D.20.1 - Research and development
Research and Development involves the gathering and analysis of data, dissemination of results, and development of new products, methodologies, and ideas.
The sensitivity and criticality of most research and development information depends on the subject matter involved. The recommended provisional categorization of the research and development information type follows:
Security category
Confidentiality Low
The confidentiality impact level depends on the effect of unauthorized disclosure of research and development information on the ability of responsible agencies to gather and analyze data, disseminate results, and develop new products, methodologies, and ideas, and on the degree to which unauthorized disclosure of the information can assist hostile institutions to do harm to the interests of the government of the United States. Many research and development activities are conducted in association with public institutions of higher learning, and the findings resulting from those activities are intended for publication. Unauthorized disclosure of most research and development information can be expected to have only limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: Most research and development information is proprietary. Unauthorized disclosure of proprietary information violates several statures and Federal regulations (see Appendix E). Pre-publication disclosure or other unauthorized disclosure of research findings can have a serious adverse effect on agency operations, agency assets, or individuals. In such cases, the confidentiality impact level associated with research and development is moderate. Premature and/or partial release of preliminary research and development information can lead to misleading conclusions by policy makers, funding entities, news organizations, and/or the general public. Where the research and development activities are associated with security measures or law enforcement tools, potential adversaries may derive insights on countermeasures development. In extreme cases, the resulting confidentiality impact can be high. In some cases, the research and development information is classified or otherwise qualifies as national security information). Such information is outside the scope of this guideline. Recommended Confidentiality Impact Level: The provisional confidentiality impact level recommended for most government research and development information is low.
Integrity Moderate
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of most research and development information can be seriously disruptive to the progress of research activities. The effects on future funding can be serious and can have a serious adverse effect on agency operations, agency assets, or individuals. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) may adversely affect operations and/or public confidence in the agency, but the damage to the mission would usually be more limited. Recommended Integrity Impact Level: The provisional integrity impact level recommended for research and development information is moderate.
Availability Low
The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to research and development information. Most research and innovation processes are tolerant of delay. In most cases, disruption of access to research and innovation information will have only a limited adverse effect on government operations, agency assets, or individuals. Recommended Availability Impact Level: The provisional availability impact level recommended for research and development information is low