D.24.3 - General insurance

General Insurance involves providing protection to individuals or entities against specified risks.

The specified protection generally involves risks that private sector entities are unable or unwilling to assume or subsidize and where the provision of insurance is necessary to achieve social objectives. The following provisional security categorization is recommended for the general insurance information type:

Security category

D.24.3 - General insurance = {(confidentiality, Low), (integrity, Low), (availability, Low)}

Confidentiality Low

The confidentiality impact level is the effect of unauthorized disclosure of general insurance information on the abilities of responsible agencies to provide protection to individuals or entities against specified risks. General insurance activities include both insurance issuing and insurance servicing. Insurance issuing is any activity such as provider approval, underwriting, and endorsements. The consequences of unauthorized disclosure of insurance issuing information will generally result in a limited adverse effect on agency operations, agency assets, or individuals. Insurance servicing supports activities associated with administering and processing insurance include payment processing, initial and final closings, loss mitigation, claims management, and retiring insurance. The confidentiality impact level is the effect of unauthorized disclosure of insurance servicing information on the abilities of responsible agencies to administer and process insurance. The consequences of unauthorized disclosure of insurance servicing information will generally result in a limited adverse effect on agency operations, agency assets, or individuals. Special Factors Affecting Confidentiality Impact Determination: The more serious consequences may result from 1) unauthorized disclosure of provider's proprietary information, or 2) premature disclosure of agency plans or changes under consideration for contracts, plans, or policies. Unauthorized disclosure of information that can affect contract arrangements to the detriment of the interests of the government, and of the public at large (e.g., planned or anticipated termination of a major contract insurer), can result in damaging increases in public expense and exposure to impact. In the case of unauthorized disclosure to an individual private sector organization, unfair competitive advantage may result ' with major financial consequences. In the case of unauthorized disclosure of preliminary and unsubstantiated data that is both incorrect and pessimistic (e.g., Medicare budget projections,), the consequent unwarranted alarm of the public may have serious political and operational consequences for affected agencies. In the more serious cases, the confidentiality impact will be at least moderate. The more serious consequences of unauthorized disclosure of insurance servicing information may result from unauthorized disclosure of private information concerning the insured (e.g., Privacy Act information). (The Privacy Act Information provisional impact levels are documented in the Personal Identity and Authentication information type.) In the more serious cases, the confidentiality impact will be at least moderate. Recommended Confidentiality Impact Level: The provisional confidentiality impact level recommended for general insurance information is low.

Integrity Low

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of general insurance information may depend on the urgency with which the information is typically needed. Unauthorized modification or destruction of information affecting external communications (e.g., web pages, electronic mail) typically has a limited adverse effect on agency operations and/or public confidence in the agency. Recommended Integrity Impact Level: The provisional integrity impact level recommended for general insurance information is low.

Availability Low

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to re-establish access to general insurance information. The nature of general insurance processes is usually tolerant of reasonable delays. Special Factors Affecting Availability Impact Determination: Extensive delays in insurance servicing activities can result in financial harm for individuals and businesses and in public alarm and repercussions in the financial markets. In more serious cases, delays may have serious political and operational consequences for affected agencies. In such cases, the confidentiality impact may be at least moderate. Recommended Availability Impact Level: The provisional availability impact level recommended for general insurance information is low.