The FISMA defines three security objectives for information and information systems:

 

CONFIDENTIALITY

“Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information...” [44 U.S.C., Sec. 3542]

A loss of confidentiality is the unauthorized disclosure of information.

INTEGRITY

“Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity...” [44 U.S.C., Sec. 3542]

A loss of integrity is the unauthorized modification or destruction of information.

AVAILABILITY

“Ensuring timely and reliable access to and use of information...” [44 U.S.C., SEC. 3542]

A loss of availability is the disruption of access to or use of information or an information system. Potential Impact on Organizations and Individuals

FIPS Publication 199 defines three levels of potential impact on organizations or individuals should there be a breach of security (i.e., a loss of confidentiality, integrity, or availability). The application of these definitions must take place within the context of each organization and the overall national interest.