.g., public dissemination of Internal Revenue Service audit thresholds for certain deductions). However, most Federal standards and guidelines are intended for public dissemination. The consequences of unauthorized disclosure of the majority of standards setting/reporting guideline development information will result in a limited adverse effect on agency operations, agency assets, or individuals. There are some cases for which standards or guidelines include classified or + other national security information. Such cases are outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for standards setting/reporting guideline development information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to standards setting/reporting guideline development information. The nature of standards setting/reporting guideline development processes is tolerant of reasonable delays.

+ + +

The provisional availability impact level recommended for standards setting/reporting guideline development information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of standards setting/reporting guideline development information depends primarily on the criticality of the information with respect to agency mission capability, protection of agency assets, and safety of individuals. In general, the effects of modifications or deletions of standards setting/reporting guideline development information are limited with respect to agency missions or assets.

+ + +

The provisional integrity impact level recommended for standards setting/reporting guideline development information is low.

+ + + + Regulatory Compliance and Enforcement + Permits and Licensing + +

Permits and Licensing involves activities associated with granting, revoking, and the overall management of the documented authority necessary to perform a regulated task or function.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of permits and licensing information on the abilities of responsible agencies to manage the documented authority necessary to perform a regulated task or function. The consequences of unauthorized disclosure of the majority of permits and licensing information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Where more sensitive information is involved, it will typically be personal information subject to the Privacy Act of 1974, the Health Insurance Portability and Accountability Act of 1996, or other laws and executive orders affecting the dissemination of information regarding individuals. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. In such cases, the consequences of unauthorized disclosure of permits + and licensing information could be serious. In such cases, the confidentiality impact level might be moderate.

+ + +

The provisional confidentiality impact level recommended for most permits and licensing information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to permits and licensing information. The nature of permits and licensing processes is tolerant of reasonable delays.

+ + +

The provisional availability impact level recommended for permits and licensing information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of permits and licensing information depends primarily on the criticality of the regulated activity with respect to protection of government assets, and safety of individuals. Typically, the effects of modification or deletion of permits and licensing information are limited with respect to agency missions or assets.

+ + +

The provisional integrity impact level recommended for permits and licensing information is low.

+ + + + Public Goods Creation and Management + Manufacturing + +

Manufacturing involves all programs and activities in which the Federal Government produces both marketable and non-marketable goods.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of manufacturing information on the abilities of responsible agencies to produce both marketable and non-marketable goods. In a few cases, unauthorized disclosure of details of the products or manufacturing processes can give adversaries opportunities (e.g., terrorism, industrial espionage). However, in most cases, the consequences of unauthorized disclosure of manufacturing information will result in a limited adverse effect on agency operations, agency assets, or individuals. There are some cases for which manufacturing or product information includes classified or other national security information. Such cases are outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for manufacturing information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to manufacturing information. The nature of most government manufacturing processes is tolerant of reasonable delays.

+ + +

The provisional availability impact level recommended for manufacturing information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of manufacturing information depends primarily on the criticality of the information with respect to a manufacturing process and on the volume and use of the end product. Typically, the effects of modification or deletion of manufacturing information are generally limited with respect to agency missions or assets.

+ + +

The provisional integrity impact level recommended for manufacturing information is low.

+ + + + Public Goods Creation and Management + Construction + +

Construction involves all programs and activities in which the Federal Government builds or constructs facilities, roads, dams, etc.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of construction information on the abilities of responsible agencies to build or construct facilities, roads, dams, etc. In most cases, the consequences of unauthorized disclosure of construction information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, construction details can be of use to terrorists or other criminals who seek to penetrate or destroy government installations. Unauthorized disclosure of some construction details (e.g., alarm designs, points of vulnerability to the structural integrity of a dam or building) can result in danger to critical infrastructures, key national assets, or human life. In such cases, the confidentiality impact may be high. There are some cases for which construction information includes classified or other national security + information. Such cases are outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for construction information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to construction information. The nature of most government construction processes is tolerant of reasonable delays.

