C.3.1.4 - Travel
Travel involves the activities associated with planning, preparing, and monitoring of business related travel for an organization's employees.
The following security categorization is recommended for the travel information type:
The confidentiality impact level is the effect of unauthorized disclosure of travel information on the abilities of responsible agencies to plan, prepare, and monitor business related travel for the organization's employees. Generally, the consequences of unauthorized disclosure of the majority of travel information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of employee identification information coupled with credit information (e.g., name, social security number, credit card number) can result in moderate to serious consequences for individuals and local organizations. The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type. Unauthorized disclosure of information concerning carrier/provider contract negotiations can have significant financial or legal consequences and put an agency at a serious disadvantage. Also, severe consequences may result from unauthorized disclosure of information regarding leadership travel plans that might jeopardize personnel security or the confidentiality of sensitive operations plans. In the most sensitive cases, the confidentiality impact level may be high. Recommended Confidentiality Impact Level: The provisional confidentiality impact level recommended for travel information is low.
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of travel information partially depends on the urgency with which the information is normally needed and the consequences of aborted or modified travel. In the case of travel planning information, the effects of such modifications are generally limited with respect to agency mission capabilities or assets. There may be scenarios in which integrity compromise of travel information may expose Federal leadership to harm or endanger a sensitive or critical operation. However, most such scenarios are dealt with in the context of impacts to mission operations information (Appendix D). Recommended Integrity Impact Level: The provisional integrity impact level recommended for travel information is low.
The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to the travel information. The nature of travel processes is usually tolerant of reasonable delays, at least on the agency mission scale. Recommended Availability Impact Level: The provisional availability impact level recommended for travel information is low.