The intent of this hazard appraisal is to measure the adequateness of the System Name and Acronym security. This hazard appraisal provides a structured qualitative appraisal of the operational environment. It addresses sensitiveness, menaces, exposures, hazards and precautions. The assessment recommends cost-efficient precautions to extenuate menaces and associated exploitable exposures.
The range of this hazard appraisal assessed the system ‘s usage of resources and controls ( implemented or planned ) to extinguish and/or manage exposures exploitable by menaces internal and external to the Centers for Disease Control and Prevention ( CDC ) . If exploited, these exposures could ensue in:
Unauthorized revelation of informations
Unauthorized alteration to the system, its informations, or both
Denial of service, entree to informations, or both to authorized users
This Risk Assessment Report evaluates the confidentiality ( protection from unauthorised revelation of system and informations information ) , unity ( protection from improper alteration of information ) , and handiness ( loss of system entree ) of the system. Recommended security precautions will let direction to do determinations about security-related enterprises.
The & lt ; System Name & gt ; mission is to aˆ¦
RISK ASSESSMENT APPROACH
This hazard appraisal methodological analysis and attack was conducted utilizing the guidelines in NIST SP 800-30, Risk Management Guide for Information Technology Systems. The appraisal is wide in range and evaluates security exposures impacting confidentiality, unity, and handiness. The assessment recommends appropriate security precautions, allowing direction to do knowledge-based determinations about security-related enterprises. The methodological analysis addresses the undermentioned types of controls:
Management Controls: Management of the information engineering ( IT ) security system and the direction and credence of hazard
Operational Controls: Security methods concentrating on mechanisms implemented and executed chiefly by people ( as opposed to systems ) , including all facets of physical security, media precautions, and stock list controls
Technical Controls: Hardware and package controls supplying automated protection to the system or applications ( Technical controls operate within the proficient system and applications. )
Risk Assessment Process
This subdivision inside informations the hazard appraisal procedure performed during this attempt. The procedure is divided into pre-assessment, assessment, and post-assessment stages.
Phase I – Pre-Assessment
Measure 1: Specify the Nature of the Risk Assessment
This initial hazard appraisal provides an independent reappraisal to assist CDC find the appropriate degree of security required for the system to back up the development of a System Security Plan for & lt ; System Name & gt ; . The reappraisal besides provides the information required for the Chief Information Security Officer ( CISO ) and Designated Approving Authority ( DAA ( besides known as the Authorizing Official ) ) to do an informed determination about authorising the system to run. The hazard appraisal is based on interviews, certification and, as necessary, some automated proficient reappraisal.
Measure 2: Datas Collection
The informations aggregation stage included identifying and questioning cardinal forces within the organisation and carry oning document reappraisals. Interviews focused on the operating environment. Document reviews provided the hazard appraisal squad with the footing on which to measure conformity with policy and process.
Measure 3: Templates
The undermentioned templets were used by the hazard appraisal squad and are included in the appendices:
NIST SP 800-53, Revision 2, Security Baseline Worksheet: Completed by the analysts utilizing information extracted from questionnaires and interviews.
Hazard Calculation Worksheet: Converts the natural exposures into hazards based on the undermentioned methodological analysis:
Pairing with menace vectors
Measuring the chance of happening and possible impact
Determining e-authentication EAAL menace vectors
Hazard Mitigation Worksheet: Lists the hazards and the associated recommended controls to extenuate these hazards for the Business Steward to reexamine. The Business Steward is responsible for officially accepting each recommended control or rejecting it and supplying an alternate. For each rejected recommendation, the CDC Business Steward must observe that the hazard is to be accepted as residuary hazard. The Certification Agent ( CA ) ( for the CDC this is the CDC CISO ) will, at the same clip or shortly thenceforth, measure the Business Steward ‘s choices and hold to each ( e.g. , accepting the hazards and chosen recommended controls ) or will negociate an alternate extenuation, while reserving the right to overrule the Business Steward ‘s determination and integrate the proposed recommended control into the Plan of Action and Milestones ( POA & A ; M ) .
Phase II – Appraisal
Measure 1: Document Reappraisal
The assessment stage began with the reappraisal of paperss provided by the members of the CDC & lt ; System Name & gt ; system squad. Detailed interviews with members of the CDC & lt ; System Name & gt ; system squad allowed completion of the system questionnaire and designation of specific menaces inadequately identified in the Enterprise Threat Statement.
