Security Profile Levels

High: 421 Controls

    • Designed for government’s most sensitive, unclassified data, including data that involves the protection of life and financial ruin

Moderate: 325 Controls

    • Accounts for nearly 80% of CSP applications, would result in serious adverse affects, applications where PII, PHI and PCI data is stored or processes

Low: 125 Controls

    • Designed for CSPs where loss of confidentiality, integrity, and availability would result in limited adverse affects on an agency’s operations, assets or individuals

LI SaaS: 36 Controls

    • Designed for low risk solutions like collaboration tools, project management applications, and tools that help develop open-source code4