C.3.5.2 - Lifecycle / change management
Lifecycle/Change Management involves the processes that facilitate a smooth evolution, composition, and workforce transition of the design and implementation of changes to agency resources such as assets, methodologies, systems, or procedures.
The recommended security categorization for the lifecycle/change management information type is as follows:
Security category
Confidentiality Low
The confidentiality impact level is the effect of unauthorized disclosure of lifecycle/change management information on the ability of responsible agencies to execute processes that facilitate a smooth evolution, composition, and workforce transition of the design and implementation of changes to agency resources such as assets, methodologies, systems, or procedures. Special Factors Affecting Confidentiality Impact Determination: Unauthorized disclosure of some lifecycle/change management information can provide adversaries with intelligence information that may be useful in efforts to compromise the system. This can result in assignment of a moderate impact level to such information. Additionally, there are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade secrets will generally be assigned a moderate confidentiality impact level. Recommended Confidentiality Impact Level: The provisional confidentiality impact level recommended for lifecycle/change management information is low.
Integrity Moderate
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of undetected or unauthorized modification or destruction of lifecycle/change management information depends on the maximum aggregate sensitivity and criticality of the information and processes associated with the system. Special Factors Affecting Integrity Impact Determination: The Recommended Integrity Impact Level can range from low to high to national security information (outside the scope of this guideline). Recommended Integrity Impact Level: The provisional integrity impact level recommended for lifecycle/change management information is moderate.
Availability Low
The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to lifecycle/change management information. Functions and processes supported by most lifecycle/change management information are not time-critical. That is, temporary disruption of access to lifecycle/change management information will usually have only a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Recommended Availability Impact Level: The provisional availability impact level recommended for lifecycle/change management information is low.