HHS is responsible for implementing an information security program to ensure that its information systems and associated facilities, as well as those of its contractors, provide a level of security commensurate with the risk and magnitude of harm that could result from the loss, misuse, disclosure, or modification of the information contained in those systems. Each system's level of security shall protect the integrity, confidentiality, and availability of the information and comply with all security and privacy-related laws and regulations.