+ + +

The provisional availability impact level recommended for construction information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of construction information depends primarily on the criticality of the information. Typically, the effects of modification or deletion of construction information are limited with respect to agency missions or assets.

+ + +

The provisional integrity impact level recommended for construction information is low.

+ + + + Public Goods Creation and Management + Public Resources, Facility and Infrastructure Management + +

Public Resources, Facility and Infrastructure Management involves the management and maintenance of government-owned capital goods and resources (natural or otherwise) on behalf of the public, usually with benefits to the community at large as well as to the direct user. Examples of facilities and infrastructure include schools, roads, bridges, dams, harbors, and public buildings. Examples of resources include parks, cultural artifacts and art, endangered species, oil reserves, etc.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of public resources, facilities, and infrastructure management information on the abilities of responsible agencies to manage and maintain government-owned capital goods and resources (natural or otherwise) on behalf of the public, usually with benefits to the community at large as well as to the direct user. In most cases, the consequences of unauthorized disclosure of public resources, facilities, and infrastructure management information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, premature unauthorized disclosure of management information can give an unfair competitive advantage to a commercial interest (e.g., proposed changes for management of petroleum reserves). The confidentiality impact of consequent loss of public confidence and/or serious economic disruption + might be moderate. In other cases, public resources, facilities, and infrastructure management details can be of use to terrorists or other criminals who seek to penetrate the security of government property or to harm populations. Unauthorized disclosure of some public resources, facilities, and infrastructure management details to criminals (e.g., facilities security dispositions, building alarm designs), can result in danger to critical infrastructures, key national assets, or human life. In such cases, the confidentiality impact can be high

+ + +

The provisional confidentiality impact level recommended for most public resources, facilities, and infrastructure management information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to public resources, facilities, and infrastructure management information. The nature of most government public resources, facilities, and infrastructure management processes is tolerant of reasonable delays.

+ + +

The provisional availability impact level recommended for public resources, facilities, and infrastructure management information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of public resources, facilities, and infrastructure management information depends primarily on the criticality of the information with respect to management of public resources, facilities, and infrastructures. Typically, the effects of modification or deletion of public resources, facilities, and infrastructure information are limited with respect to agency missions or assets.

+ + +

The provisional integrity impact level recommended for public resources, facilities, and infrastructure management information is low.

+ + + + Public Goods Creation and Management + Information Infrastructure Management + +

Information Infrastructure Management involves the management and stewardship of a type of information by the Federal Government and/or the creation of physical communication infrastructures on behalf of the public in order to facilitate communication. This includes the management of large amounts of information (e.g., environmental and weather data, criminal records, etc.), the creation of information and data standards relating to a specific type of information (patient records), and the creation and management of physical communication infrastructures (networks) on behalf of the public. Note: Information infrastructures for government use are not included in this information type because the impact levels associated with information infrastructure maintenance information are primarily a function of the information processed in that infrastructure.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of information infrastructure maintenance information on the ability of responsible agencies to manage a type of information and/or to create physical communication infrastructures on behalf of the public in order to facilitate communication. The disclosure of most information infrastructure maintenance information can be expected to result in a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, information infrastructure maintenance details can be of use to terrorists or other criminals who seek to destroy government data bases or communications infrastructures, or deny access to information needed by the public. Unauthorized disclosure of some information infrastructure maintenance details to criminals can result in danger to critical infrastructures, key national assets, or human life. In such cases, + the confidentiality impact can be high. In other cases, premature unauthorized disclosure of management information can give an unfair competitive advantage to a commercial interest (e.g., proposed outsourcing of system administration or details of a proposed communications system acquisition). This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for information infrastructure maintenance information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to information infrastructure maintenance information. Disruption of access to information infrastructure maintenance information or information systems will typically result in denial of access to resources for all affected agencies. Typically, disruption of access will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency response aspects of disaster management or other time critical functions (e.g., some systems that support air traffic control functions). The availability impact level associated with unauthorized modification or destruction of information infrastructure maintenance information needed to respond to emergencies or + critical to public safety may be high.

