U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

security impact analysis

Abbreviation(s) and Synonym(s):

SIA

Definition(s):

  The analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system.
Source(s):
CNSSI 4009-2015 from NIST SP 800-37 Rev. 1
NIST SP 800-137 under Security Impact Analysis from NIST SP 800-53
NIST SP 800-30 Rev. 1 under Security Impact Analysis from NIST SP 800-37
NIST SP 800-37 Rev. 1 under Security Impact Analysis
NIST SP 800-39 under Security Impact Analysis from NIST SP 800-37
NIST SP 800-53 Rev. 4 under Security Impact Analysis from CNSSI 4009
NIST SP 800-53A Rev. 4 under Security Impact Analysis from NIST SP 800-37

  The analysis conducted by an organizational official to determine the extent to which a change to the information system have affected the security state of the system.
Source(s):
NIST SP 800-128 from CNSSI 4009-2015 - Adapted

  The analysis conducted by an organizational official to determine the extent to which a change to the information system has or may have affected the security posture of the system.
Source(s):
NIST SP 800-128 under Security Impact Analysis from CNSSI 4009 - Adapted

  The analysis conducted by an agency official, often during the continuous monitoring phase of the security certification and accreditation process, to determine the extent to which changes to the information system have affected the security posture of the system.
Source(s):
NIST SP 800-18 Rev. 1 under Security Impact Analysis from NIST SP 800-37

  The analysis conducted by qualified staff within an organization to determine the extent to which changes to the system affect the security posture of the system.
Source(s):
NIST SP 800-53 Rev. 5 from NIST SP 800-128