Date Published: January 31, 2024
Comments Due: March 18, 2024 (public comment period is CLOSED)
Email Questions to:
sec-cert@nist.gov
NIST seeks to update and improve the guidance in Special Publication (SP) 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories. Specifically, NIST seeks feedback on the document’s current use, proposed updates in the initial working draft and information types taxonomy, and opportunities for ongoing improvement to SP 800-60. The public is invited to provide input by March 18, 2024.
NIST is proposing updates to the information types categorization methodology to better address privacy considerations during security categorization and align with updates in SP 800-37r2 (Revision 2), Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. Additionally, NIST intends to update the information types taxonomy and provisional impact levels (Volume 2) to ensure that they are consistent with current federal information types, including the National Archives and Records Administration (NARA) Controlled Unclassified Information (CUI) registry, and allow for a more user-friendly and useable experience.
NIST welcomes feedback and input on any aspect of SP 800-60 and additionally proposes a list of non-exhaustive questions and topics for consideration:
Following the feedback received on this pre-call for comments, NIST plans to issue an initial public draft update to SP 800-60. The methodology will be issued as a document for comment, and the information types and provisional impact levels will be issued in a spreadsheet format for comment and then via the Cybersecurity and Privacy Reference Tool when finalized.
The public comment period is open through March 18, 2024. Please submit comments to sec-cert@nist.gov with “Comments on SP 800-60” in the subject field. We encourage you to use the comment template available under “Supplemental Materials.”
NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
None selected
Publication:
https://doi.org/10.6028/NIST.SP.800-60r2.iwd
Download URL
Supplemental Material:
Information Types Taxonomy (xlsx)
Comment template (xlsx)
Document History:
01/31/24: SP 800-60 Rev. 2 (Draft)