Measure 2: System Word picture
In this measure, the analyst defined the boundaries of the IT system, along with the resources that constitute the system, its connectivity, and any other elements necessary to depict the system. Dependences were clarified. Sensitivity of the system and information was discussed in the concluding subdivision of the word picture.
Measure 3: Menace Designation
The hazard appraisal squad used the CDC Enterprise Threat Statement and the NIST SP 800-30 as a footing for menace designation. Through the interview procedure, it besides identified “ most likely ” system and location-specific menaces.
Measure 4: Vulnerability Designation
In this measure, the hazard appraisal squad developed a list of system exposures ( defects or failings ) that could be exploited by the possible menace vectors. The NIST SP 800-53, Revision 2, Security Baseline Worksheet ( Appendix B of the Risk Assessment Report ) paperss exposures extracted from interviews and paperss, and lists them by class.
Measure 5: Hazard Determination ( Calculation/Valuation )
In this measure, the hazard appraisal squad determined the grade of hazard to the system. In some instances, a series of exposures combined to make the hazard. In other instances, a individual exposure created the hazard. The finding of hazard for a peculiar menace beginning was expressed as a map of the followers:
Likelihood Determination: The following government factors were considered when ciphering the likeliness of the chance that a possible exposure might be exploited in the context of the associated menace environment:
Threat beginning motive and capableness
Nature of the exposure
Being and effectivity of current controls
The following tabular array defines the likeliness findings.
Table ( ? ) . Likelihood Definition
The menace beginning is extremely motivated and sufficiently capable, and controls to forestall the exposure from being exercised are uneffective.
The menace beginning is motivated and capable, but controls are in topographic point that may hinder successful exercising of the exposure.
The menace beginning lacks motive or capableness, or controls are in topographic point to forestall, or at least significantly impede, the exposure from being exercised.
Impact Analysis: The following major measure in mensurating degree of hazard was to find the inauspicious impact ensuing from successful development of a exposure. The inauspicious impact of a security event can be described in footings of loss or debasement of any, or a combination of any, of the undermentioned three security ends:
Loss of Confidentiality – Impact of unauthorised revelation of sensitive information ( e.g. , Privacy Act ) .
Loss of Integrity – Impact if system or informations unity is lost by unauthorised alterations to the informations or system.
Loss of Availability – Impact to system functionality and operational effectivity.
Table ( ? ) . Impact Definition
Magnitude of Impact
Exercise of the exposure ( 1 ) may ensue in the extremely dearly-won loss of major touchable assets or resources ; ( 2 ) may significantly go against, injury, or hinder an organisations mission, repute, or involvement ; or ( 3 ) may ensue in human decease or serious hurt.
Exercise of the exposure ( 1 ) may ensue in the dearly-won loss of touchable assets or resources ; ( 2 ) may go against, injury or impeded an organisation ‘s mission, repute, or involvement ; or ( 3 ) may ensue in human hurt.
Exercise of the exposure ( 1 ) may ensue in the loss of some touchable assets or resources ; ( 2 ) may perceptibly impact an organisation ‘s mission, repute, or involvement.
Hazard Determination: The following were used to measure the degree of hazard to the IT system:
The likeliness of a given menace beginning ‘s trying to exert a given exposure.
The magnitude of the impact should a threat-source successfully exercise the exposure.
The adequateness of planned or bing security controls for cut downing or extinguishing hazard.
The undermentioned tabular array provides a definition for the hazard degrees. These degrees represent the grade or degree of hazard to which an IT system, installation, or process might be exposed if a given exposure were exercised.
Table ( ? ) . Risk Level Definition
Magnitude of Impact
Risk Level Definition
There is a strong demand for disciplinary steps. An bing system may go on to run, but a disciplinary action program must be put in topographic point every bit shortly as possible.
Corrective actions are needed and a program must be developed to integrate these actions within a sensible period of clip.
The system ‘s Authorizing Official must find whether disciplinary actions are still required or make up one’s mind to accept the hazard.
