Mission Impact
Mission Impact (ssvc:MI:2.0.0)
Impact on Mission Essential Functions of the Organization
| Value | Key | Definition |
|---|---|---|
| Degraded | D | Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions |
| MEF Support Crippled | MSC | Activities that directly support essential functions are crippled; essential functions continue for a time |
| MEF Failure | MEF | Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time |
| Mission Failure | MF | Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails |
Mission Impact (ssvc:MI:2.0.0) JSON Example
{
"namespace": "ssvc",
"key": "MI",
"version": "2.0.0",
"name": "Mission Impact",
"definition": "Impact on Mission Essential Functions of the Organization",
"schemaVersion": "2.0.0",
"values": [
{
"key": "D",
"name": "Degraded",
"definition": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions"
},
{
"key": "MSC",
"name": "MEF Support Crippled",
"definition": "Activities that directly support essential functions are crippled; essential functions continue for a time"
},
{
"key": "MEF",
"name": "MEF Failure",
"definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time"
},
{
"key": "MF",
"name": "Mission Failure",
"definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails"
}
]
}
Gathering Information about Mission Impact
See this HowTo for advice on gathering information about the Mission Impact decision point.
See also
Mission Impact combines with Safety Impact to inform Human Impact
A mission essential function (MEF) is a function “directly related to accomplishing the organization’s mission as set forth in its statutory or executive charter” 1. Identification and prioritization of mission essential functions enables effective continuity planning or crisis planning. Mission Essential Functions are in effect critical activities within an organization that are used to identify key assets, supporting tasks, and resources that an organization requires to remain operational in a crises situation, and so must be included in its planning process. During an event, key resources may be limited and personnel may be unavailable, so organizations must consider these factors and validate assumptions when identifying, validating, and prioritizing MEFs.
When reviewing the list of organizational functions, an organization must first identify whether a function is essential or non-essential. The distinction between these two categories is whether or not an organization must perform a function during a disruption to normal operations and must continue performance during emergencies 1. Essential functions are both important and urgent. Functions that can be deferred until after an emergency are identified as non-essential. For example, DoD defines MEFs in DoD Directive 3020.26 DoD Continuity Policy using similar terminology to FCD-2 2.
As mission essential functions are most clearly defined for government agencies, stakeholders in other sectors may be familiar with different terms of art from continuity planning. For example, infrastructure providers in the US may better align with National Critical Functions. Private sector businesses may better align with operational and financial impacts in a business continuity plan.
While the processes, terminology, and audience for these different frameworks differ, they all can provide a sense of the criticality of an asset or assets within the scope of the stakeholder conducting the cyber vulnerability prioritization with SSVC. In that sense they all function quite similarly within SSVC. Organizations should use whatever is most appropriate for their stakeholder context, with Mission Essential Function analysis serving as a fully worked example in the SSVC documents.
Prior Versions
Mission Impact (ssvc:MI:1.0.0)
Impact on Mission Essential Functions of the Organization
| Value | Key | Definition |
|---|---|---|
| None | N | Little to no impact |
| Non-Essential Degraded | NED | Degradation of non-essential functions; chronic degradation would eventually harm essential functions |
| MEF Support Crippled | MSC | Activities that directly support essential functions are crippled; essential functions continue for a time |
| MEF Failure | MEF | Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time |
| Mission Failure | MF | Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails |
Mission Impact (ssvc:MI:1.0.0) JSON Example
{
"namespace": "ssvc",
"key": "MI",
"version": "1.0.0",
"name": "Mission Impact",
"definition": "Impact on Mission Essential Functions of the Organization",
"schemaVersion": "2.0.0",
"values": [
{
"key": "N",
"name": "None",
"definition": "Little to no impact"
},
{
"key": "NED",
"name": "Non-Essential Degraded",
"definition": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions"
},
{
"key": "MSC",
"name": "MEF Support Crippled",
"definition": "Activities that directly support essential functions are crippled; essential functions continue for a time"
},
{
"key": "MEF",
"name": "MEF Failure",
"definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time"
},
{
"key": "MF",
"name": "Mission Failure",
"definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails"
}
]
}
-
Federal Emergency Management Agency. Federal continuity directive 2: federal executive branch mission essential functions and candidate primary mission essential functions identification and submission process. Technical Report, US Department of Homeland Security, Federal Emergency Management Agency, 2017. URL: https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf. ↩↩
-
DOD. Dod directive 3020.26 dod continuity policy. Technical Report, US Department of Defense, 2018. URL: https://github.com/CERTCC/SSVC/pull/281/commits/791dcabd716c2e681215493b26cba79f3863887b. ↩