technical report/powerpoint presentatiom
Step 2: Categorize the System
Task: View this topic
Last Visited Jun 18, 2021 6:15 PM
AY
The system impact levels are used to
categorize a system, one of the first steps in
the RMF process. As described in NIST
Special Publication Guide for Mapping Types
of Information and Information Systems to
Security Categories (NIST SP 800-60), the
process to categorize a system includes
identifying information types;
establishing security impact levels (low,
moderate, high) for loss of
confidentiality, integrity, and availability
for each information types;
assigning security categorization for the
information types; and
providing an overall high-water mark for
the information system.
To learn more about the security impact
levels and how they are used to categorize
information systems, refer to the following
NIST publication (PDF): Standards for
Security Categorization of Federal
Information and Information Systems (FIPS
199) . You should also revisit this
information on the Risk Management
Framework process, paying special
attention to the section on system
categorization and the NIST SP 800-60
resource.
A team of well-qualified RMF experts in your
CARS unit has completed this part of the
process and has categorized the overall
system impact as moderate. Now that this
crucial step is complete, you advance to the
next step in the RMF process: selection of
security controls.
Activity Details
6/18/21, 6:15 PM Page 1 of 1