Measure 6: Hazard Mitigation Recommendations
During this measure of the procedure, controls that could extenuate or extinguish the identified hazards, as appropriate to the organisation ‘s operations, were provided. The end of the recommended controls is to cut down the degree of hazard to the IT system and its informations to an acceptable degree. The hazard appraisal squad considered the undermentioned factors when urging controls and alternate solutions to minimise or extinguish identified hazards:
Sensitivity of the informations and the system
Effectiveness of recommended options
Legislation and ordinances
Safety and dependability
The recommendations were the consequences of the hazard appraisal procedure, and supply a footing by which the CISO and Authorizing Official can measure and prioritise controls. The Business Steward will work with the CISO to negociate the execution of the recommended controls. At this point, the System Steward can negociate with the CISO to accept the recommendations for hazard extenuation, provide alternate suggestions, or reject the recommendations and accept the hazard as residuary hazard. Their joint determination will organize the footing of the POA & A ; M.
Phase III – Post Appraisal
Measure 1: Hazard Extenuation
The completed POA & A ; M is the merchandise from the readying of the Risk Mitigation Worksheet and specific remedial recommendations to extenuate hazard. Because the riddance of all hazard is normally impractical, senior direction and concern stewards should measure control recommendations, find the acceptable degree of residuary hazard, and implement those extenuations with the most appropriate, effectual, and highest payback.
Measure 2: Ongoing Monitoring
The agreed-upon mileposts to extenuate the hazards are reportable to the Office of Management and Budget ( OMB ) and the POA & A ; M is the coverage vehicle. The POA & A ; M will be used by the CISO to supervise the successful completion of the mileposts.
System Stewards and Designated Approving Authority
The & lt ; System Name & gt ; system became operational in January 2002 after being renamed from Acquisition Management Automation System ( AMAS ) . It is continuously updated and is soon maintained by System Stewards ( Table? ) in both the Management Information Systems Branch ( MISB ) and Procurement Grants Office ( PGO ) .
The followers is contact information for & lt ; System Name & gt ; System Stewards and DAA.
Table? . System Stewards and Designated Approving Authority ( DAA )
The & lt ; System Name & gt ; system maintains information on the CDC ‘s contracts, commands for services, procurance, and offer award informations. Offering information from contractors is unbroken private until a contract is awarded.
The & lt ; System Name & gt ; system is a client/server bundle that enables processing of both big contracts and simplified acquisition procurances ( SAP ) . This Government Off-the-Shelf ( GOTS ) package bundle has replaced the Small Purchases Processing System ( SPPS ) and the Automated Receiving System ( ARS ) .
The system was originally developed for the Department of Defense, but was customized for CDC by the BayTech Consulting Group of Annapolis, MD, between 1998 and 2003. Currently, CDC has a contract with DB Consulting Group on site at PGO for farther development and care of the system as its full functionality is realized. The original system name, AMAS, was changed to & lt ; System Name & gt ; to reflect functionality added for CDC.
& lt ; System Name & gt ; is a base entirely system that has no current real-time interfaces. & lt ; System Name & gt ; has the undermentioned batch interfaces:
[ Example: The & lt ; System Name & gt ; system environment is a client/server environment dwelling of a Microsoft ( MS ) Structured Query Language ( SQL ) database built with PowerBuilder programming codification. & lt ; System Name & gt ; contains production informations files, application codification, and executables. The production informations files, dwelling of stored processs and tabular arraies, reside on a Clarion storage country web ( SAN ) attached to a Dell waiter running on Windows 2000 and MS SQL 2000 runing systems. The application codification resides on a different Dell waiter running on Windows 2000. Both waiters are housed in the Building 16 Data Center at the CDC Clifton Road campus in Atlanta, GA. The & lt ; System Name & gt ; executables reside on a fileserver running Windows 2000 or a local workstation depending upon the location and occupation functionality.
Users are physically located in multiple locations ( multiple campuses in Atlanta, Cincinnati, Pittsburgh, Morgantown, Ft. Collins, Denver, Anchorage, Research Triangle Park, and San Juan ) . Their desktop computing machines are physically connected to a broad country web ( WAN ) . Some users connect via secured dial-up/DSL connexion utilizing a Citrix waiter. Normally, a user connects to an application waiter in their metropolis that hosts the & lt ; System Name & gt ; application, and to the shared database waiter located in Atlanta. All CIOs throughout CDC/ATSDR are users of & lt ; System Name & gt ; ] .
