D.22.4 - Information infrastructure management
Information Infrastructure Management involves the management and stewardship of a type of information by the Federal Government and/or the creation of physical communication infrastructures on behalf of the public in order to facilitate communication.
This includes the management of large amounts of information (e.g., environmental and weather data, criminal records, etc.), the creation of information and data standards relating to a specific type of information (patient records), and the creation and management of physical communication infrastructures (networks) on behalf of the public. Note: Information infrastructures for government use are not included in this information type because the impact levels associated with information infrastructure maintenance information are primarily a function of the information processed in that infrastructure. The recommended provisional security categorization for the information infrastructure maintenance information type is as follows:
Security category
Confidentiality Low
The confidentiality impact level is the effect of unauthorized disclosure of information infrastructure maintenance information on the ability of responsible agencies to manage a type of information and/or to create physical communication infrastructures on behalf of the public in order to facilitate communication. The disclosure of most information infrastructure maintenance information can be expected to result in a limited adverse effect on agency operations, assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: In some cases, information infrastructure maintenance details can be of use to terrorists or other criminals who seek to destroy government data bases or communications infrastructures, or deny access to information needed by the public. Unauthorized disclosure of some information infrastructure maintenance details to criminals can result in danger to critical infrastructures, key national assets, or human life. In such cases, the confidentiality impact can be high. In other cases, premature unauthorized disclosure of management information can give an unfair competitive advantage to a commercial interest (e.g., proposed outsourcing of system administration or details of a proposed communications system acquisition). This can result in assignment of a moderate impact level to such information. Recommended Confidentiality Impact Level: The provisional confidentiality impact level recommended for information infrastructure maintenance information is low.
Integrity Low
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. That is, the consequences of unauthorized modification or destruction of information infrastructure maintenance information typically depend on the criticality of the data processed by the infrastructure and whether this data is time-critical. In most cases, the data will not be urgently needed or acted upon immediately. Special Factors Affecting Integrity Impact Determination: In a relatively few cases, the consequences of unauthorized modification or destruction of information infrastructure maintenance information might result in serious damage to agency operations, assets, or human safety. This 216 may require a moderate or high integrity impact level for information infrastructure maintenance information. Recommended Integrity Impact Level: The provisional integrity impact level recommended for information infrastructure maintenance information is low.
Availability Low
The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to information infrastructure maintenance information. Disruption of access to information infrastructure maintenance information or information systems will typically result in denial of access to resources for all affected agencies. Typically, disruption of access will have a limited adverse effect on agency operations (including mission functions and public confidence in the agency), agency assets, or individuals. Special Factors Affecting Availability Impact Determination: Exceptions may include emergency response aspects of disaster management or other time critical functions (e.g., some systems that support air traffic control functions). The availability impact level associated with unauthorized modification or destruction of information infrastructure maintenance information needed to respond to emergencies or critical to public safety may be high. Recommended Availability Impact Level: The provisional availability impact level recommended for information infrastructure maintenance information is low.