The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.
High Impact: The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic impact on the mission or core services of the entity, meaning, for example: priority services cannot be delivered; major damage to assets or financial loss will occur; or the imminent threat of loss of life or serious life-threatening injuries exists.
Moderate Impact: The loss of confidentiality, integrity, or availability could be expected to have a serious adverse impact on the mission, core services and/or supporting services of the entity, meaning, for example: significant degradation in service delivery is expected; significant damage to assets or financial loss will occur; or the potential for non-life-threatening injuries exists.
Low Impact: The loss of confidentiality, integrity, or availability could be expected to have a limited adverse impact on the services of the entity, meaning, for example: limited degradation in service delivery impacting efficiency or effectiveness; minor damage to assets or limited financial loss; or minor harm to individuals.