• Say What You Do Products
• Change Management
• Information Assurance Compliance Maturity Model Index (IACMMI)
• The Language of Compliance
• Systems and Info Classification
• Administrative Management
• Workplace Policy Development and Management
• Facilities, Fleet, and Equipment Management
• Travel
• Help Desk Services
• Physical Security Management
• Compliance Development and Enforcement
• Standards Setting/Reporting Guideline Development
• Policies, Standards, and Procedures Publication
• Policy and Guidance Development
• Public Comment Tracking
• Regulatory Creation
• Inspections and Auditing
• Controls and Oversight
• Program Evaluation
• Corrective Action
• Program Monitoring
• Credit and Insurance
• General Insurance
• Loan Guarantees
• Direct Loans
• Education
• Higher Education
• Elementary, Secondary, and Vocational Education
• Financial Management
• Budget & Finance
• Financial Reporting Information
• Asset & Liability Management
• Accounting
• Payments
• Unemployment Compensation
• Collections and Receivables
• General Retirement and Disability Program Management
• General Organizational Support
• Taxation management (governmental agencies)
• Centralized Fiscal Operations
• Legal Functions
• Records and Statistics Management
• Centralized Personnel Management
• Property Management
• General Executive Functions
• Staff Income Information
• Benefits Entitlement Event Information
• Representative Payee Information
• Strategic Executive Functions
• Personal Identity and Authentication
• Goods and Services Creation and Management
• Facilities and Infrastructure Management
• Goods and Services Production
• Construction
• Healthcare
• Health Care Services
• Consumer Health and Safety
• Human Resources
• Personnel Management
• Security Clearance Management
• Benefits Management
• Worker Safety
• Labor Rights Management
• Staff Recruitment and Employment
• Payroll Management and Expense Reimbursement
• Resource Training and Development
• Information & Technology Management
• System Development
• Information Management
• Record Retention
• IT Security
• IT Infrastructure Maintenance
• System Maintenance
• Lifecycle/Change Management
• Internal Risk Management and Mitigation
• Disaster Preparedness and Planning
• Contingency Planning
• Continuity of Operations
• Service Recovery
• Emergency Response
• Law Enforcement
• Criminal Apprehension
• Criminal Investigation and Surveillance
• Citizen Protection
• Property Protection
• Crime Prevention
• Legal, Litigation, and Judicial
• Judicial Hearings
• Legal Defense
• Legal Investigation
• Legal Litigation
• Resolution Facilitation
• Permits and Licensing
• Planning and Resource Allocation
• Strategic Planning
• Enterprise Architecture
• Budget Formulation
• Capital Planning
• Budget Execution
• Workforce Planning
• Management Improvement
• Research Operations
• Public Affairs
• Customer Services
• Official Information Dissemination
• Public Relations
• Product Outreach
• Revenue Collection
• Debt Collection
• Staff Fee Collection
• Organizational Asset Sales
• Supply Chain Management
• Inventory Control
• Logistics Management
• Goods Acquisition
• Services Acquisition
• Advising and Consulting
• Knowledge Dissemination
• Third Party Relations
• Third Party Program Project Information
• Third Party Liaison
• Third Party Program Proposal Development
• Third Party Program Tracking

Supports the analysis of internal and external program effectiveness and the determination of corrective actions as appropriate. The impact levels should be commensurate with the impact levels of the program that is being evaluated. The overall accountability rating for this information classification is Low.

Confidentiality level = Low

The confidentiality impact level is the effect of unauthorized disclosure of program evaluation information on the abilities of responsible agencies to analyze internal and external program effectiveness and to determine appropriate corrective actions. The confidentiality impact of program evaluation information is largely event-driven. Once the evaluation has been reported, most program evaluation information is in the public domain. However, premature unauthorized disclosure of program evaluation information can alert personnel associated with programs under evaluation to the focus and preliminary findings of investigative and evaluation activities.

Known mitigating factors toward changing the confidentiality level

Where a major program or human safety is at stake, actions taken based on unauthorized disclosure of program evaluation information can pose a threat to human life or a loss of major assets. In such cases, the confidentiality impact should be set to high. Unauthorized disclosure of most program evaluation information often has the potential to seriously affect organizational operations. Also, some program evaluation information, particularly in the case of current investigations, includes personal information subject to the various privacy rules and/or information that is proprietary to a corporation or other organization. The confidential provisional impact levels are documented in the Personal Identity and Authentication information type. Additionally, there are legislative mandates prohibiting unauthorized disclosure of trade secrets. Trade secrets will generally be assigned a moderate confidentiality impact level.

Integrity level = Low

The consequences of undetected unauthorized modification or destruction of program evaluation information can compromise the effectiveness of an evaluation program (e.g., by providing false information intended to mislead auditors or evaluators or to give program personnel a basis for claiming investigative or evaluative irregularities). The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. Although there are time-sensitive exceptions, unauthorized modification or destruction of most program evaluation information should have only a limited adverse effect on agency operations, assets, or individuals.

Availability level = Low

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to reestablish access to the program evaluation information. Although there are time-sensitive exceptions, most program evaluation processes are tolerant of reasonable delays. In most cases, disruption of access to program evaluation information can be expected to have only a limited adverse effect on organizational operations, organizational assets, or individuals.