Insert system diagram ( s )
Figure 1. & lt ; System Name & gt ; Diagram
Table? lists host word picture constituents for the & lt ; System Name & gt ; production system.
Table? . & lt ; System Name & gt ; Host Characterization Components
MS Windows 2000 Server
[ Example: The primary & lt ; System Name & gt ; users are clients in PGO ; nevertheless, & lt ; System Name & gt ; clients besides include the CDC Centers, Offices, and Chief Information Officers ( CIOs ) . The & lt ; System Name & gt ; system users are listed in Table? ; inside informations include the & lt ; System Name & gt ; system user ‘s name ( rubric ) , description and duties, and the stakeholders that represent each user ‘s involvement in the system ] .
Table? . & lt ; System Name & gt ; System Users
Access Level Read / Write/Full
Number ( Estimate )
List specific dependences
Beyond these dependences, a set of common dependences was defined to enable boundary definition. A dependence is a telecommunication or information engineering interconnectedness or resource on which the system under reappraisal relies for processing, conveyance, or storage. The relationship between the system in inquiry and the dependences can straight impact the confidentiality, unity, or handiness of the system or its informations. Whenever a system has a dependence, the system inherits the intrinsic hazards of the dependent plus. The undermentioned CDC information engineering resources can be considered dependences:
CDC Enterprise Policies
CDC Enterprise Mid-Tier Data Center
CDC Network Infrastructures:
Center or Information Technology Services Office ( ITSO ) Local Area Networks
Atlanta Metropolitan Area Network
CDC Wide Area Network
CDC Enterprise Security Services:
CDC Border Firewall
CDC Border Router Access Control Lists
Network-Based Intrusion Detection Systems
E-Mail Gateway Virus Scanning and Attachment Removal
RSA SecurID Authentication System
Technical Vulnerability Scanning Service ( Most Normally Used for Hosts Deployed to the DMZ )
CDC Computer Room Staff, Physical, and Environmental Controls
CDC Exchange Services:
Enterprise E-Mail Gateway Infrastructure with Gateway Virus Protection
ITSO or Center Managed Local E-Mail Stores with Server Virus Protection
Remote Access Web Mail Services with RSA SecurID Authentication
CDC Enterprise Continuity of Operations and Disaster Recovery Planning
CDC Enterprise Mainframe
CDC Enterprise Windows Domain/Active Directory Environment
Supported Programs and Applications
The following systems depend on & lt ; System Name & gt ; to execute or carry through their map:
This subdivision provides a description of the types of information handled by & lt ; System Name & gt ; and an analysis of the sensitiveness of the information. The sensitiveness of the information stored within, processed by or transmitted by & lt ; System Name & gt ; provides a footing for the value of the system and is one of the major factors in hazard direction.
FIPS 199 establishes three possible impact degrees ( Low, Moderate, High ) for each of the security aims ( confidentiality, unity, and handiness ) . The impact degrees focus on the possible impact and magnitude of injury that the loss of confidentiality, unity, or handiness ( C/I/A ) would hold on CDC ‘s operations, assets, or persons. FIPS 199 recognizes that an information system may incorporate more than one type of information ( e.g. , privateness information, medical information, fiscal information ) , each of which is capable to security classification. Section 3.8.1 discusses the security categorization/ information type ( s ) for & lt ; System Name & gt ; .
Security Categorization/Information Type ( s )
The security class of an information system that processes, shops, or transmits multiple types of information should be at least the highest impact degree that has been determined for each type of information for each security aim of C/I/A. The following table depicts the security category/information type for & lt ; System Name & gt ; as identified in the & lt ; System Name & gt ; Risk Assessment Report.
Table ( ? ) . & lt ; System Name & gt ; Information Type
NIST SP 800-60 Reference
Note: If C/I/A evaluations differ from NIST SP 800-60, supply justification and obtain blessing from OCISO.
The undermentioned tabular array provides the definitions for C/I/A evaluations for & lt ; System Name & gt ; .
Table ( ? ) . Confidentiality, Integrity, and Availability Defined
Continuing authorized limitations on information entree and revelation, including agencies for protection personal privateness and proprietary information
[ 44 USC, SEC. 3542 ]
The unauthorised revelation of information could be expected to hold a limited inauspicious consequence on organisational operations, organisational assets, or persons.