+ + +

The provisional availability impact level recommended for information infrastructure maintenance information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. That is, the consequences of unauthorized modification or destruction of information infrastructure maintenance information typically depend on the criticality of the data processed by the infrastructure and whether this data is time-critical. In most cases, the data will not be urgently needed or acted upon immediately. Special Factors Affecting Integrity Impact Determination: In a relatively few cases, the consequences of unauthorized modification or destruction of information infrastructure maintenance information might result in serious damage to agency operations, assets, or human safety. This may require a moderate or high integrity impact level for information infrastructure maintenance information.

+ + +

The provisional integrity impact level recommended for information infrastructure maintenance information is low.

+ + + + Federal Financial Assistance + Federal Grants (Non-State) + +

Federal Grants involve the disbursement of funds by the Federal Government to a non-Federal entity to help fund projects or activities. This includes the processes associated with grant administration, including the publication of funds availability notices, development of the grant application guidance, determination of grantee eligibility, coordination of the peer review/evaluation process for competitive grants, the transfer of funds, and the monitoring/oversight as appropriate.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of federal grants information on the ability of responsible agencies to disburse funds to non-Federal entities to fund projects or activities. Typically, unauthorized disclosure of federal grants information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In a few cases, records associated with grants may include information subject to privacy restrictions (e.g., the Privacy Act of 1974). The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. In many cases, premature and unauthorized disclosure can affect the integrity of the grants process, giving an unfair competitive advantage to one or more applicants. In such cases, punitive consequences and/or loss of public confidence can have a seriously disruptive effect on an + agency’s operations and mission. In such cases, the confidentiality impact level would be moderate. In some cases, federal grants information might be moderate to high impact. Also, details of programs for which grants are awarded may be sensitive (e.g., research grants for weapons systems project activities). Some federal grants information and some grant program details may be classified and outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for federal grants information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to federal grants information. Federal grants processes are generally tolerant of delay. In most cases, disruption of access to federal grants information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for federal grants information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Federal grants activities are not generally time-critical and multiple individuals in multiple organizations are usually involved in the grants process. Therefore, the information maintained by all the individuals/agencies may be necessary to alter a grants decision. In most cases, the adverse effects of unauthorized modification or destruction of federal grants information on agency mission functions or public confidence in the agency is limited. Special Factors Affecting Integrity Impact Determination: There are significant differences between the ability to modify a document authorizing a payment and the modification of the payment itself. The unauthorized modification of a document authorizing a payment is less time critical than the modification of the payment itself while the payment is + in transit. Modifications to payments in transit will result in immediate inaccurate payments. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional integrity impact level recommended for federal grants information is low.

+ + + + Federal Financial Assistance + Direct Transfers to Individuals + +

Direct Transfers to Individuals involves the disbursement of funds from the Federal Government directly to beneficiaries (individuals or organizations) who satisfy Federal eligibility requirements with no restrictions imposed on the recipient as to how the money is spent. Direct Transfers include both earned and unearned Federal Entitlement programs such as Medicare, Social Security, unemployment benefits, etc.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of direct transfers to individuals information on the ability of responsible agencies to disburse funds from the Federal Government directly to beneficiaries (individuals or organizations) who satisfy Federal eligibility requirements with no restrictions imposed on the recipient as to how the money is spent. In the majority of cases, unauthorized disclosure of direct transfers to individuals will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Many of the records associated with the disbursements may include information subject to privacy restrictions (e.g., the Privacy Act of 1974, HIPAA of 1996). (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) In such cases, punitive consequences and/or loss of public confidence can + have a seriously disruptive effect on an agency’s operations and mission. The consequent confidentiality impact level could be moderate.

+ + +

Therefore, the provisional confidentiality impact level recommended for direct transfers to individuals is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to direct transfers to individuals information. Federal disbursement processes are generally tolerant of delay. In most cases, disruption of access to information regarding direct transfers to individuals can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Disruption of disbursements to large populations can do serious harm to public confidence in the agency and have a harmful impact on the nation’s economy (e.g., affect consumer confidence and retail sales for a month or quarter). In such cases, the availability impact would be moderate.

