Minimum Acceptable Protection Standard

This is the Minimally Acceptable Protection Standard (MAPS) for information protection. This standard maps threats, vulnerabilities, and consequences in to a minimum set of protective measures. The object of this standard is to indicate what any reasonably prudent individual would do to protect an information system in the specified situation. The MAPS standard is situation dependent and depends on a reasonable assessment of the situation for its proper use.

Step 1: Identify threat severity Threats are actors including invididuals, groups, and nature. Threats have capabilities and intents that imply their ability to exploit vulnerabilities. The more severe the threats, the more proteciton is necessary. The threats to the system under consideration are (pick one):

Step 2: Identify System Failure Consequence Level

Where it is uncertain what level of harm is reasonably likely to result from such a failure, select the Medium option.

Step 3: Identify Key Protection Failure System Consequences

For the purposes of these decisions, the following definitions should be used:

Step 4: Identify Location in LifeCycle: Select the lifecycle location you are currently in for this system.

Execution of the analysis is for internal use only at this time.