D.2.2 - Key asset and critical infrastructure protection
Key Asset and Critical Infrastructure Protection involves assessing key asset and critical infrastructure vulnerabilities and taking direct action to mitigate vulnerabilities, enhance security, and ensure continuity and necessary redundancy in government operations and personnel.
The Critical Infrastructure Information Protection Act of 2002 (6 U.S.C. 131-134) places specific controls on the dissemination of critical infrastructure information (see Volume I, 3.5.2.3). Under the provisions of Executive Order 13292, some anti-terrorism information is subject to security classification. National security information is outside the scope of this guideline. The recommended categorization for unclassified anti-terrorism information follows:
Security category
Confidentiality High
The confidentiality impact level is the effect of unauthorized disclosure of critical infrastructure protection information on the ability of responsible agencies to monitor and assess the leadership, motivations, plans, and intentions of foreign and domestic terrorist groups and their state and non-state sponsors. The effects of unauthorized disclosure of this information can reasonably be expected to jeopardize fulfillment of critical infrastructure protection missions. The consequent threat to critical infrastructures, key national assets, and human life can be catastrophic. Recommended Confidentiality Impact Level: The provisional confidentiality impact level recommended for critical infrastructure protection information is high.
Integrity High
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Unauthorized modification or destruction of information affecting critical infrastructure protection operations may adversely affect mission operations and result in unacceptable damage to critical infrastructures, damage to key national assets, or loss of human life. Recommended Integrity Impact Level: The provisional integrity impact level recommended for critical infrastructure protection information is high.
Availability High
The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to critical infrastructure protection information. Generally, critical infrastructure protection missions are not reliably tolerant of delays. Significant degradation in mission capability and resultant catastrophic consequences for critical infrastructures, key national assets, and/or human life may occur from disruption of access to critical infrastructure protection information. Recommended Availability Impact Level: The provisional availability impact level recommended for critical infrastructure protection information is high.