1. Of a data or information processing system, a threat of disclosure of information without changing the state of the system. Note: An example of a passive threat is one that could result in the recovery of sensitive information through the unauthorized interception of a data transmission. 2. The threat of unauthorized disclosure of information without changing the state of the system.