---
title: "Availability — AP Cybersecurity Definition & Exam Guide"
description: "Availability ensures data and services are accessible to authorized users when needed. It's the third leg of the CIA triad and a core target of cyberattacks in AP Cybersecurity Unit 2."
canonical: "https://fiveable.me/ap-cybersecurity/key-terms/availability"
type: "key-term"
subject: "AP Cybersecurity"
unit: "Unit 2"
---

# Availability — AP Cybersecurity Definition & Exam Guide

## Definition

In AP Cybersecurity, availability is the security principle that ensures data and services are accessible to authorized individuals when they need them; systems lacking availability suffer unexpected downtime. It's one of the three pillars of the CIA triad.

## What It Is

Availability is the part of the [CIA triad](/ap-cybersecurity/key-terms/cia-triad "fv-autolink") that's all about access at the right time. A system has availability when authorized users can actually reach the data and services they're supposed to use, whenever they need them (EK 2.1.F.1). Sounds simple, but it's huge: a hospital's patient records aren't worth much if a ransomware attack [locks](/ap-cybersecurity/unit-2/protecting-physical-spaces/study-guide/PhHFFwPlXGtEWL781jEc "fv-autolink") them up during an emergency.

When availability fails, you get **downtime**. The CED is direct about this: systems lacking availability may experience unexpected downtime. That can come from an attack (like a denial-of-service flood), a hardware failure, or even a power outage. Availability is one of three principles a [security control](/ap-cybersecurity/unit-2/cyber-foundations/study-guide/0oS8jJyX7iolYntwz5Eh "fv-autolink") can address, sitting alongside **confidentiality** (only authorized people get in) and **integrity** (data stays accurate and trustworthy). Every security control you study should map back to at least one of these three.

## Why It Matters

Availability lives in **[Unit 2](/ap-cybersecurity/unit-2 "fv-autolink"): Securing Spaces**, specifically topic 2.1 Cyber Foundations, and it's anchored by learning objective [AP Cybersecurity](/ap-cybersecurity "fv-autolink") 2.1.F (identify types of security controls). EK 2.1.F.1 names availability as one of the three principles every security control must address. That makes it a building block for the whole course. When you later evaluate a control or a defense strategy, you'll ask which CIA principle it protects, and availability is one of your three answers. It also ties directly to the risk and threat material in 2.1, because keeping systems up is exactly what an attacker tries to break.

## Connections

### [CIA Triad (Unit 2)](/ap-cybersecurity/key-terms/cia-triad)

Availability is the 'A' in the CIA triad, teamed with [confidentiality](/ap-cybersecurity/key-terms/confidentiality "fv-autolink") and integrity. Think of the triad as a three-legged stool: knock out availability and the whole thing tips, even if your data is secret and accurate.

### Confidentiality and Integrity (Unit 2)

These are availability's two siblings. A control that locks data away tight protects confidentiality but can hurt availability if it blocks legitimate users, so the three principles often trade off against each other.

### Defense in Depth / Layered Defense (Unit 2)

A defense-in-depth strategy (objective 2.1.G) stacks multiple controls so that if one is bypassed, another still holds. That resilience keeps systems up and running, which is availability in action.

### Asset and Risk (Unit 2)

[Risk](/ap-cybersecurity/key-terms/risk "fv-autolink") happens when a threat exploits a vulnerability against an asset (EK 2.1.D.1). An attack that takes a service offline is a hit to availability, so availability is one of the things you're protecting when you assess and manage risk.

## On the AP Exam

Multiple-choice questions on this term usually ask you to match a security control to the CIA principle it addresses, or to spot which scenario describes an availability failure (like a service knocked offline by an attack). Released practice questions in this area ask things like 'Which of the following is an example of a confidentiality control?', so expect the parallel version for availability. No released FRQ has used this term verbatim, but availability supports the kind of control-evaluation and risk-management reasoning an FRQ on Unit 2 rewards. The move you need: name the principle, then explain what breaks when it's missing (here, that's unexpected downtime).

## availability vs integrity

Integrity is about data being correct and trustworthy (not tampered with), while availability is about data being reachable when you need it. A file can be perfectly accurate (high integrity) but useless if a server is down (low availability), and it can be online and easy to reach (high availability) but secretly altered (low integrity).

## Key Takeaways

- Availability ensures authorized users can access data and services exactly when they need them.
- It's one of the three CIA triad principles, alongside confidentiality and integrity, and every security control should map to at least one of them.
- When availability fails, the result is unexpected downtime, which can come from attacks, failures, or outages.
- On the exam, be ready to match a scenario or control to availability versus confidentiality or integrity.
- Defense in depth boosts availability by keeping systems resilient when one control gets bypassed.

