CIA Triad
The CIA Triad defines the three pillars of information security: Confidentiality, Integrity, and Availability, providing the universal framework for risk assessment and control design.
Continue your mission
The CIA Triad defines the three pillars of information security: Confidentiality, Integrity, and Availability, providing the universal framework for risk assessment and control design.
# CIA Triad
The CIA Triad is the foundational model of information security, organizing every meaningful security objective into three properties: Confidentiality, Integrity, and Availability. It exists because organizations need a common framework to evaluate risk, design controls, and communicate security requirements across technical and non-technical stakeholders. Without a shared model, security programs fragment into ad hoc checklists that fail to address the full spectrum of threats. The triad solves this by providing a structure that maps any threat, vulnerability, or control to at least one of three clearly defined properties. It is not a compliance checklist or a product category. It is a decision-making framework that applies equally to a small business protecting customer records and a national defense agency protecting classified infrastructure.
---
The CIA Triad defines three security properties that any information system must maintain to be considered adequately protected.
Confidentiality is the property that information is not disclosed to unauthorized individuals, processes, or devices. This covers data at rest, data in transit, and data in use. Confidentiality is not synonymous with privacy, though the two overlap. Privacy is a legal and ethical concept governing how personal data is collected and used. Confidentiality is a technical and operational property governing who can access data and under what conditions.
Integrity is the property that data has not been altered or destroyed in an unauthorized manner. This includes both deliberate tampering and accidental corruption. Integrity is not the same as accuracy in the database sense. A database record can be technically intact and cryptographically verified while still containing incorrect information entered by a user with legitimate access. Integrity controls confirm that data has not changed since it was last verified by an authorized process.
Availability is the property that information and systems are accessible and usable upon demand by authorized users. Availability does not mean constant uptime at any cost. It means meeting defined service-level requirements for the sensitivity and criticality of the system in question.
The triad is distinct from adjacent models. The Parkerian Hexad extends it with Possession, Authenticity, and Utility. The AAA model (Authentication, Authorization, Accounting) describes access control mechanisms that enforce triad properties but is not itself a security objectives model. NIST's cybersecurity framework functions and ISO/IEC 27001 control domains are built around triad concepts but operate at a higher level of organizational governance.
The CIA Triad does not address non-repudiation, privacy by design, or ethical data use directly. Those concerns require supplementary frameworks applied alongside the triad.
---
Each property of the CIA Triad requires a distinct category of controls, and those controls often create tension with one another. Understanding the mechanics of each property and the trade-offs between them is the core skill of security architecture.
Confidentiality is enforced through four primary mechanisms: encryption, access control, data classification, and network segmentation.
Encryption protects data so that unauthorized parties cannot read it even if they obtain a copy. AES-256 is the standard for symmetric encryption of data at rest. TLS 1.3 is the standard for encryption of data in transit. End-to-end encryption systems such as those used in secure messaging applications extend confidentiality so that intermediary servers cannot read message content.
Access control restricts who can reach data in the first place. Role-based access control (RBAC) assigns permissions based on job function. Attribute-based access control (ABAC) evaluates multiple attributes, including user identity, device posture, time of day, and data classification, before granting access. Mandatory access control (MAC) systems, used in classified environments, enforce access based on security labels that neither users nor system administrators can override without elevated authority.
Data classification assigns sensitivity levels to information so that appropriate controls can be applied systematically. A common four-tier classification model uses Public, Internal, Confidential, and Restricted labels. Each tier maps to a defined set of handling requirements including storage, transmission, access logging, and retention.
Network segmentation limits the blast radius of a confidentiality failure by preventing lateral movement. A user who compromises one segment cannot automatically reach data in another segment without passing through additional access controls.
Integrity is maintained through cryptographic verification, monitoring, and change management.
Hashing algorithms produce a fixed-length digest of a file or message. SHA-256 is the current standard for most integrity verification tasks. If a file's hash value changes between two verification points, the file has been modified. This is the basis for file integrity monitoring (FIM) tools such as Tripwire and AIDE, which continuously verify the hash values of critical system files and alert on unauthorized changes.
Digital signatures extend hashing by binding a hash to a verified identity. A sender computes a hash of a document, encrypts it with their private key, and appends it to the document. The recipient decrypts the signature with the sender's public key and compares the hash. If the hashes match and the certificate chain is valid, both the integrity of the document and the identity of the signer are confirmed.
Version control systems such as Git maintain an immutable log of every change to a codebase, including who made it and when. This is integrity control applied to software development.
Change management processes in operations require that modifications to production systems be approved, documented, and tested before implementation. This prevents unauthorized changes and creates an audit trail for investigating integrity failures.
Scenario: A financial institution discovers that transaction records in its core banking system have been altered. The integrity investigation begins with FIM logs, which show that a specific database file was modified outside of the approved maintenance window. The hash value recorded at the last verified state does not match the current hash. Digital audit logs show that the modification originated from a service account that had been compromised two weeks earlier. The integrity controls did not prevent the attack, because the attacker used legitimate credentials, but they detected it and provided forensic evidence precise enough to identify the affected records, reconstruct the timeline, and terminate the compromised account. Without integrity monitoring, the altered records might have persisted undetected for months.
Availability is maintained through redundancy, fault tolerance, capacity management, and threat mitigation.
Redundancy eliminates single points of failure at every layer: power, network, storage, and compute. High-availability database configurations use synchronous replication so that if the primary node fails, a secondary node assumes operations with no data loss. Geographic redundancy distributes workloads across multiple data centers or cloud regions.
Load balancing distributes traffic across multiple servers to prevent any single server from becoming a bottleneck. Combined with auto-scaling, load balancers allow systems to absorb demand spikes without degradation.
Disaster recovery planning defines recovery time objectives (RTO) and recovery point objectives (RPO) for each system category. RTO defines how long a system can be down before the impact becomes unacceptable. RPO defines how much data loss is tolerable. Backup schedules, replication intervals, and failover procedures are designed to meet these objectives.
DDoS mitigation protects availability from volumetric and application-layer attacks. Cloud-based scrubbing services absorb attack traffic upstream before it reaches the target infrastructure.
The three properties are not independently optimized. Every increase in confidentiality through encryption adds computational overhead that can affect availability. Every increase in availability through broad access and minimal authentication reduces confidentiality and integrity controls. Security architects must document these trade-offs explicitly and make deliberate design decisions based on the sensitivity of the data and the criticality of the system.
---
The CIA Triad provides the vocabulary for every meaningful security conversation. When a threat is identified, analysts ask which property it targets. A ransomware attack primarily targets availability by encrypting files and making them inaccessible. A data exfiltration attack primarily targets confidentiality. A supply chain attack that injects malicious code into a software update primarily targets integrity. This classification drives the response. The incident response team, the business owner, and the board can all discuss the impact in terms they share.
Without this framework, organizations routinely over-invest in confidentiality controls (firewalls, encryption, identity management) while neglecting integrity and availability. This imbalance is directly observable in breach statistics. Many significant incidents in the past decade involved attackers who obtained access through compromised credentials and spent weeks modifying data or installing persistence mechanisms before being detected, because integrity monitoring was absent or poorly configured.
Real-world consequence: The 2020 SolarWinds supply chain compromise is a textbook integrity failure. Attackers inserted malicious code into the SolarWinds Orion software build process. Customers who installed the update received software that was cryptographically signed by SolarWinds, meaning it passed standard integrity checks. The attack succeeded precisely because integrity monitoring did not extend back to the build environment itself. Organizations that had focused solely on perimeter confidentiality controls had no visibility into the integrity of the software they were running. The incident affected approximately 18,000 organizations and exposed sensitive government and corporate networks for months.
A common misconception is that the CIA Triad is an outdated model replaced by zero-trust architecture or NIST frameworks. This is incorrect. Zero-trust is an access control philosophy that enforces CIA Triad properties more rigorously. NIST frameworks organize governance processes that exist to protect CIA Triad properties. The triad is the objective; every other model describes a way to achieve it.
A second misconception is that the three properties are equally important for every system. They are not. A public-facing informational website has high availability requirements and low confidentiality requirements. A classified research database has high confidentiality and integrity requirements and lower availability requirements. Security architecture begins with classifying systems by their triad priority profile, then applying controls accordingly.
---
CDA approaches the CIA Triad through the Planetary Defense Model (PDM), with primary application in the DPS (Data Protection and Sovereignty) domain. The guiding methodology is the Sovereign Data Protocol (SDP), which holds a single operational principle: your data lives where you decide. Period.
The mainstream application of the CIA Triad treats all three properties as questions of technical control design. CDA treats them as questions of sovereignty first and technical implementation second. Confidentiality is not achieved by trusting a third-party encryption key management service with your root keys. Integrity is not confirmed by relying on a vendor's audit log that you cannot independently verify. Availability is not secured by a cloud provider's SLA that gives you credits after downtime occurs rather than preventing it.
Under the SDP, confidentiality controls are assessed for key ownership. If an organization encrypts data with keys managed by its cloud provider, the cloud provider can decrypt that data. From a sovereignty standpoint, that is not confidentiality; it is shared access with a contractual boundary. CDA's DPS domain requires that encryption keys for sensitive data be held by the data owner or under hardware security modules (HSMs) that the owner physically controls.
Integrity under the SDP means independent verification. CDA practitioners implement hash registries that are maintained outside the primary system so that integrity verification does not depend on the same infrastructure that stores the data. A compromised system cannot alter both the data and the verification record if they are separated by independent control.
Availability under the SDP means that access to your data cannot be terminated by a third party's business decision, legal order served to a vendor, or vendor outage. CDA architectures include data portability requirements and local copies of critical data so that a vendor relationship termination does not create an availability crisis.
In practical terms, CDA clients who work through the PDM process receive a CIA profile assessment for each data category, mapping current controls against the SDP requirements, identifying gaps where control has been delegated to a party outside the client's sovereign boundary, and producing a remediation roadmap prioritized by data sensitivity and operational impact.
---
---
---
CDA Theater missions that address topics covered in this article.
Cryptographic technique that encrypts data while preserving its original format and length, enabling protection without breaking legacy system compatibility.
Guide to HTTP/2 security covering binary framing, HPACK compression attacks, rapid reset vulnerability, stream multiplexing risks, and mitigation strategies.
Explanation of Certificate Transparency framework, covering log servers, Signed Certificate Timestamps, monitoring capabilities, and detection of fraudulent certificates.
Written by CDA Editorial
Found an issue? Help improve this article.