Step 2: Select Provisional Impact Levels

In Step 2, organizations should establish provisional impact levels based on the identified information types in Step 1. The provisional impact levels are the original impact levels assigned to the confidentiality, integrity, and availability security objectives of an information type before any adjustments are made.  Also in this step, the initial security categorization for the information type is established and documented.

Mission-Based Information Types

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Management and Support Information Types

Service Delivery Support Information

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Government Resource Management