## FAQs

### What is availability in AP Cybersecurity?

Availability is the security principle that data and services stay accessible to authorized individuals when they need them. It's the 'A' in the CIA triad, and systems lacking it experience unexpected downtime (EK 2.1.F.1).

### Is availability the same as confidentiality?

No. Confidentiality keeps data restricted to authorized people, while availability makes sure those authorized people can actually reach it when needed. They can even conflict, since locking data down harder can make it harder to access.

### How is availability different from integrity?

[Integrity](/ap-cybersecurity/key-terms/integrity "fv-autolink") is about data being accurate and untampered with; availability is about data being reachable. A record can be 100% accurate but useless if the server is offline (an availability problem), and it can be online but secretly altered (an integrity problem).

### Why does availability matter for the CIA triad?

The CIA triad needs all three legs. Even if data is secret (confidentiality) and accurate (integrity), it fails its purpose if users can't access it when needed, so availability completes the set of principles every control addresses.

### What kind of attack hurts availability?

Any attack that takes systems or services offline, like a denial-of-service flood or ransomware that locks files, attacks availability by causing downtime. On the exam, look for scenarios where authorized users suddenly can't reach what they need.

## Related Study Guides

- [2.1 Cyber Foundations](/ap-cybersecurity/unit-2/cyber-foundations/study-guide/0oS8jJyX7iolYntwz5Eh)

## Structured Data

```json
{"@context":"https://schema.org","@graph":[{"@type":"LearningResource","@id":"https://fiveable.me/ap-cybersecurity/key-terms/availability#resource","name":"Availability — AP Cybersecurity Definition & Exam Guide","url":"https://fiveable.me/ap-cybersecurity/key-terms/availability","learningResourceType":"Concept explainer","educationalLevel":"AP® / High School","about":{"@id":"https://fiveable.me/ap-cybersecurity/key-terms/availability#term"},"audience":{"@type":"EducationalAudience","educationalRole":"student"},"dateModified":"2026-06-15T18:59:29.156Z","isPartOf":{"@type":"Collection","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"publisher":{"@type":"Organization","name":"Fiveable","url":"https://fiveable.me"}},{"@type":"DefinedTerm","@id":"https://fiveable.me/ap-cybersecurity/key-terms/availability#term","name":"availability","description":"In AP Cybersecurity, availability is the security principle that ensures data and services are accessible to authorized individuals when they need them; systems lacking availability suffer unexpected downtime. It's one of the three pillars of the CIA triad.","url":"https://fiveable.me/ap-cybersecurity/key-terms/availability","inDefinedTermSet":{"@type":"DefinedTermSet","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"educationalAlignment":[{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.A"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.B"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.C"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.D"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.E"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.F"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 2, Topic 2.1, LO 2.1.G"}]},{"@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is availability in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"Availability is the security principle that data and services stay accessible to authorized individuals when they need them. It's the 'A' in the CIA triad, and systems lacking it experience unexpected downtime (EK 2.1.F.1)."}},{"@type":"Question","name":"Is availability the same as confidentiality?","acceptedAnswer":{"@type":"Answer","text":"No. Confidentiality keeps data restricted to authorized people, while availability makes sure those authorized people can actually reach it when needed. They can even conflict, since locking data down harder can make it harder to access."}},{"@type":"Question","name":"How is availability different from integrity?","acceptedAnswer":{"@type":"Answer","text":"[Integrity](/ap-cybersecurity/key-terms/integrity \"fv-autolink\") is about data being accurate and untampered with; availability is about data being reachable. A record can be 100% accurate but useless if the server is offline (an availability problem), and it can be online but secretly altered (an integrity problem)."}},{"@type":"Question","name":"Why does availability matter for the CIA triad?","acceptedAnswer":{"@type":"Answer","text":"The CIA triad needs all three legs. Even if data is secret (confidentiality) and accurate (integrity), it fails its purpose if users can't access it when needed, so availability completes the set of principles every control addresses."}},{"@type":"Question","name":"What kind of attack hurts availability?","acceptedAnswer":{"@type":"Answer","text":"Any attack that takes systems or services offline, like a denial-of-service flood or ransomware that locks files, attacks availability by causing downtime. On the exam, look for scenarios where authorized users suddenly can't reach what they need."}}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"AP Cybersecurity","item":"https://fiveable.me/ap-cybersecurity"},{"@type":"ListItem","position":2,"name":"Key Terms","item":"https://fiveable.me/ap-cybersecurity/key-terms"},{"@type":"ListItem","position":3,"name":"Unit 2","item":"https://fiveable.me/ap-cybersecurity/unit-2"},{"@type":"ListItem","position":4,"name":"availability"}]}]}
```
