Type of Data Involved with this Technology
Please refer to the following risk level definitions to access the level of risk associated with the data included in this solution, then respond to the appropriate questions according to the risk level assigned to your product.
None - No cybersecurity review is required – no systems, products, services and/or USG information or data assets are being exchanged or made available by the supplier as part of the contract.
Low - No USG data is shared with a supplier. Suppliers must be required to protect the availability of a non-mission-critical system(s), product(s), or service(s) under contract.
Moderate - Moderate risk USG data is shared with a supplier. Suppliers must be required to protect the availability and integrity of the USG data assets being shared, but any data systems, data products, or data services provided are non-mission-critical. Examples of moderate risk data include but are not limited to publicly available information, directory information, and/or non-confidential information.
High - High risk USG data is shared with a supplier. Suppliers must be required to protect the availability, integrity, and confidentiality of the USG data assets being shared and/or the mission-critical systems, products, or services under contract. Examples of high-risk data include but are not limited to personally identifiable information (“PII”) such as date of birth, social security number, and names of minor children; health information as defined by either HIPAA or FERPA; financial information (credit card numbers, bank account numbers), and other confidential information such as student records as defined by FERPA, etc.