Inspections and Auditing involves the methodical examination and review of regulated activities to ensure compliance with standards for regulated activity. The overall accountability rating for this information classification is Moderate.
Confidentiality level = Moderate
The confidentiality impact level is the effect of unauthorized disclosure of inspections and auditing information on the ability of responsible entities to methodically examine and review regulated activities to ensure compliance with standards for regulated activity. If the inspections and auditing data belongs to one of the information types described in this guideline, the confidentiality impact assigned the data and system is dependent on the nature of the regulated activity. Although there are many organizational environments in which unauthorized disclosure will have only a limited adverse effect, there are enough circumstances in which serious adverse effects on organizational operations, organizational assets, or individuals can result to justify recommendation of a moderate provisional confidentiality impact level for inspections and auditing information.
Known mitigating factors toward changing the confidentiality level
Unauthorized disclosure of inspections and auditing information can alert personnel associated with programs being monitored to the focus of inspection or auditing activities. With this information, program personnel may divert attention from questionable program attributes or hide unfavorable information. Where a major program or human safety is at stake, actions taken based on unauthorized disclosure of inspections and auditing information can pose a threat to human life or a loss of major assets. In such cases, the confidentiality impact is high. Trade secret information and trade secret systems are outside the scope of this guideline.
Integrity level = Moderate
The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of inspections and auditing information can compromise the effectiveness of the program. The damage likely to be caused by unauthorized modification or destruction may affect inspection or audit results with subsequent serious adverse effects on organizational operations or public confidence in the organization. The consequences can be particularly serious if the destruction or modification of information invalidates oversight of major programs or the information threatens human safety. The integrity impact level depends on the laws or policies with which compliance is being determined and on the criticality of the processes being monitored. Although there are regulatory environments in which a low impact level is appropriate, the circumstances associated with most inspections and auditing support information require at least a moderate integrity impact level.
Availability level = Low
The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to reestablish access to inspections and auditing information. In most cases, disruption of access to inspections and auditing information is expected to have only a limited adverse effect on organizational operations, organizational assets, or individuals. Not many inspection or auditing operations involve activities for which temporary loss of availability is likely to cause significant degradation in mission capability, place the organization at a significant disadvantage, result in major damage to major assets, or pose a threat to human life.