Serious Adverse Effect
Definition
A significant negative impact on an organization caused by the loss of confidentiality, integrity, or availability of its information. At a minimum, this includes effects that would likely: (i) result in intermittent or ongoing degradation in the availability or performance of services within the cloud service offering, causing unpredictable interruptions to operations for 12+ hours; OR (ii) directly or indirectly result in unauthorized access, disclosure, or modification of a minority of the federal customer data stored within the cloud service offering.
Also Referred To As
Used in FedRAMP KSI Requirements
This term appears in FedRAMP Key Security Indicator statements. Understanding its precise definition is critical for accurate self-assessment.
Browse KSI themes →