FIPS 199
IT 위키
공식적 정의[편집 | 원본 편집]
- 기밀성(Confidentiality)
- Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information
- 무결성(Integrity)
- Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
- 가용성(Integrity)
- Ensuring timely and reliable access to and use of information
3단계 보안성[편집 | 원본 편집]
구분 | 낮음(Low) | 중간(Moderate) | 높음(High) |
---|---|---|---|
기밀성 | The unauthorized disclosure of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized disclosure of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
무결성 | The unauthorized modification or destruction of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized modification or destruction of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized modification or destruction of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
가용성 | The disruption of access to or use of information or an information system could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The disruption of access to or use of information or an information system could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The disruption of access to or use of information or an information system could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |