The IT Law Wiki


Cloud computing[]

Availability is

the property of being accessible and usable upon demand by an authorized entity.[1]

Computer security[]

Availability refers to

[e]nsuring the timely, reliable access to data and information services by authorized users.[2]
[a]ssurance that information, services, and IT system resources are accessible to authorized users and/or system-related processes on a timely and reliable basis and are protected from denial of service.[3]

Availability is

a requirement intended to assure that systems work promptly and service is not denied to authorized users. This objective protects against:

Availability is frequently an organization's foremost security objective.[4]

Computer systems[]

Availability is

[t]imely, reliable access to data and information services for authorized users.[5]

Availability means “the ratio of the total time a service is being used during a given interval to the length of the interval.”[6] "For example, a service provider may state that its services will be available 99.99 percent of the time over a year, which amounts to 53 minutes of accumulated outages for all causes over the course of the year."[7]


Availability is

  • "[t]he degree of ease with which a dataset or other object may be found or obtained."[8]
  • "[t]he state when data are in the place needed by the user, at the time the user needs them, and in the form needed by the user.[9]

Data security[]

Availability is

the property that data or information is accessible and useable upon demand by an authorized person.[10]
[t]he state that exists when data can be obtained within an acceptable period of time.[11]


Under the Federal Information Security Management Act of 2002, availability means "ensuring timely and reliable access to and use of information."[12] A loss of availability is the disruption of access to or use of information or an information system.


Availability is

[t]he property of a system or a system resource being accessible, or usable or operational upon demand, by an authorized system entity, according to performance specifications for the system; i.e., a system is available if it provides services according to the system design whenever users request them.[13]
the extent to which a system is ready to be called into use for its designated purpose, without advance knowledge of when it is needed.[14]
[t]he degree to which a system or component is operational and accessible when required for use, often expressed as a probability.[15]
[t]he degree to which information, a system, subsystem, or equipment is operable and in a useable state; frequently represented as a proportion of time the element is in a functioning condition.[16]


"For satellite communication links the availability is usually expressed as a percentage of the average year."[17]


Availability is

[t]he degree to which a system, subsystem, or equipment is operable and in a committable state at the start of a mission, when the mission is called for at an unknown, i.e., a random, time.[18]
[t]he amount of time that the quality of a telecommunication service or communications link equals or exceeds a specified minimum value.[19]

Overview (Cloud computing)[]

Availability is usually covered by certification at a general level. Availability is a key service level objective, since it describes whether the cloud service can actually be used, and it is typically necessary to specify numeric values for availability to make meaningful statements that are useful for cloud service customers.

The question of what "usable" means is a complex matter, which depends on the cloud service concerned. A service can be up and available, but perform so poorly that it is effectively unusable. Similarly, the service can be up, but respond with errors for valid requests. It can be valuable for the SLA to provide clear information on these aspects of service availability.

Overview (Computer system)[]

"The time during which the system is unavailable is called downtime; the time during which the system is available is called uptime."[20]

Overview (Telecommunications)[]

Availability is generally measured in terms of the percentage of time that a system is available. Communications systems deployed in public networks are routinely designed for 5 9's (99.999%) availability; improvements have made it possible to have available of 6 9's (99.9999%) or even 7 9's (99.99999%) availability.


  1. Cloud Service Level Agreement Standardisation Guidelines, at 15.
  2. National Telecomm. Info. Sys. Security Instructions (NSTISSI) 4009; NIST Special Publication 800-53; FIPS 200; FIPS 199. See also 44 U.S.C. §3542 ("Ensuring timely and reliable access to and use of information").
  3. DM3595-001, at 2.
  4. NIST Special Publication 800-33.
  5. DoD Instruction 5200.40, at 8 (E2.1.7).
  6. Information Security: Continued Action Needed to Improve Software Patch Management Processes, at 29 n.23.
  7. National Telecomm. Info. Sys. Security Instructions (NSTISSI) 4009, at 29 n.23.
  8., GIS Glossary (full-text).
  9. Department of Defense, National Computer Security Center, Glossary of Computer Security Terms (NCSC-TG-004, Ver. 1) (Oct. 21, 1988).
  10. 45 C.F.R. §164.304.
  11. NASA Automated Information Security Handbook, App. C.
  12. 44 U.S.C. §3542(b)(1)(C).
  13. Internet Security Glossary 29 (RFC 4949) (Ver. 2) (Aug. 2007).
  14. Availability and Robustness of Electronic Communications Infrastructures, at 135.
  15. Information Technology: An Audit Guide For Assessing Acquisition Risks, Glossary, at 87.
  16. Criminal Justice Information Services Security Policy, Glossary, at A-1.
  17. Eutelsat, “Glossary – Satellite Terminology” (full-text).
  18. ATIS Telecom Glossary.
  19. Eutelsat, “Glossary – Satellite Terminology” (full-text).
  20. Unified Capabilities, Framework 2013, App. C, at C-4 (full-text).


See also[]