Potential Impact of security breaches

FIPS 199 defines three levels of potential impact on organisations / individuals should there be a breach of security. These three levels are Low, Moderate, and High.

The assurance level of a system is directly tied into its potential impact, i.e. the potential impact of a breach in a system should be lower in conjunction with the assurance level. The lower assurance levels are more likely to break, and therefore should be linked to systems which have less potential impact. Systems with higher assurance levels should be used for more critical systems.