The unauthorised revelation of information could be expected to hold a serious inauspicious consequence on organisational operations, organisational assets, or persons.
The unauthorised revelation of information could be expected to hold a terrible or ruinous inauspicious consequence on organisational operations, organisational assets, or persons.
Guarding against improper information alteration or devastation, and includes guaranting information non-repudiation and genuineness.
[ 44 USC, SEC. 3542 ]
The alteration or devastation of information could be expected to hold a limited inauspicious consequence on organisational operations, organisational assets, or persons.
The alteration or devastation of information could be expected to hold a serious inauspicious consequence on organisational operations, organisational assets, or persons.
The alteration or devastation of information could be expected to hold a terrible or ruinous inauspicious consequence on organisational operations, organisational assets, or persons.
Guaranting seasonably and dependable entree to and utilize of information.
[ 44 USC, SEC. 3542 ]
The break of entree to or utilize of information or an information system could be expected to hold a limited inauspicious consequence on organisational operations, organisational assets, or persons.
The break of entree to or utilize of information or an information system could be expected to hold a serious inauspicious consequence on organisational operations, organisational assets, or persons.
The break of entree to or utilize of information or an information system could be expected to hold a terrible or ruinous inauspicious consequence on organisational operations, organisational assets, or persons.
The sensitiveness appellation of information processed by & lt ; System Name & gt ; is ( High, Moderate, Low ) . This ( High, Moderate, Low ) appellation is based upon the C/I/A appellation of the information type for & lt ; System Name & gt ; .
Both information and information systems have distinguishable life rhythms. It is of import that the grade of sensitiveness of information be assessed by sing the demands for the C/I/A of the information: the demand for system informations to be kept confidential ; the demand for the informations processed by the system to be accurate, and the demand for the system to be available. Confidentiality focuses on the impact of revelation of system informations to unauthorised forces. Integrity addresses the impact that could be expected should system informations be modified or destroyed. Availability relates to the impact to the organisation should utilize of the system be denied.
Protection Requirement Findings[ 1 ]
Confidentiality: [ Example: & lt ; System Name & gt ; contains sensitive information that could place a study participant. This information requires protection from unauthorised revelation. If information contained in & lt ; System Name & gt ; were released to the populace it could ensue in a loss of public assurance in the study, affect engagement, and do a great trade of embarrassment to the CDC ] . Therefore, the unauthorised revelation of & lt ; System Name & gt ; information could be expected to hold a ( limited, serious, or severe ) inauspicious consequence on organisational operations, organisational assets, or persons and the information and protection steps are rated as ( Low, Moderate, High ) .
Integrity: [ Example: & lt ; System Name & gt ; collects and processes wellness and nutritionary information yearly from a representative sample of the U. S. population. Because public wellness tendencies and policies depend on the truth of the informations collected, unauthorised and unforeseen alteration would earnestly cut down the truth of the study consequences ] . Therefore, the unauthorised alteration of & lt ; System Name & gt ; information could be expected to hold a ( limited, serious, or severe ) inauspicious consequence on organisational operations, organisational assets, or persons and the information and protection steps are rated as ( Low, Moderate, High ) .
Handiness: [ Example: If & lt ; System Name & gt ; were unavailable for even a short period of clip, it would hold an immediate impact and would impact the efficiency with which & lt ; System Name & gt ; typically operates ] . Therefore, the inaccessibility of & lt ; System Name & gt ; information could be expected to hold a ( limited, serious, or severe ) inauspicious consequence on organisational operations, organisational assets, or persons and the information and protection steps are rated as ( Low, Moderate, High ) .
NIST SP 800-30 describes the designation of the menace, the menace beginning and menace action for usage in the appraisal procedure. The followers is a definition for each:
Threat – The potency for a peculiar threat-source to successfully exert a peculiar exposure. ( Vulnerability is a failing that can be by chance triggered or deliberately exploited )
Threat Source – Any circumstance or event with the possible to do injury to an IT system. The common menace beginnings can be natural, human or environmental.
Threat Action – The method by which an onslaught might be carried out ( e.g. , choping, system invasion ) .
