Confidentiality, Integrity, Availability (CIA) Triad Is Outdated

In 2017, ComplianceForge published the Confidentiality, Integrity, Availability & Safety (CIAS) replacement for the traditional Confidentiality, Integrity & Availability "CIA Triad" that served as the traditional function of cybersecurity. With embedded technologies (e.g., Internet of Things (IoT) and Operational Technology (OT)) and the rise of Artificial Intelligence (AI) and autonomous technologies (AAT), the lack of a safety component makes the CIA Triad insufficient to define the concept of what cybersecurity is meant to perform.

Protecting an organization's data and the systems that collect, process and maintain this data is of critical importance. Commensurate with risk, cybersecurity and privacy measures must be implemented to guard against unauthorized access to, alteration, disclosure or destruction of data and systems, applications and services. This also includes protection against accidental loss or destruction.

Confidentiality, Integrity, Availability & Safety (CIAS) Model

The security of systems, applications and services must include controls and safeguards to offset possible threats, as well as controls to ensure confidentiality, integrity, availability and safety:

CONFIDENTIALITY – This addresses preserving authorized restrictions on access and disclosure to authorized users and services, including means for protecting personal privacy and proprietary information.
INTEGRITY – This addresses protecting against improper modification or destruction, including ensuring non-repudiation and authenticity.
AVAILABILITY – This addresses timely, reliable access to data, systems and services for authorized users, services and processes.
SAFETY – This addresses reducing risk associated with technologies that could fail or be manipulated by nefarious actors to cause death, injury, illness, damage to or loss of equipment.

Confidentiality Integrity Availability Safety (CIAS) Model

Applying The CIAS Model To Risk Management

When you overlay real-world examples onto the CIAS model, it becomes clear how the CIAS model can help communicate cybersecurity and data protection requirements.

Confidentiality Integrity Availability Safety (CIAS) Examples

Browse Our Products

Policy, Standards, Controls & Metrics Template - DSP / SCF

Secure Controls Framework (SCF)

Secure Controls Framework (SCF) "Premium Content" - Expertise-Class Policies, Control Objectives, Standards, Guidelines, Controls & Metrics. Product Walkthrough Video When you click the image or the link below, it will direct you to a different...

$10,400.00 - $15,200.00

Choose Options
NIST 800-171 Compliance Program (NCP): CMMC Level 2

ComplianceForge - NIST 800-171 & CMMC

NIST 800-171 R2 & R3 / CMMC 2.0 Compliance Made Easier! The NCP is editable & affordable cybersecurity documentation to address your NIST 800-171 R2 / R3 and CMMC 2.0 Levels 1-2 compliance needs. When you click the image or the link below, it...

$8,950.00

$5,300.00 - $10,100.00

Choose Options

Governance Risk & Compliance (GRC) Content

Secure Controls Framework (SCF)

NIST 800-171 & CMMC - Where Do I Start?

NIST 800-171 & CMMC Compliance

Premium GRC Content (Importable Into A GRC)

Cybersecurity Policies, Standards & Procedures

Cybersecurity Supply Chain Risk Management

Privacy & Data Protection (GDPR, CCPA & more)

Risk Management Bundles

Editable Policies & Standards Templates

Editable Procedures Templates

Supply Chain Risk Management

NIST 800-171 Compliance

Risk Management

Data Protection (Privacy) & Secure Engineering

Vulnerability & Patch Management

Incident Response

PCI DSS Compliance

Subscriptions

Common Compliance Requirements

Alignment With Secure Practices

Free Guides

Cost Savings

US Federal Data Security Laws & Regulations

US State Data Security Laws & Regulations

International Data Security Laws & Regulations

Industries Served & Client References

Multiple Company Discount

Product Comparison: DSP vs CDPP

Confidentiality, Integrity, Availability (CIA) Triad Is Outdated

Confidentiality, Integrity, Availability & Safety (CIAS) Model

Applying The CIAS Model To Risk Management

Browse Our Products

Policy, Standards, Controls & Metrics Template - DSP / SCF

NIST 800-171 Compliance Program (NCP): CMMC Level 2

NIST 800-171 R3 ODPs

SCF Training & Certifications

GSA OASIS+ J-3 C-SCRM Deliverables

Your CMMC Requirements Guide