C.2.8.5 - Central personnel management

Central Personnel Management involves most of the operating activities of the Office of Personnel Management and related agencies.

The recommended security categorization for the central personnel management information type is as follows:

Security category

C.2.8.5 - Central personnel management = {(confidentiality, Low), (integrity, Low), (availability, Low)}

Confidentiality Low

The confidentiality impact level is the effect of unauthorized disclosure of central personnel management information on the ability of the Office of Personnel Management (OPM) to build a high quality and diverse Federal workforce, based on merit system principles. Central personnel management information includes human resources management and consulting services, education and leadership development services, and investigation services. The unauthorized disclosure of most central personnel management information will have only a limited adverse effect on agency operations, assets, or individuals. 47 Special Factors Affecting Confidentiality Impact Determination: Very sensitive information is typically personal information subject to the Privacy Act of 1974. (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) Such information will often be assigned a moderate confidentiality impact level. Some information associated with investigative services may be particularly sensitive and require a high confidentiality impact level. Recommended Confidentiality Impact Level: The provisional confidentiality impact level recommended for central personnel management information is low.

Integrity Low

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of undetected unauthorized modification or destruction of central personnel management information can conceivably disrupt central personnel management operations (e.g., (e.g., by modifying sensitive private personal information or compromising confidentiality mechanisms). Unauthorized modification or destruction of information affecting external publication of central personnel management information (e.g., web pages, electronic mail) may adversely affect public confidence in the government. However, damage to the mission would usually be limited. Recommended Integrity Impact Level: The provisional integrity impact level recommended for central personnel management information is low.

Availability Low

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the central personnel management information. Central personnel management processes are generally tolerant of reasonable delays. In most cases, disruption of access to central personnel management information can be expected to have only a limited adverse effect on agency operations, agency assets, or individuals. Recommended Availability Impact Level: The provisional availability impact level recommended for central personnel management information is low.