According to the Committee on National Security Systems Instruction No. 4009 (CNSSI-4009), confidentiality is “The property that information is not disclosed to system entities (users, processes, devices) unless they have been authorized to access the information.” In other words, information must be viewed, used, or copied only by individuals who have the proper level of access as well as a legitimate need to access the information. A confidentiality breach occurs when an unauthorized individual gains access to sensitive information.

If someone watched over your shoulder while you were entering your automated teller machine (ATM) PIN, a confidentiality breach occurred. Confidentiality breaches can also happen when hardware containing sensitive information is lost or stolen. Any time an unauthorized user can access confidential information, a breach has occurred.

Confidentiality is maintained through proper use of access controls such as limiting access to information to a need-to-know basis and properly assigning security levels to information.

CNSSI-4009 defines integrity as “The property whereby an entity has not been modified in an unauthorized manner.” Data integrity refers to the principle that information cannot be changed, created, or deleted without proper authorization; however, integrity in the C-I-A triad goes beyond that. It is also the requirement that the path on which the information travels and the location where it rests are also secure.

Information integrity refers to the ability to trust that the information received is the same as the information originally created. It is also the ability to trust that a document stored in multiple locations contains the exact same information.

Data integrity isn’t just concerned with information security. Accidental data loss and data corruption through transmission are also major causes of integrity failure. Coping with accidental loss and corruption is one of the areas where IA moves beyond information security into information verification.

CNSSI-4009 defines availability as “The property of being accessible and useable upon demand by an authorized entity.” In other words, information is accessible when it is needed. This requires that the network and systems used to store the information are working correctly. Availability can be compromised by accidents and system failure as well as malicious attacks. A hard drive or network card failure can cause a breach of availability, as can denial of service (DoS) attacks.

CNSSI-4009 defines authentication as “The process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data.” This entails knowing that those who access the information are who they say they are. Authentication can be achieved through the three tests of what you know, what you have, and what you are. An example of an authentication breach is if an unauthorized user accesses a system using an authorized username and password obtained through illegitimate means.

Nonrepudiation is defined in CNSSI-4009 as “Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information.” With this concept, both the sender and the receiver are accountable for the information. To implement nonrepudiation, there must be a way for the sender to verify that the receiver got the information and for the receiver to verify the sender’s identity. With nonrepudiation in place, neither side can deny actions they took on the data.

A good example of nonrepudiation can be seen in a banking wire transfer. When a wire transfer is sent, the sender verifies its credentials with the Federal Reserve Bank. The Federal Reserve then moves the wire transfer to the receiver. The recipient of the wire verifies receipt of the transfer, and the amount received, back to the sender. This way, the banking system can mitigate the risk of fraud.

Since their creation in 2001, the five pillars of IA have become the standard IA framework for U.S. governmental organizations. Inside the government, these pillars are utilized based on sensitivity, threat, and other risk management decisions. They form the core of any governmental IA operation.

Possession or control is related to confidentiality. It is the concept that control of the information can be breached without a confidentiality breach. For example, suppose a flash drive containing the master copy of sensitive data is lost. The possession of those data is now breached, but until they are accessed, they are still confidential. The basis of control is preventing contact with confidential information by unauthorized users. This idea also covers unauthorized copying of or use of intellectual property. An example of a breach of possession is the piracy of copyrighted music files.

Authenticity is the appropriateness of the labeling of information. Does the information correspond correctly to its intended meaning? The idea behind this element is to avoid garbled data and fraud. A breach may be caused by an incorrect address in an email database.

Utility describes the usefulness of data. Information that is stored in an obsolete format that can no longer be read would be a breach of utility. Encrypted information with a lost encryption key is also an example of a utility breach.

The hexad and the five pillars of IA both expand upon the C-I-A model. It is important to remember that these are just frameworks or guidelines. Even the C-I-A model, which is the simplest of the three, is a useful guideline for IA. These frameworks give an organization a starting point for developing a robust IA infrastructure. These models are not to be taken literally but used as a tool to craft your own organization’s IA policies and procedures.