Two properties CIA doesn't capture, and Donn Parker's 1998 six-element framework that extends security coverage further.
The assurance that a document, file, or message is genuinely from its claimed source — not a forgery, not a counterfeit. You can verify the origin.
Prevents the original sender from later denying they were the source. Once sent or signed, they cannot walk it back. Critical for commerce, banking, legal records, and healthcare.
A purchase order arrives for 1,000 vehicles. You need to confirm the customer actually placed this order — that's authenticity. You also need to ensure they cannot later claim they never placed it — that's nonrepudiation. Without both, the business transaction cannot be conducted safely.
In 1998, security consultant Donn Parker proposed extending the CIA Triad into six elements — the Parkerian Hexad — to cover security properties that CIA alone leaves unaddressed. The four existing CIA properties are retained; two new ones are added.
A user has their encrypted laptop physically in hand. The drives are intact. But the decryption key is lost. The data is available in a physical sense — but it is completely inaccessible. CIA sees this as fine. Utility captures the failure.
Ransomware encrypts your files. Your data still exists on your drives — technically available. But you no longer control it. CIA's availability property misses this. Possession captures the loss of control even without physical theft.