Gathering Information About Mission Impact
Mission Impact (ssvc:MI:2.0.0)
Impact on Mission Essential Functions of the Organization
| Value | Key | Definition |
|---|---|---|
| Degraded | D | Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions |
| MEF Support Crippled | MSC | Activities that directly support essential functions are crippled; essential functions continue for a time |
| MEF Failure | MEF | Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time |
| Mission Failure | MF | Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails |
Mission Impact (ssvc:MI:2.0.0) JSON Example
{
"namespace": "ssvc",
"key": "MI",
"version": "2.0.0",
"name": "Mission Impact",
"definition": "Impact on Mission Essential Functions of the Organization",
"schemaVersion": "2.0.0",
"values": [
{
"key": "D",
"name": "Degraded",
"definition": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions"
},
{
"key": "MSC",
"name": "MEF Support Crippled",
"definition": "Activities that directly support essential functions are crippled; essential functions continue for a time"
},
{
"key": "MEF",
"name": "MEF Failure",
"definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time"
},
{
"key": "MF",
"name": "Mission Failure",
"definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails"
}
]
}
The factors that influence the mission impact level are diverse. At a minimum, understanding mission impact should include gathering information about the critical paths that involve vulnerable components, viability of contingency measures, and resiliency of the systems that support the mission. There are various sources of guidance on how to gather this information; see for example the FEMA guidance in Continuity Directive 2 or OCTAVE FORTE. This is part of risk management more broadly. It should require the vulnerability management team to interact with more senior management to understand mission priorities and other aspects of risk mitigation.