jspωiki
FIPS 199

Overview#

FIPS 199 is a Federal Information Processing Standard that describes Standards for Data Security Impact of Federal Information and Information Systems

FIPS 199 describes the Standards to be used by all federal agencies to categorize all information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to a range of risk levels

FIPS 199 uses the term POTENTIAL IMPACT#

Impact values assigned by OMB for these categories of harm are defined in FIPS 199 reproduced below:
Security ObjectiveLOWMODERATEHIGH
ConfidentialityThe unauthorized disclosure of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. The unauthorized disclosure of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
IntegrityThe unauthorized modification or destruction of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.The unauthorized modification or destruction of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.The unauthorized modification or destruction of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
AvailabilityThe disruption of access to or use of information or an information system could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.The disruption of access to or use of information or an information system could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.The disruption of access to or use of information or an information system could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals

The NIST.SP.800-63 M-04-04 Level of Assurance (LOA) provides technical requirements for each of the Authentication Levels of Assurance defined.

More Information#

There might be more information for this subject on one of the following: