FIPS 199

From Wikipedia, the free encyclopedia
Jump to: navigation, search

FIPS 199 (Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and Information Systems) is a United States Federal Government standard that establishes security categories of information systems used by the Federal Government, one component of risk assessment. FIPS 199, along with FIPS 200, are mandatory security standards as required by FISMA.

FIPS 199 requires Federal agencies to assess their information systems in each of the categories of confidentiality, integrity and availability, rating each system as low, moderate or high impact in each category. The most severe rating from any category becomes the information system's overall security categorization.

External links[edit]