C.3.4.4 - Services acquisition
Services acquisition involves the oversight and/or management of contractors and service providers from the private sector.
The recommended security categorization for the services acquisition information type is as follows:
Security category
Confidentiality Low
The confidentiality impact level is the effect of unauthorized disclosure of services acquisition information on the ability of agencies to oversee and/or manage contractors and service providers from the private sector. The consequences of unauthorized disclosure of most services acquisition information are likely to have only a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of information associated with very large procurements can result in fraud, waste, abuse, and/or legal proceedings that can have a serious effect on Federal government assets and operations. Also, information associated with acquisition of some services (e.g., security or protection services) can be of material use to criminals seeking to gain access to Federal facilities or information in order to facilitate or perpetrate sabotage, murder, fraud, theft, or other criminal enterprises. In these cases, unauthorized disclosure of information can have a serious adverse effect on agency operations, agency assets, and/or individuals. The consequent confidentiality impact will range from moderate to high. Additionally, some procurement information associated with proposals is proprietary. In the case of competitive procurements, much information associated with unsuccessful bids remains proprietary following award of the contract (e.g., pricing information). Unauthorized disclosure of proprietary information can have serious consequences for agencies and have at least a moderate confidentiality impact level. Some services procurement information is classified. The classified information is national security related and is outside the scope of this guideline. Recommended Confidentiality Impact Level: The provisional confidentiality impact level recommended for most services acquisition information is low.
Integrity Low
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of services acquisition information usually depends on the urgency with which the information is needed or the immediacy with which the information is used. In most cases, the information will not be needed urgently or acted upon immediately. Also, unauthorized modification or destruction of information affecting external publication of services acquisition information (e.g., web pages, electronic mail) may adversely affect public confidence in the agency. However, damage to the mission would usually be limited. Special Factors Affecting Integrity Impact Determination: Unauthorized modification or destruction of information relating to procurement actions (particularly proposal information) can result in serious disruption of procurement processes and loss of availability of services that can be important or even critical to agency operations. In such cases, the integrity impact level can be moderate or even high. Recommended Integrity Impact Level: The provisional integrity impact level recommended for most services acquisition information is low.
Availability Low
The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to services acquisition information. Functions and processes supported by most services acquisition information are tolerant of delays i.e., the data supporting the functions/processes are not time-critical. In most cases, disruption of access to services procurement information can be expected to have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Recommended Availability Impact Level: The provisional availability impact level recommended for services acquisition information is low.