The extent to which protective measures, techniques, and procedures must be applied to information systems (IS) and networks based on risk, threat, vulnerability, system interconnectivity considerations, and information assurance needs. Levels of protection are: 1. Basic: The IS and networks requiring implementation of standard minimum security countermeasures. 2. Medium: The IS and networks requiring layering of additional safeguards above the standard minimum security countermeasures. 3. High: The IS and networks requiring the most stringent protection and rigorous security countermeasures.