C.2.3.3 - Enterprise architecture
Enterprise Architecture is an established process for describing the current state and defining the target state and transition strategy for an organization's people, processes, and technology.
The recommended provisional security categorization for the enterprise architecture information type is as follows:
Security category
Confidentiality Low
The confidentiality impact level is the effect of unauthorized disclosure of enterprise architecture information on the ability of responsible agencies to describe the current state and define the target state and transition strategy for an organizations people, processes, and technology. The effects of loss of confidentiality of preliminary draft enterprise architecture plans can result in attempts by affected entities and other interested parties to influence and/or impede the policy and guideline development process. Premature public release of draft plans before internal coordination and review can result in unnecessary damage to public confidence in the agency. This is particularly likely where the release includes unedited internal commentary and discussion. However, the consequence of loss of confidentiality of most enterprise architecture information is likely to do only limited harm to government assets, personnel, or missions. 18 Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some of the background information that supports development of Federal enterprise architecture can reveal sensitive vulnerabilities, capabilities, or methods of anti-terrorism, law enforcement, or national security activities.13 Depending on the information in question, the confidentiality impact can be moderate, high, or involve national security information (outside the scope of this guideline). Also, some enterprise architecture plans of some Federal agencies are themselves national security information. Finally, important financial decisions and planning information may be included in this category of information. Recommended Confidentiality Impact Level: The provisional confidentiality impact level recommended for enterprise architecture information is low.
Integrity Low
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information affecting external communications that contain enterprise architecture information (e.g., web pages, electronic mail) may adversely affect operations or public confidence in the agency, but the damage to the mission would usually be limited. Public confidence consequences will be more serious for agencies that have national defense, intelligence, or information security missions. In such cases, the impact may be at least moderate. Recommended Availability Impact Level: In general, the provisional integrity level recommended for enterprise architecture information is low.
Availability Low
The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the enterprise architecture information. The enterprise architecture processes are usually tolerant of delays. Recommended Availability Impact Level: The provisional availability impact level recommended for enterprise architecture information is low.