typist | Information type | C.3.5.1

System Development supports all activities associated with the in-house design and development of software applications.

The recommended security categorization for the system development information type is as follows:

Security category

C.3.5.1 - System development = {(confidentiality, Low), (integrity, Moderate), (availability, Low)}

Confidentiality Low

The confidentiality impact level is the effect of unauthorized disclosure of system development information on the ability of responsible agencies to design and develop software applications inhouse. In the system development phase, a system's security configuration baseline is established. In most cases, the system development information is not particularly sensitive and is distributed to the users. In general, disclosure of the system development information is likely to result in only limited adverse effects on the confidentiality of system information and processes. Recommended Confidentiality Impact Level: The provisional confidentiality impact level recommended for system development information is low.

Integrity Moderate

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of system development information 91 depend on the maximum aggregate sensitivity and criticality of the information and processes associated with the system. Special Factors Affecting Integrity Impact Determination: The Recommended Integrity Impact Level may range from low to high to national security information (outside the scope of this guideline). Recommended Integrity Impact Level: The provisional integrity impact level recommended for most system development information is moderate.

Availability Low

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to system development information. Functions and processes supported by most system development information are not timecritical. That is, temporary disruption of access to system development information will usually have only a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Recommended Availability Impact Level: The provisional availability impact level recommended for system development information is low.