"The Secretary of Commerce has approved FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems, and has made it compulsory and binding on Federal agencies for the protection of: (i) All information within the Federal government other than that information that has been determined pursuant to Executive Order 12958, as amended by Executive Order 13292, or any predecessor order, or by the Atomic Energy Act of 1954, as amended, to require protection against unauthorized disclosure and is marked to indicate its classified status; and (ii) all Federal information systems other than those information systems designated as national security systems as defined in the United States Code.
The Federal Information Security Management Act (FISMA) requires all Federal agencies to develop, document, and implement agency-wide information security programs to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. FIPS Publication 199 addresses one of the requirements specified in the FISMA. It provides security categorization standards for information and information systems.
The purpose of security categorization standards is to provide a common framework and method for expressing security and to promote effective management and oversight of information security programs, including the coordination of information security efforts throughout the civilian, national security, emergency preparedness, homeland security, and law enforcement communities; and consistent reporting to the Office of Management and Budget (OMB) and Congress on the adequacy and effectiveness of information security policies, procedures, and practices."