typist | Information type | C.3.5.3

System Maintenance supports all activities associated with the maintenance of in-house designed software applications.

The recommended security categorization for the system maintenance information type is as follows:

Security category

C.3.5.3 - System maintenance = {(confidentiality, Low), (integrity, Moderate), (availability, Low)}

Confidentiality Low

The confidentiality impact level is the effect of unauthorized disclosure of system maintenance information on the ability of responsible agencies to maintain in-house designed software applications. In most cases, system maintenance information is not particularly sensitive and is distributed to the users. In general, disclosure of system maintenance information is likely to result in only limited adverse effects on the confidentiality of system information and processes. Recommended Confidentiality Impact Level: The provisional impact level recommended for system maintenance information is low.

Integrity Moderate

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of system maintenance information 93 can be particularly serious because specific modifications to system changes can be difficult to identify. Special Factors Affecting Integrity Impact Determination: The consequences of undetected or unauthorized modification or destruction of system maintenance information may depend on the maximum aggregate sensitivity and criticality of the information and processes associated with the system. The Recommended Integrity Impact Level can range from low to high to national security information (outside the scope of this guideline). Recommended Integrity Impact Level: The provisional integrity impact level recommended for system maintenance information is moderate.

Availability Low

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to maintenance information. Functions and processes supported by most maintenance information are not time-critical. That is, temporary disruption of access to maintenance information will usually have only a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Recommended Availability Impact Level: The provisional availability impact level recommended for system maintenance information is low.