This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
FIPS 199
FIPS 199

Version management

Difference between version and

At line 1 added 214 lines
!!! Overview
[{$pagename}] is a [Federal Information Processing Standard] that describes [Standards] for [Data Security Impact] of Federal Information and Information Systems
[{$pagename}] describes the [Standards] to be used by all [federal|United States federal government] [agencies|United States Federal Agency] to [categorize|Classification] all information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to a range of [risk] levels
!! [{$pagename}] uses the term POTENTIAL IMPACT
Impact values assigned by [OMB] for these categories of harm are defined in [{$pagename}] reproduced below:
%%zebra-table
%%sortable
%%table-filter
||Security Objective||LOW||MODERATE||HIGH
|[Confidentiality]|The unauthorized [disclosure] of [information|data] could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.|The [unauthorized] [disclosure] of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The [unauthorized] [disclosure] of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
|[Integrity]|The unauthorized modification or destruction of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.|The unauthorized modification or destruction of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.|The unauthorized modification or destruction of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
|[Availability]|The disruption of access to or use of information or an information system could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.|The disruption of access to or use of information or an information system could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.|The disruption of access to or use of information or an information system could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals
/%
/%
/%
The [NIST.SP.800-63] [M-04-04 Level of Assurance (LOA)] provides technical requirements for each of the Authentication Levels of Assurance defined.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop