C.3.5 - Information and technology management
IT management involves the coordination of IT resources and systems required to support or enable a citizen service. Impacts to information associated with the operation of IT systems generally need to be considered even when all mission-related information processed by the system is intended to be available to the general public. The relevant issues may be different for integrity and availability than for confidentiality. Information that has been made public, by definition, requires no confidentiality protection. In contrast, integrity and availability protection cannot be maintained for copies of information that have been distributed to the public. Integrity and availability assurance can only be maintained by maintaining copies of information in organization-controlled information systems.
Information types
Code | Name | Impact levels | ||
---|---|---|---|---|
Confidentiality | Integrity | Availability | ||
C.3.5.1 | System development | Low | Moderate | Low |
C.3.5.2 | Lifecycle / change management | Low | Moderate | Low |
C.3.5.3 | System maintenance | Low | Moderate | Low |
C.3.5.4 | IT infrastructure maintenance | Low | Low | Low |
C.3.5.5 | Information security | Low | Moderate | Low |
C.3.5.6 | Record retention | Low | Low | Low |
C.3.5.7 | Information management | Low | Moderate | Low |
C.3.5.8 | System and network monitoring | Moderate | Moderate | Low |
C.3.5.9 | Information sharing | Null | Null | Null |