Overview#

The Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) discusses PII Impact Levels and Factors for Determining PII Confidentiality Impact Levels.

LOW#

The potential impact is LOW if the loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:
  • (i) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced;
  • (ii) result in minor damage to organizational assets;
  • (iii) result in minor financial loss;
  • (iv) result in minor harm to individuals.

MODERATE#

The potential impact is MODERATE if the loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:
  • (i) cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced;
  • (ii) result in significant damage to organizational assets;
  • (iii) result in significant financial loss;
  • (iv) result in significant harm to individuals that does not involve loss of life or serious life threatening injuries.

HIGH#

The potential impact is HIGH if the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:
  • (i) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions;
  • (ii) result in major damage to organizational assets;
  • (iii) result in major financial loss;
  • (iv) result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-2) was last changed on 08-Mar-2016 17:57 by jim