+ + +

The provisional availability impact level recommended for direct transfers to individuals is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Federal disbursement activities are not generally time-critical. In most cases, the monetary amounts involved are not large (on a governmental budgetary scale). Also, the adverse effects of unauthorized modification or destruction of direct transfers to individuals on agency mission functions or public confidence in the agency will be limited. Special Factors Affecting Integrity Impact Determination: There are significant differences between the ability to modify a document authorizing a payment and the modification of the payment itself. The unauthorized modification of a document authorizing a payment is less time critical than the modification of the payment itself while the payment is in transit. Modifications to payments in transit will result in immediate inaccurate payments. This can + result in assignment of a moderate impact level to such information.

+ + +

The provisional integrity impact level recommended for direct transfers to individuals is low.

+ + + + Federal Financial Assistance + Subsidies Information + +

Subsidies involve Federal Government financial transfers that reduce costs and/or increase revenues of producers. Subsidies include the payment of funds from the government to affect the production or prices of various goods to benefit the public.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of subsidies information on the ability of responsible agencies to pay government funds to affect the production or prices of various goods to benefit the public benefit. In many cases, unauthorized disclosure of subsidies information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Some information associated with applications for subsidies includes information covered by the provisions of the Privacy Act of 1974. (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) Unauthorized disclosure of large volumes of information protected under the Privacy Act can be expected to have a serious effect on public confidence in the agency. Also, premature unauthorized disclosure of planned subsidies policies can affect + financial/commodities markets, with associated potential adverse effects on the U.S. economy and serious adverse effects on public confidence in the agency. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional confidentiality impact level recommended for most subsidies information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to subsidies information. Subsidies processes are generally tolerant of delay. In most cases, disruption of access to subsidies information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for subsidies information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Subsidies activities are not typically time-critical. In most cases, the adverse effects of unauthorized modification or destruction of subsidies information on agency mission functions, image or public confidence in the agency will be limited.

+ + +

The provisional integrity impact level recommended for subsidies information is low.

+ + + + Federal Financial Assistance + Tax Credits + +

Tax Credits allow a special exclusion, exemption, or deduction from gross income or which provide a special credit, a preferential rate of tax, or a deferral of tax liability designed to encourage certain kinds of activities or to aid taxpayers in special circumstances.

+ + + fips-199-moderate + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of tax credit information on the ability of responsible agencies to allow special exclusions, exemptions, or deductions from gross income or which provide special credits, a preferential rate of tax, or a deferral of tax liability designed to encourage certain kinds of activities or to aid taxpayers in special circumstances. Many of the records associated with disbursements may include information subject to privacy restrictions (e.g., the Privacy Act of 1974, the Internal Revenue Code and Manual, or the Economic Espionage Act). (The provisional impact levels for personnel information are documented in the Personal Identity and Authentication, Income, Representative Payee, and Entitlement Event information types.) In such cases, punitive consequences and/or loss of public confidence can have a seriously disruptive effect on an agency’s operations and mission. In many cases, unauthorized disclosure + of tax credit information can have a serious adverse effect on agency operations, assets, or individuals.

+ + +

The provisional confidentiality impact level recommended for tax credit information is moderate.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to tax credits information. Taxation processes are generally tolerant of delay. In most cases, disruption of access to tax credit information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for tax credit information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Tax credits are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of tax credits on agency mission functions or public confidence in the agency will be limited.

+ + +

The provisional integrity impact level recommended for tax credits is low.

+ + + + Credit and Insurance + Direct Loans + +

Direct loans involve a disbursement of funds by the Government to a non-Federal borrower under a contract that requires the repayment of such funds with or without interest.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of direct loan information on the ability of responsible agencies to disburse Federal funds to non-Federal borrowers under contract terms that require the repayment of such funds with or without interest. Much direct loan information includes information covered by the provisions of the Privacy Act of 1974. (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) In most cases, unauthorized disclosure of direct loan information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of large volumes of information protected under the Privacy Act can be expected to have a serious to severe effect on public confidence in the agency. In such cases, the confidentiality impact can be moderate.

