• Say What You Do Products
• Change Management
• Information Assurance Compliance Maturity Model Index (IACMMI)
• The Language of Compliance
• Systems and Info Classification
• Administrative Management
• Workplace Policy Development and Management
• Travel
• Help Desk Services
• Facilities, Fleet, and Equipment Management
• Physical Security Management
• Compliance Development and Enforcement
• Inspections and Auditing
• Standards Setting/Reporting Guideline Development
• Regulatory Creation
• Public Comment Tracking
• Policies, Standards, and Procedures Publication
• Policy and Guidance Development
• Controls and Oversight
• Corrective Action
• Program Evaluation
• Program Monitoring
• Credit and Insurance
• Direct Loans
• Loan Guarantees
• General Insurance
• Education
• Higher Education
• Elementary, Secondary, and Vocational Education
• Financial Management
• Accounting
• Budget & Finance
• Financial Reporting Information
• Asset & Liability Management
• Collections and Receivables
• Payments
• General Retirement and Disability Program Management
• Unemployment Compensation
• General Organizational Support
• Records and Statistics Management
• Centralized Personnel Management
• Property Management
• General Executive Functions
• Legal Functions
• Centralized Fiscal Operations
• Taxation management (governmental agencies)
• Staff Income Information
• Strategic Executive Functions
• Representative Payee Information
• Personal Identity and Authentication
• Benefits Entitlement Event Information
• Goods and Services Creation and Management
• Goods and Services Production
• Facilities and Infrastructure Management
• Construction
• Healthcare
• Health Care Services
• Consumer Health and Safety
• Human Resources
• Worker Safety
• Labor Rights Management
• Staff Recruitment and Employment
• Security Clearance Management
• Benefits Management
• Personnel Management
• Resource Training and Development
• Payroll Management and Expense Reimbursement
• Information & Technology Management
• Information Management
• Record Retention
• IT Security
• IT Infrastructure Maintenance
• System Maintenance
• Lifecycle/Change Management
• System Development
• Internal Risk Management and Mitigation
• Emergency Response
• Disaster Preparedness and Planning
• Service Recovery
• Continuity of Operations
• Contingency Planning
• Law Enforcement
• Citizen Protection
• Criminal Investigation and Surveillance
• Crime Prevention
• Property Protection
• Criminal Apprehension
• Legal, Litigation, and Judicial
• Resolution Facilitation
• Permits and Licensing
• Legal Litigation
• Legal Investigation
• Legal Defense
• Judicial Hearings
• Planning and Resource Allocation
• Budget Formulation
• Enterprise Architecture
• Capital Planning
• Strategic Planning
• Research Operations
• Management Improvement
• Workforce Planning
• Budget Execution
• Public Affairs
• Customer Services
• Official Information Dissemination
• Product Outreach
• Public Relations
• Revenue Collection
• Staff Fee Collection
• Debt Collection
• Organizational Asset Sales
• Supply Chain Management
• Logistics Management
• Inventory Control
• Goods Acquisition
• Knowledge Dissemination
• Advising and Consulting
• Services Acquisition
• Third Party Relations
• Third Party Liaison
• Third Party Program Project Information
• Third Party Program Tracking
• Third Party Program Proposal Development

Supports the physical protection of an organization’s personnel, assets, and facilities. The overall accountability rating for this information classification is Moderate.

Confidentiality level = Moderate

The confidentiality impact level is the effect of unauthorized disclosure of physical security management information on the ability of responsible organizations to physically protect their personnel, assets, and facilities. The consequences of unauthorized disclosure of most security management information depend on the likelihood that the information might jeopardize the physical security of an organization’s assets and the value, and potential for damage of the assets being protected. Information associated with the physical security of many organizational office buildings, transportation fleets, and operational facilities can be of material use to criminals seeking to gain access to organizational facilities in order to perpetrate a major crime (e.g., extraction of inmates from organizational detention facilities, theft of commodities market projections, access to information associated with a felony criminal investigation or prosecution, theft of blank license issuing facilities and/or materials, access to competition-sensitive information associated with major procurements, undetected access to properties, access to production facilities or materials, theft of production materials). In such cases, unauthorized disclosure of information can have a serious adverse effect on organizational operations, organizational assets, or individuals. The consequences of physical protection failures at most organizational facilities are more likely to result in serious adverse effects.

Known mitigating factors toward changing the confidentiality level

Information associated with security management at secondary organizational office buildings, transportation fleets, and operational facilities can be of material use to criminals seeking to penetrate and/or commandeer such facilities as part of operations intended to harm critical infrastructures, key organizational assets, or people. In these cases, the confidentiality impact must be high. Unauthorized disclosure of security management information that can be reasonably expected to pose a serious threat to human life (including those of security guards) must also be assigned a high confidentiality impact.

Integrity level = Moderate

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of security management information may depend on the urgency with which the information is needed or the immediacy with which the information is used. In cases of intrusion indications, security management information can be time-critical. The consequences of unauthorized modification or destruction of time-critical security management information can reasonably be expected to result in physical security vulnerabilities. The range of potential consequences is covered above in Confidentiality.

Availability level = Low

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to reestablish access to the security management information. Functions supported by most security management information are tolerant of delays. Typically, disruption of access to security management information will have a limited adverse effect on organizational operations (including mission functions and public confidence in the organization), organizational assets, or individuals.

Known mitigating factors toward changing the availability level

Exceptions may include alarm and alert communications and interconnections for security management systems and automated control systems that support security management processes (e.g., door and gate operations in buildings to which access is limited such as detention facilities and many organizational office buildings). For these exceptions, the data is time-critical. The availability impact level associated with unauthorized modification or destruction of such alarm, alert, and automated process security management information may be high.