U.S. Department of Health and Human Services
Systems are evaluated by HHS management and assigned a level (low, moderate, high) representing the risk to HHS if security were to be breached. This level is based on risks to confidentiality, integrity, and availability of information.
Determining system characterization in this way gives an agency the ability to isolate the high impact systems which reduces the amount of resources required to secure less critical applications/systems. The objective is to be sure shared resources (i.e., networks, communications, and physical access within the whole general support system or major application) are protected adequately for the highest impact level. (NIST SP 800-18 Rev.1
Page 2 of 2
How to Determine Your System Boundaries