+ + +

The provisional confidentiality impact level recommended for direct loan information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to direct loan information. Loan assistance processes are generally tolerant of delay. In most cases, disruption of access to direct loan information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for direct loan information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Loan assistance activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of direct loan information on agency mission functions and public confidence in the agency will be limited. Special Factors Affecting Integrity Impact Determination: There are significant differences between the ability to modify a document authorizing a payment and the modification of the payment itself. The unauthorized modification of a document authorizing a payment is less time critical than the modification of the payment itself while the payment is in transit. Modifications to payments in transit will result in immediate inaccurate payments. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional integrity impact level recommended for direct loan information is low.

+ + + + Credit and Insurance + Loan Guarantees + +

Loan guarantees involve any guarantee, insurance, or other pledge with respect to the payment of all or a part of the principal or interest on any debt obligation of a non-Federal borrower to a non-Federal lender, but does not include the insurance of deposits, shares, or other withdrawable accounts in financial institutions.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of loan guarantee information on the ability of responsible agencies to execute guarantees, insurance, or other pledges with respect to the payment of all or a part of the principal or interest on any debt obligation of a non-Federal borrower to a non-Federal lender. In most cases, unauthorized disclosure of loan guarantee information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Much loan guarantee information includes information covered by the provisions of the Privacy Act of 1974. (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) Unauthorized disclosure of large volumes of information protected under the Privacy Act can be expected to have a serious to severe effect on public confidence in the agency. In such + cases, the confidentiality impact can be moderate.

+ + +

The provisional confidentiality impact level recommended for loan guarantee information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to loan guarantee information. Loan processes are generally tolerant of delay. In most cases, disruption of access to loan guarantee information will have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for loan guarantee information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Loan guarantee activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of loan guarantee information on agency mission functions and public confidence in the agency will be limited.

+ + +

The provisional integrity impact level recommended for loan guarantee information is low.

+ + + + Credit and Insurance + General Insurance + +

General Insurance involves providing protection to individuals or entities against specified risks. The specified protection generally involves risks that private sector entities are unable or unwilling to assume or subsidize and where the provision of insurance is necessary to achieve social objectives.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of general insurance information on the abilities of responsible agencies to provide protection to individuals or entities against specified risks. General insurance activities include both insurance issuing and insurance servicing. Insurance issuing is any activity such as provider approval, underwriting, and endorsements. The consequences of unauthorized disclosure of insurance issuing information will generally result in a limited adverse effect on agency operations, agency assets, or individuals. Insurance servicing supports activities associated with administering and processing insurance include payment processing, initial and final closings, loss mitigation, claims management, and retiring insurance. The confidentiality impact level is the effect of unauthorized disclosure of insurance servicing information on the abilities of responsible agencies to administer and process insurance. The + consequences of unauthorized disclosure of insurance servicing information will generally result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: The more serious consequences may result from 1) unauthorized disclosure of provider’s proprietary information, or 2) premature disclosure of agency plans or changes under consideration for contracts, plans, or policies. Unauthorized disclosure of information that can affect contract arrangements to the detriment of the interests of the government, and of the public at large (e.g., planned or anticipated termination of a major contract insurer), can result in damaging increases in public expense and exposure to impact. In the case of unauthorized disclosure to an individual private sector organization, unfair competitive advantage may result – with major financial consequences. In the case of unauthorized disclosure of preliminary + and unsubstantiated data that is both incorrect and pessimistic (e.g., Medicare budget projections,), the consequent unwarranted alarm of the public may have serious political and operational consequences for affected agencies. In the more serious cases, the confidentiality impact will be at least moderate. The more serious consequences of unauthorized disclosure of insurance servicing information may result from unauthorized disclosure of private information concerning the insured (e.g., Privacy Act information). (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) In the more serious cases, the confidentiality impact will be at least moderate.

