CIA Triad

The CIA Triad — Confidentiality, Integrity, and Availability — is the foundational model for information security. Confidentiality means ensuring information is accessible only to authorized people. Integrity means ensuring information is accurate, complete, and hasn't been tampered with. Availability means ensuring information and systems are accessible when needed.

Every security decision, control, and assessment ultimately maps back to protecting one or more of these three properties. The CIA Triad provides a simple framework for evaluating security risks and prioritizing controls based on which properties are most important for specific data and systems.

Why It Matters

The CIA Triad is the conceptual foundation of your entire security program. For defense contractors, confidentiality of CUI is paramount, but you must also ensure data integrity (it hasn't been altered) and availability (systems work when needed for mission support).