U.S. Department of Health and Human Services
According to FIPS 200 a High Watermark is the potential impact values assigned to the respective security objectives are the highest values (i.e., high watermark) from among the security categories that have been determined for each type of information resident on those information systems. For example, when a system has two moderate risk applications and one high risk application residing on it, the overall impact rating would be high.
The high water mark concept is employed because there are significant dependencies among the security objectives of confidentiality, integrity, and availability. In most cases, a compromise in one security objective ultimately affects the other security objectives as well.
Page 3 of 3
High Water Mark