Moderate Impact

Moderate Impact definition in Computer Security terms:

Acronym(s): None

Definition(s): The loss of confidentiality, integrity, or availability that could be expected to have a serious adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States (i.e., 1) causes a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in significant damage to organizational assets; 3) results in significant financial loss; or 4) results in significant harm to individuals that does not involve loss of life or serious life-threatening injuries).
Source(s): NIST SP 800-161 (CNSSI 4009)

Synonym(s): Moderate Impact System
An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of moderate and no security objective is assigned a FIPS 199 potential impact value of high.
Source(s): NIST SP 800-18 Rev. 1


reference: CSRC Glossary