technical report/powerpoint presentatiom

profileDrezzydre92
Step2CategorizetheSystem-COP6109041FoundationsofCyberOperations2212.pdf

Step 2: Categorize the System

Task: View this topic

Last Visited Jun 18, 2021 6:15 PM

AY

The system impact levels are used to

categorize a system, one of the first steps in

the RMF process. As described in NIST

Special Publication Guide for Mapping Types

of Information and Information Systems to

Security Categories (NIST SP 800-60), the

process to categorize a system includes

identifying information types;

establishing security impact levels (low,

moderate, high) for loss of

confidentiality, integrity, and availability

for each information types;

assigning security categorization for the

information types; and

providing an overall high-water mark for

the information system.

To learn more about the security impact

levels and how they are used to categorize

information systems, refer to the following

NIST publication (PDF): Standards for

Security Categorization of Federal

Information and Information Systems (FIPS

199) . You should also revisit this

information on the Risk Management

Framework process, paying special

attention to the section on system

categorization and the NIST SP 800-60

resource.

A team of well-qualified RMF experts in your

CARS unit has completed this part of the

process and has categorized the overall

system impact as moderate. Now that this

crucial step is complete, you advance to the

next step in the RMF process: selection of

security controls.

Activity Details

6/18/21, 6:15 PM Page 1 of 1