Enterprise Threat Vector
Acts of Nature. Earthquakes, rain, air current, ice, etc. , that threaten installations, systems, forces, public-service corporations, and physical operations.
Hazardous Conditions. Fire, chemical and atomic spills, biological events, structural instability, etc. , that threaten installations, systems, forces, and operations. May be the consequence of natural events, environmental control failures, human mistakes, and/or violent Acts of the Apostless.
Dependence Failures. Failure of a system or service outside the direct control of the system proprietors that harms the system and/or affects its ability to execute. Besides includes system worker expiration and reassignment actions. Examples include public-service corporation failures, downstream processing failures, system decision maker or capable affair expert occupation expiration, or the failure of a service or control owned by another portion of the organisation.
System and Environmental Failures. Failure of a computing machine, device, application, communicating service, or environmental or protective control that disrupts, injuries, or exposes the system to harm. Examples include system hardware failures, environmental control failures, and package or informations corruptness.
Violent Acts of Man. Physical onslaught or menace of onslaught on a national, regional, or local degree that straight impacts the system and/or its forces or that consequences in indirect injury or dependence failure.
Mistakes and Omissions. Accidental or unadvised actions taken by forces ( typically insiders ) that consequence in unintended physical harm, system break, and/or exposure.
Insider Attack. Actions taken by insiders to harm the organisation and its forces, systems, and/or informations and/or that of other parties. Examples include system via media, escalation of privileges, electronic eavesdropping, watchword guesswork, denial of service, and societal technology.
Insider Abuse and Unauthorized Acts. Unauthorized, illegal, or inappropriate insider Acts of the Apostless that cause break and/or injury. Although these actions are knowing, computing resources are typically the vehicle used to perpetrate the act instead than its mark. Examples include sharing or distribution of copyrighted stuff, invasion of privateness, geographic expedition of unauthorised computing machine systems, usage of calculating resources to hassle others, and neglect for security controls.
External Attack. Actions taken by outside parties seeking to harm the organisation, its forces, systems, and/or informations and/or that of other parties. Examples include system via media, informations and history harvest home, disfigurement, computing machine offense, watchword guesswork, denial of service, and societal technology.
Autonomous Systems and Malicious Code. Automated actions taken by plan codification or systems that result in injury to the organisation, its systems, and/or its informations and/or that of other parties. Examples include viruses, worms, and unreal intelligence control or response systems.
Physical Intrusion and/or Theft. Facility via media and/or larceny of physical resources ( informations, hardcopy end product, laptops, systems, entree items, watchwords, etc. ) that could straight or indirectly result in injury to the organisation or the system.
Legal and Administrative Actions. Actions taken by jurisprudence enforcement, regulative, administrative, and/or other parties as a consequence of illegal Acts of the Apostless and failures in due diligence and/or due attention, or in seeking recompense for amendss incurred by others. Examples include regulative punishments, condemnable and civil proceeding.
NIST SP 800-63 describes the classs of injury and impact as:
Inconvenience, hurt, or harm to standing or repute
Fiscal loss or bureau liability
Injury to bureau plans or public involvements
Unauthorized release of sensitive information
Civil or condemnable misdemeanors
Required confidence degrees for electronic minutess are determined by measuring the possible impact of each of the above classs utilizing the possible impact values described in FIPS 199, “ Standards for Security Categorization of Federal Information and Information Systems. ” The three possible impact values are:
The following subdivision defines the possible impacts for each class. Note: If hallmark mistakes cause no mensurable effects for a class, there is “ no ” impact.
Determining Potential Impact of Authentication Mistakes
Potential Impact of Inconvenience, Distress, or Damage to Standing or Repute:
Low-at worst, limited, short-run incommodiousness, hurt or embarrassment to any party.
Moderate-at worst, serious short term or limited long-run incommodiousness, hurt or harm to the standing or repute of any party.
High-severe or serious long-run incommodiousness, hurt or harm to the standing or repute of any party ( normally reserved for state of affairss with peculiarly terrible effects or which affect many persons ) .
Potential Impact of Financial Loss
Low-at worst, an insignificant or inconsequential irrecoverable fiscal loss to any party, or at worst, an insignificant or inconsequential bureau liability.
Moderate-at worst, a serious irrecoverable fiscal loss to any party, or a serious bureau liability.
