In 2017, ComplianceForge published the Confidentiality, Integrity, Availability & Safety (CIAS) replacement for the traditional Confidentiality, Integrity & Availability "CIA Triad" that served as the traditional function of cybersecurity. With embedded technologies (e.g., Internet of Things (IoT) and Operational Technology (OT)) and the rise of Artificial Intelligence (AI) and autonomous technologies (AAT), the lack of a safety component makes the CIA Triad insufficient to define the concept of what cybersecurity is meant to perform.

Protecting an organization's data and the systems that collect, process and maintain this data is of critical importance. Commensurate with risk, cybersecurity and privacy measures must be implemented to guard against unauthorized access to, alteration, disclosure or destruction of data and systems, applications and services. This also includes protection against accidental loss or destruction. The security of systems, applications and services must include controls and safeguards to offset possible threats, as well as controls to ensure confidentiality, integrity, availability and safety:

• CONFIDENTIALITY – This addresses preserving authorized restrictions on access and disclosure to authorized users and services, including means for protecting personal privacy and proprietary information.
• INTEGRITY – This addresses protecting against improper modification or destruction, including ensuring non-repudiation and authenticity.
• AVAILABILITY – This addresses timely, reliable access to data, systems and services for authorized users, services and processes.
• SAFETY – This addresses reducing risk associated with technologies that could fail or be manipulated by nefarious actors to cause death, injury, illness, damage to or loss of equipment.

Confidentiality, Integrity, Availability & Safety (CIAS) Model

Populating The CIAS Model

 

• NIST 800-171 & CMMC Documentation Terminology Reference

  Complying with NIST SP 800-171 & CMMC can be hard enough without arguing over terminology. Terminolo...

• Comparing NIST SP 800-53 R5 vs FedRAMP R5 vs NIST SP 800-171 R2 vs NIST SP 800-171 R3 IPD

  Within the Defense Industrial Base (DIB), there is considerable confusion about the concept of "FedR...

• Word Crimes 4 - Threat vs Vulnerability vs Risk

  Threat vs Vulnerability vs RiskThreat, vulnerability and risk management practices are meant to achi...

• Word Crimes 3 - Policy vs Standard vs Control vs Procedure

  Policy vs Standard vs Control vs Procedure When it comes to cybersecurity compliance, words...

---