D.22.3 - Public resources, facility, and infrastructure management
Public Resources, Facility and Infrastructure Management involves the management and maintenance of government-owned capital goods and resources (natural or otherwise) on behalf of the public, usually with benefits to the community at large as well as to the direct user.
Examples of facilities and infrastructure include schools, roads, bridges, dams, harbors, and public buildings. Examples of resources include parks, cultural artifacts and art, endangered species, oil reserves, etc. The following security categorization is recommended for the public resources, facilities, and infrastructure management information type:
Security category
Confidentiality Low
The confidentiality impact level is the effect of unauthorized disclosure of public resources, facilities, and infrastructure management information on the abilities of responsible agencies to manage and maintain government-owned capital goods and resources (natural or otherwise) on behalf of the public, usually with benefits to the community at large as well as to the direct user. In most cases, the consequences of unauthorized disclosure of public resources, facilities, and infrastructure management information will result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, premature unauthorized disclosure of management information can give an unfair competitive advantage to a commercial interest (e.g., proposed changes for management of petroleum reserves). The confidentiality impact of consequent loss of public confidence and/or serious economic disruption might be moderate. In other cases, public resources, facilities, and infrastructure management details can be of use to terrorists or other criminals who seek to penetrate the security of government property or to harm populations. Unauthorized disclosure of some public resources, facilities, and infrastructure management details to criminals (e.g., facilities security dispositions, building alarm designs), can result in danger to critical infrastructures, key national assets, or human life. In such cases, the confidentiality impact can be high Recommended Confidentiality Impact Level: The provisional confidentiality impact level recommended for most public resources, facilities, and infrastructure management information is low.
Integrity Low
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of public resources, facilities, and infrastructure management information depends primarily on the criticality of the information with respect to management of public resources, facilities, and infrastructures. Typically, the effects of modification or deletion of public resources, facilities, and infrastructure information are limited with respect to agency missions or assets. Recommended Integrity Impact Level: The provisional integrity impact level recommended for public resources, facilities, and infrastructure management information is low.
Availability Low
The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to public resources, facilities, and infrastructure management information. The nature of most government public resources, facilities, and infrastructure management processes is tolerant of reasonable delays. Recommended Availability Impact Level: The provisional availability impact level recommended for public resources, facilities, and infrastructure management information is low.