U.S. flag   An official website of the United States government

NIST Risk Management Framework RMF

Risk Management Framework (RMF) - Categorize Step

At A Glance

RMF Categorize Step

 

 

Purpose: Inform organizational risk management processes and tasks by determining the adverse impact  with respect to the loss of confidentiality, integrity, and availability of systems and the information processed, stored, and transmitted by those systems
 
Outcomes: 

  • system characteristics documented
  • security categorization of the system and information completed
  • categorization decision reviewed/approved by authorizing official

 


Resources for Implementers


Federal Information Processing Standard (FIPS) 199Standards for Security Categorization of Federal Information and Information Systems

  • Standard for categorizing information and systems according to an organization's level of concern for confidentiality, integrity, and availability and the potential impact on organizational assets and operations.

NIST SP 800-60 Volume I and Volume II, Guide for Mapping Types of Information and Information Systems to Security Categories

  • Developed to assist agencies categorize information and systems.
  • Guidelines recommending the types of information and systems to be included in each security impact level for confidentiality, integrity, and availability.

 


Back to About the RMF

Created November 30, 2016, Updated April 14, 2021