High-severe or ruinous irrecoverable fiscal loss to any party ; or severe or ruinous bureau liability.
Potential Impact of Harm to Agency Programs or Public Interests
Low-at worst, a limited inauspicious consequence on organisational operations or assets, or public involvements. Examples of limited inauspicious effects are: ( I ) mission capableness debasement to the extent and continuance that the organisation is able to execute its primary maps with perceptibly reduced effectivity, or ( two ) minor harm to organisational assets or public involvements.
Moderate-at worst, a serious inauspicious consequence on organisational operations or assets, or public involvements. Examples of serious inauspicious effects are: ( I ) important mission capableness debasement to the extent and continuance that the organisation is able to execute its primary maps with significantly reduced effectivity ; or ( two ) important harm to organisational assets or public involvements.
High-a terrible or ruinous inauspicious consequence on organisational operations or assets, or public involvements. Examples of terrible or ruinous effects are: ( I ) terrible mission capableness debasement or loss of to the extent and continuance that the organisation is unable to execute one or more of its primary maps ; or ( two ) major harm to organisational assets or public involvements.
Potential impact of Unauthorized Release of Sensitive Information
Low-at worst, a limited release of personal, U.S. authorities medium or commercially sensitive information to unauthorised parties ensuing in a loss of confidentiality with a low impact as defined in FIPS PUB 199.
Moderate-at worst, a release of personal, U.S. authorities medium or commercially sensitive information to unauthorised parties ensuing in loss of confidentiality with a moderate impact as defined in FIPS PUB 199.
High – a release of personal, U.S. authorities medium or commercially sensitive information to unauthorised parties ensuing in loss of confidentiality with a high impact as defined in FIPS PUB 199.
Potential impact to Personal Safety
Low-at worst, minor hurt non necessitating medical intervention.
Moderate-at worst, moderate hazard of minor hurt or limited hazard of hurt necessitating medical intervention.
High-a hazard of serious hurt or decease.
Potential Impact of Civil or Criminal Misdemeanors
Low-at worst, a hazard of civil or condemnable misdemeanors of a nature that would non normally be capable to enforcement attempts.
Moderate-at worst, a hazard of civil or condemnable misdemeanors that may be capable to enforcement attempts.
High-a hazard of civil or condemnable misdemeanors that are of particular importance to enforcement plans.
Transaction 1: [ Example ] VPN/Keyfob entree does non run into EAAL Level 4 ( NIST 800-63 ) demands.
Inconvenience, Distress, or Damage to Standing or Reputation
Injury to Agency Programs or Public Interests
Unauthorized Release of Sensitive Information
Civil or Criminal Misdemeanors
Overall Risk Degree
Transaction 2: [ Example ] Privileged-use entree.
Inconvenience, Distress, or Damage to Standing or Reputation
Injury to Agency Programs or Public Interests
Unauthorized Release of Sensitive Information
Civil or Criminal Misdemeanors
Overall Risk Degree
RISK ASSESSMENT / EAAL RESULTS
Vulnerability 1: ( Example – Terminated employees ‘ userID ‘s are non removed from the system )
Paired Threat ( s )
Recommended Precaution: ( Example – Remove employees ‘ userID ‘s from the system upon presentment of expiration. )
Paired Threat ( s )
Vulnerability 2: VPN/Keyfob entree does non run into EAAL Level 4 ( NIST SP 800-63 ) demands.
Paired Threat ( s )
Inconvenience, Distress or Damage to Standing or Reputation
Overall EAAL Evaluation
Recommended Precaution: Migrate all distant hallmark functions to CDC secure informations web ( SDN ) or to another mechanism approved by the OCISO.
The undermentioned tabular array provides an overview of the exposures and recommended precautions for & lt ; System Name & gt ; .
Table ( ? ) . & lt ; System Name & gt ; Risk Matrix
( High, Moderate, Low )
EAAL Transaction #
( 1,2,3,4 )
Implementing the recommended precautions will cut down the overall hazard exposure associated with the general exposures listed above to Low.
APPENDIX A Enterprise Threat Statement
APPENDIX B NIST SP 800-53, Revision 2, Security Baseline Worksheet
APPENDIX C Risk Calculation Worksheet
APPENDIX D Risk Mitigation Worksheet
( CUI )
( When Filled IN )