"Memorandum for Heads of Executive Departments and Agencies: Management of Federal Information Resources: Circular A-130 revised" (United States,Office of Management and Budget, 28 November 2000).
adequate security : [Agencies must] apply OMB policies and, for non-national security applications, NIST guidance to achieve adequate security commensurate with the level of risk and magnitude of harm. (†1677)
adequate security (Appendix III): Security commensurate with the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that systems and applications used by the agency operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, personnel, operational, and technical controls. (†1678)