Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

FIPS 200

Minimum Security Requirements for Federal Information and Information Systems

Date Published: March 2006

Supersedes: SP 800-26 (11/01/2001)

Planning Note (03/17/2023): Send inquiries about this publication to


National Institute of Standards and Technology



risk-assessment; security controls; security requirements
Control Families

Access Control; Awareness and Training; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Planning; Personnel Security; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity


Download URL

Supplemental Material:
None available

Related NIST Publications:
FIPS 199

Document History:
03/01/06: FIPS 200 (Final)