• Say What You Do Products
• Change Management
• Information Assurance Compliance Maturity Model Index (IACMMI)
• The Language of Compliance
• Systems and Info Classification
• Administrative Management
• Workplace Policy Development and Management
• Travel
• Help Desk Services
• Facilities, Fleet, and Equipment Management
• Physical Security Management
• Compliance Development and Enforcement
• Inspections and Auditing
• Standards Setting/Reporting Guideline Development
• Regulatory Creation
• Public Comment Tracking
• Policies, Standards, and Procedures Publication
• Policy and Guidance Development
• Controls and Oversight
• Corrective Action
• Program Evaluation
• Program Monitoring
• Credit and Insurance
• Direct Loans
• Loan Guarantees
• General Insurance
• Education
• Higher Education
• Elementary, Secondary, and Vocational Education
• Financial Management
• Accounting
• Budget & Finance
• Financial Reporting Information
• Asset & Liability Management
• Collections and Receivables
• Payments
• General Retirement and Disability Program Management
• Unemployment Compensation
• General Organizational Support
• Records and Statistics Management
• Centralized Personnel Management
• Property Management
• General Executive Functions
• Legal Functions
• Centralized Fiscal Operations
• Taxation management (governmental agencies)
• Staff Income Information
• Strategic Executive Functions
• Representative Payee Information
• Personal Identity and Authentication
• Benefits Entitlement Event Information
• Goods and Services Creation and Management
• Goods and Services Production
• Facilities and Infrastructure Management
• Construction
• Healthcare
• Health Care Services
• Consumer Health and Safety
• Human Resources
• Worker Safety
• Labor Rights Management
• Staff Recruitment and Employment
• Security Clearance Management
• Benefits Management
• Personnel Management
• Resource Training and Development
• Payroll Management and Expense Reimbursement
• Information & Technology Management
• Information Management
• Record Retention
• IT Security
• IT Infrastructure Maintenance
• System Maintenance
• Lifecycle/Change Management
• System Development
• Internal Risk Management and Mitigation
• Emergency Response
• Disaster Preparedness and Planning
• Service Recovery
• Continuity of Operations
• Contingency Planning
• Law Enforcement
• Citizen Protection
• Criminal Investigation and Surveillance
• Crime Prevention
• Property Protection
• Criminal Apprehension
• Legal, Litigation, and Judicial
• Resolution Facilitation
• Permits and Licensing
• Legal Litigation
• Legal Investigation
• Legal Defense
• Judicial Hearings
• Planning and Resource Allocation
• Budget Formulation
• Enterprise Architecture
• Capital Planning
• Strategic Planning
• Research Operations
• Management Improvement
• Workforce Planning
• Budget Execution
• Public Affairs
• Customer Services
• Official Information Dissemination
• Product Outreach
• Public Relations
• Revenue Collection
• Staff Fee Collection
• Debt Collection
• Organizational Asset Sales
• Supply Chain Management
• Logistics Management
• Inventory Control
• Goods Acquisition
• Knowledge Dissemination
• Advising and Consulting
• Services Acquisition
• Third Party Relations
• Third Party Liaison
• Third Party Program Project Information
• Third Party Program Tracking
• Third Party Program Proposal Development

Supports the planning, design, implementation, and maintenance of an IT Infrastructure to effectively support automated needs. IT infrastructure maintenance involves the planning, design, implementation, and maintenance of an IT Infrastructure to effectively support automated needs (i.e. operating systems, applications software, platforms, networks, servers, printers, etc.). IT infrastructure maintenance also includes information systems configuration and security policy enforcement information. This information includes password files, network access rules and implementing files and/or switch setting, hardware and software configuration settings, and documentation that may affect access to the information system’s data, programs, and/or processes. The impact levels associated with IT infrastructure maintenance information are primarily a function of the information processed in and through that infrastructure. The overall accountability rating for this information classification is Moderate.

Confidentiality level = Moderate

The confidentiality impact level is the effect of unauthorized disclosure of IT infrastructure maintenance information on the ability of responsible entities to plan, design, implement, and maintain an IT Infrastructure to effectively support automated needs (i.e. operating systems, applications software, platforms, networks, servers, printers, etc.). IT infrastructure maintenance also includes information systems configuration and security policy enforcement information. Unauthorized disclosure of some IT infrastructure maintenance information can lead to confidentiality compromise of information processed by the system (e.g., password files, file access tables, cryptographic keying information, network access rules, and hardware and software configuration settings, and documentation that may affect access to the information system’s data, programs, and/or processes). As a result, the confidentiality impact associated with this information is that of the highest impact information processed by the system. Also, a higher confidentiality impact may be associated with information in aggregate than is associated with any single element of information.

Known mitigating factors toward changing the confidentiality level

Particularly in the case of passwords and cryptographic keys, the provisional impact level recommended for IT infrastructure maintenance information depends on the sensitivity and criticality of system information and processes. As a result the recommended impact level is “system high.”

Integrity level = Moderate

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information. The consequences of unauthorized modification or destruction of IT infrastructure maintenance information usually depends on the urgency with which the data processed in the IT infrastructure is needed or the time-critical nature of the data. In most cases, it is unlikely that the information will be needed urgently or acted upon immediately. In most cases, the consequences of unauthorized modification of IT infrastructure maintenance information will result in limited damage to organizational operations or assets.

Known mitigating factors toward changing the integrity level

Exceptions may include incorrect information used for emergency response aspects of disaster management, criminal apprehension, air traffic control or other time-critical missions. In such cases, a moderate or high integrity impact level might be considered.

Availability level = Low

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to reestablish access to IT infrastructure maintenance information. Functions and processes supported by most IT infrastructure maintenance information are not time-critical. Also, disruption of access will have a limited adverse effect on organizational operations (including mission functions and public confidence in the organization), organizational assets, or individuals.

Known mitigating factors toward changing the availability level

Exceptions may include emergency response aspects of disaster management or other high load and time critical functions (e.g., some systems that support air traffic control functions). The effects of disruption of access to IT infrastructure maintenance information or information systems may be to deny mission-critical IT resources to all affected organizations. The availability impact level associated with denial-of-service to IT infrastructure maintenance information needed to respond to emergencies or critical to public safety can be high.