Date Published: March 2006
Author(s)
Shirley Radack (NIST)
This bulletin provides information on the applicability and implementation of FIPS 200, Minimum Security Requirements for Federal Information and Information Systems. It advises Federal agencies of the requirements under the Federal Information Security Management Act (FISMA) of 2002 to categorize their information systems in accordance with FIPS 199, Standards for the Security Categorization of Federal Information and Information Systems, and to provide appropriate security for information and systems, based on levels of risk. FIPS 200 helps agencies to select an appropriate set of security controls from NIST Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems, to satisfy their minimum security requirements.
This bulletin provides information on the applicability and implementation of FIPS 200, Minimum Security Requirements for Federal Information and Information Systems. It advises Federal agencies of the requirements under the Federal Information Security Management Act (FISMA) of 2002 to categorize...
See full abstract
This bulletin provides information on the applicability and implementation of FIPS 200, Minimum Security Requirements for Federal Information and Information Systems. It advises Federal agencies of the requirements under the Federal Information Security Management Act (FISMA) of 2002 to categorize their information systems in accordance with FIPS 199, Standards for the Security Categorization of Federal Information and Information Systems, and to provide appropriate security for information and systems, based on levels of risk. FIPS 200 helps agencies to select an appropriate set of security controls from NIST Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems, to satisfy their minimum security requirements.
Hide full abstract
Keywords
Federal Information Processing Standard; Federal Information Security Management Act; levels of risk; minimum security requirements; security categorization; security controls
Control Families
Access Control; Awareness and Training; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Planning; Personnel Security; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity