Characterization of the information or an information system based on an assessment of the potential impact of the loss of confidentiality, integrity or availability of the information or the system.
