• Say What You Do Products
• Change Management
• Information Assurance Compliance Maturity Model Index (IACMMI)
• The Language of Compliance
• Systems and Info Classification
• Administrative Management
• Workplace Policy Development and Management
• Travel
• Help Desk Services
• Facilities, Fleet, and Equipment Management
• Physical Security Management
• Compliance Development and Enforcement
• Inspections and Auditing
• Standards Setting/Reporting Guideline Development
• Regulatory Creation
• Public Comment Tracking
• Policies, Standards, and Procedures Publication
• Policy and Guidance Development
• Controls and Oversight
• Corrective Action
• Program Evaluation
• Program Monitoring
• Credit and Insurance
• Direct Loans
• Loan Guarantees
• General Insurance
• Education
• Higher Education
• Elementary, Secondary, and Vocational Education
• Financial Management
• Accounting
• Budget & Finance
• Financial Reporting Information
• Asset & Liability Management
• Collections and Receivables
• Payments
• General Retirement and Disability Program Management
• Unemployment Compensation
• General Organizational Support
• Records and Statistics Management
• Centralized Personnel Management
• Property Management
• General Executive Functions
• Legal Functions
• Centralized Fiscal Operations
• Taxation management (governmental agencies)
• Staff Income Information
• Strategic Executive Functions
• Representative Payee Information
• Personal Identity and Authentication
• Benefits Entitlement Event Information
• Goods and Services Creation and Management
• Goods and Services Production
• Facilities and Infrastructure Management
• Construction
• Healthcare
• Health Care Services
• Consumer Health and Safety
• Human Resources
• Worker Safety
• Labor Rights Management
• Staff Recruitment and Employment
• Security Clearance Management
• Benefits Management
• Personnel Management
• Resource Training and Development
• Payroll Management and Expense Reimbursement
• Information & Technology Management
• Information Management
• Record Retention
• IT Security
• IT Infrastructure Maintenance
• System Maintenance
• Lifecycle/Change Management
• System Development
• Internal Risk Management and Mitigation
• Emergency Response
• Disaster Preparedness and Planning
• Service Recovery
• Continuity of Operations
• Contingency Planning
• Law Enforcement
• Citizen Protection
• Criminal Investigation and Surveillance
• Crime Prevention
• Property Protection
• Criminal Apprehension
• Legal, Litigation, and Judicial
• Resolution Facilitation
• Permits and Licensing
• Legal Litigation
• Legal Investigation
• Legal Defense
• Judicial Hearings
• Planning and Resource Allocation
• Budget Formulation
• Enterprise Architecture
• Capital Planning
• Strategic Planning
• Research Operations
• Management Improvement
• Workforce Planning
• Budget Execution
• Public Affairs
• Customer Services
• Official Information Dissemination
• Product Outreach
• Public Relations
• Revenue Collection
• Staff Fee Collection
• Debt Collection
• Organizational Asset Sales
• Supply Chain Management
• Logistics Management
• Inventory Control
• Goods Acquisition
• Knowledge Dissemination
• Advising and Consulting
• Services Acquisition
• Third Party Relations
• Third Party Liaison
• Third Party Program Project Information
• Third Party Program Tracking
• Third Party Program Proposal Development

Supports all functions pertaining to the securing of organizational data and systems through the creation and definition of security policies, procedures and controls. The overall accountability rating for this information classification is Low.

Confidentiality level = Low

The confidentiality impact level is the effect of unauthorized disclosure of IT security information on the ability of responsible entities to secure organizational data and systems through the creation and definition of security policies, procedures and controls covering such services as identification, authentication, and nonrepudiation. In most cases, the security policy, procedures, and available controls are not particularly sensitive. Typically, the security information is used in initializing and implementing the controls (e.g., passwords, cryptographic keys) that need to be protected. In general, disclosure of the security policies, procedures, and controls will result in only limited adverse effects on the confidentiality system information and processes.

Integrity level = Moderate

The integrity impact level is based on the specific mission and the data supporting that mission, not on the time required to detect the modification or destruction of information.

Availability level = Low

The availability impact level is based on the specific mission and the data supporting that mission, not on the time required to reestablish access to IT security information. Temporary disruption of access to IT security information can usually be expected to have a limited adverse effect on organizational operations (including mission functions and public confidence in the organization), organizational assets, or individuals.