FIPS 199: Difference between revisions

From IT Wiki
(새 문서: 분류:보안 ;보안의 CIA 개념을 설명하는 NIST의 미국 공식 표준 문서 * '''기밀성(Confidentiality)''' ** Preserving authorized restrictions on inform...)
 
No edit summary
 
Line 2: Line 2:
;보안의 [[CIA]] 개념을 설명하는 [[NIST]]의 미국 공식 표준 문서
;보안의 [[CIA]] 개념을 설명하는 [[NIST]]의 미국 공식 표준 문서


== 공식적 정의 ==
* '''기밀성(Confidentiality)'''
* '''기밀성(Confidentiality)'''
** Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information
** Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information
Line 7: Line 8:
** Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
** Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
* '''가용성(Integrity)'''
* '''가용성(Integrity)'''
** Ensuring timely and reliable access to and use of information.
** Ensuring timely and reliable access to and use of information
 
== 3단계 보안성 ==
{| class="wikitable"
|-
! 구분 !! 낮음(Low) !! 중간(Moderate) !! 높음(High)
|-
| 기밀성
|| The unauthorized disclosure of information could be expected to have a '''limited''' adverse effect on organizational operations, organizational assets, or individuals.
|| The unauthorized disclosure of information could be expected to have a '''serious''' adverse effect on organizational operations, organizational assets, or individuals. 
|| The unauthorized disclosure of information could be expected to have a '''severe or catastrophic''' adverse effect on organizational operations, organizational assets, or individuals.
|-
| 무결성
|| The unauthorized modification or destruction of information could be expected to have a '''limited''' adverse effect on organizational operations, organizational assets, or individuals. 
|| The unauthorized modification or destruction of information could be expected to have a '''serious''' adverse effect on organizational operations, organizational assets, or individuals. 
|| The unauthorized modification or destruction of information could be expected to have a '''severe or catastrophic''' adverse effect on organizational operations, organizational assets, or individuals.
|-
| 가용성
|| The disruption of access to or use of information or an information system could be expected to have a '''limited''' adverse effect on organizational operations, organizational assets, or individuals.
|| The disruption of access to or use of information or an information system could be expected to have a '''serious''' adverse effect on organizational operations, organizational assets, or individuals.
|| The disruption of access to or use of information or an information system could be expected to have a '''severe or catastrophic''' adverse effect on organizational operations, organizational assets, or individuals.
|}

Latest revision as of 13:34, 30 October 2019

보안의 CIA 개념을 설명하는 NIST의 미국 공식 표준 문서

공식적 정의[edit | edit source]

  • 기밀성(Confidentiality)
    • Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information
  • 무결성(Integrity)
    • Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
  • 가용성(Integrity)
    • Ensuring timely and reliable access to and use of information

3단계 보안성[edit | edit source]

구분 낮음(Low) 중간(Moderate) 높음(High)
기밀성 The unauthorized disclosure of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. The unauthorized disclosure of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
무결성 The unauthorized modification or destruction of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. The unauthorized modification or destruction of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. The unauthorized modification or destruction of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
가용성 The disruption of access to or use of information or an information system could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. The disruption of access to or use of information or an information system could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. The disruption of access to or use of information or an information system could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.