degree to which a product or system protects information and data so that persons or other products or systems have the degree of data access appropriate to their types and levels of authorization. This characteristic is composed of the following subcharacteristics:
- Confidentiality. Degree to which a product or system ensures that data are accessible only to those authorized to have access.
- Integrity. Degree to which a system, product or component prevents unauthorized access to, or modification of, computer programs or data.
- Non-repudiation. degree to which actions or events can be proven to have taken place, so that the events or actions cannot be repudiated later.
- Accountability. Degree to which the actions of an entity can be traced uniquely to the entity.
- Authenticity. Degree to which the identity of a subject or resource can be proved to be the one claimed.