+ + +

The provisional confidentiality impact level recommended for general insurance information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to general insurance information. The nature of general insurance processes is usually tolerant of reasonable delays. Special Factors Affecting Availability Impact Determination: Extensive delays in insurance servicing activities can result in financial harm for individuals and businesses and in public alarm and repercussions in the financial markets. In more serious cases, delays may have serious political and operational consequences for affected agencies. In such cases, the confidentiality impact may be at least moderate.

+ + +

The provisional availability impact level recommended for general insurance information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of general insurance information may depend on the urgency with which the information is typically needed. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) typically has a limited adverse effect on agency operations and/or public confidence in the agency.

+ + +

The provisional integrity impact level recommended for general insurance information is low.

+ + + + Transfers to Local/State Government + Formula Grants + +

Formula Grants involves the allocation of money to States or their subdivisions in accordance with distribution formulas prescribed by law or administrative regulation, for activities of a continuing nature.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of formula grants information on the ability of responsible agencies to allocate money to States or their subdivisions in accordance with distribution formulas prescribed by law or administrative regulation, for activities of a continuing nature. Typically, unauthorized disclosure of most formula grants information will have only a limited adverse effect on agency operations, assets, or individuals. In most cases, information associated with formula grants is public knowledge. Special Factors Affecting Confidentiality Impact Determination: In a few cases, details of programs for which formula grants are awarded may be sensitive (e.g., some Federal/State cooperative programs intended to support Homeland Security operations). This can result in assignment of a moderate or high impact level to such information. Some formula grants information might be classified (hence outside the scope of this + guideline).

+ + +

The provisional confidentiality impact level recommended for formula grants information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to formula grants information. Formula grants processes are generally tolerant of delay. In most cases, disruption of access to formula grants information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for formula grants information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Formula grants activities are not generally time-critical and multiple individuals in multiple organizations are usually involved in the grants process. Therefore, the information maintained by all the individuals/agencies is probably necessary to alter a grants decision. In most cases, the adverse effects of unauthorized modification or destruction of formula grants information on agency mission functions or public confidence in the agency will be limited.

+ + +

The provisional integrity impact level recommended for formula grants information is low.

+ + + + Transfers to Local/State Government + Project/Competitive Grants + +

Project/Competitive Grants involves the funding, for fixed or known periods, of projects. Project/Competitive grants can include fellowships, scholarships, research grants, training grants, traineeships, experimental and demonstration grants, evaluation grants, planning grants, technical assistance grants, survey grants, and construction grants.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of project/competitive grants information on the ability of responsible agencies to award fellowships, scholarships, research grants, training grants, traineeships, experimental and demonstration grants, evaluation grants, planning grants, technical assistance grants, survey grants, and/or construction grants. In most cases, unauthorized disclosure of project/competitive grants information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, project/competitive grants information may be sensitive with moderate to high impact. In a few cases, details of programs for which grants are awarded may be classified and outside the scope of this guideline. In a few cases, records associated with the grants may include information subject to privacy restrictions (e.g., the Privacy Act of 1974). + (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) In many cases, premature and unauthorized disclosure can affect the integrity of the grants process, giving an unfair competitive advantage to one or more applicants. In such cases, punitive consequences and/or loss of public confidence can have a seriously disruptive effect on an agency’s operations and mission. In such cases, the confidentiality impact level would be moderate.

+ + +

The provisional confidentiality impact level recommended for most project/competitive grants information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to project/competitive grants information. Project/competitive grants processes are generally tolerant of delay. In most cases, disruption of access to project/competitive grants information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for project/competitive grants information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Project/competitive grants activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of project/competitive grants information on agency mission functions or public confidence in the agency will be limited.

+ + +

The provisional integrity impact level recommended for project/competitive grants information is low.

+ + + + Transfers to Local/State Governments + Earmarked Grants + +

Earmarked Grants involves the distribution of money to State and Local Governments for a named purpose or service usually specifically noted by Congress in appropriations language, or other program authorizing language.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of earmarked grants information on the ability of responsible Federal government entities to distribute money to State and Local Governments for a named purpose or service usually specifically noted by Congress in appropriations language, or other program authorizing language. In the majority of cases, earmarked grants information is public knowledge. Typically, unauthorized disclosure of most earmarked grants information will have only a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, project/competitive grants information may be sensitive with moderate to high impact. In a few cases, details of programs for which grants are awarded may be classified and outside the scope of this guideline.

+ + +

The provisional confidentiality impact level recommended for earmarked grants information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to earmarked grants information. Earmarked grants processes are generally tolerant of delay. In most cases, disruption of access to earmarked grants information will have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for earmarked grants information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Earmarked grants activities are not generally time-critical and multiple individuals in multiple organizations are usually involved in the grants process. Therefore, the information maintained by all the individuals/agencies is probably necessary to alter a grants decision. In most cases, the adverse effects of unauthorized modification or destruction of earmarked grants information on agency mission functions or public confidence in the agency will be limited.

+ + +

The provisional integrity impact level recommended for earmarked grants information is low.

+ + + + Transfers to Local/State Governments + State Loans + +

State Loans involve all disbursement of funds by the Government to a State or Local Government (or Indian Tribe) entity under a contract that requires the repayment of such funds with or without interest.

+ + + fips-199-low + + + fips-199-low + + + fips-199-low + + +

The confidentiality impact level is the effect of unauthorized disclosure of state loan information on the ability of responsible agencies to disburse Federal funds a State or Local Government (or Indian Tribe) entity under a contract that requires the repayment of such funds with or without interest. In most cases, unauthorized disclosure of state loan information will have only a limited adverse effect on agency operations, assets, or individuals.

+ + +

The provisional confidentiality impact level recommended for state loan information is low.

+ + +

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to state loan information. Loan assistance processes are generally tolerant of delay. In most cases, disruption of access to state loan information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals.

+ + +

The provisional availability impact level recommended for state loan information is low.

+ + +

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Loan assistance activities are not generally time-critical. In most cases, the adverse effects of unauthorized modification or destruction of state loan information on agency mission functions and public confidence in the agency will be limited. Special Factors Affecting Integrity Impact Determination: There are significant differences between the ability to modify a document authorizing a payment and the modification of the payment itself. The unauthorized modification of a document authorizing a payment is less time critical than the modification of the payment itself while the payment is in transit. Modifications to payments in transit will result in immediate inaccurate payments. This can result in assignment of a moderate impact level to such information.

+ + +

The provisional integrity impact level recommended for state loan information is low.

+ + + + Direct Services for Citizens + Military Operations + +

The BRM provided in the FEA Consolidated Reference Model Document, Version 2.3, October 2007 does not define the Military Operations information type. For the purpose of this document, Military Operations describes the direct provision of military service for the citizens. Further, the BRM specifies Military Operations as a Mode of Delivery business area or a vehicle by which the federal government delivers it services to citizens. Therefore, agency personnel should consider the Military Operations information type as delivery mechanisms of the mission-based services information types [e.g., Catastrophic Defense, Emergency Response, Key Asset and Critical Infrastructure Protection] described heretofore.

+ + + na + + + na + + + na + + +

N/A

+ + +

N/A

+ + +

N/A

+ + +

N/A

+ + +

N/A

+ + +

N/A

+ + + + Direct Services for Citizens + Civilian Operations + +

The BRM provided in the FEA Consolidated Reference Model Document, Version 2.3, October 2007 specifies Civilian Operations as a Mode of Delivery business area or a vehicle by which the federal government delivers it services to citizens. Therefore, agency personnel should consider the Civilian Operations information type as delivery mechanisms of the mission-based services information types [e.g., Health Care, Emergency Response, and Environmental Remediation] described heretofore.

+ + + na + + + na + + + na + + +

N/A

+ + +

N/A

+ + +

N/A

+ + +

N/A

+ + +

N/A

+ + +

N/A

+ + +