EDUCAUSE | EDUCAUSE CONNECT - Standards for Security Categorization of Federal Information and Information Systems (FIPS-199) - Comments http://connect.educause.edu/display/46333 EDUCAUSE CONNECT http://connect.educause.edu/display/46333 http://connect.educause.edu/educause/images/e_rss.png Comments for "Standards for Security Categorization of Federal Information and Information Systems (FIPS-199)" en Standards for Security Categorization of Federal Information and Information Systems (FIPS-199) http://connect.educause.edu/display/46333 <p>The E-Government Act of 2002 (Public Law 107-347), recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, entitled the Federal Information Security Management Act of 2002 (FISMA), tasked NIST with responsibilities for standards and guidelines, including the development of:<br />- Standards to be used by all federal agencies to categorize all information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to a range of risk levels;<br />- Guidelines recommending the types of information and information systems to be included in each category; and<br />- Minimum information security requirements (i.e., management, operational, and technical controls), for information and information systems in each such category.<br />FIPS Publication 199 addresses the first task cited -- to develop standards for categorizing information and information systems. Security categorization standards for information and information systems provide a common framework and understanding for expressing security that, for the federal government, promotes: (i) effective management and oversight of information security programs, including the coordination of information security efforts throughout the civilian, national security, emergency preparedness, homeland security, and law enforcement communities; and (ii) consistent reporting to the Office of Management and Budget (OMB) and Congress on the adequacy and effectiveness of information security policies, procedures, and practices. Subsequent NIST standards and guidelines will address the second and third tasks cited.</p> http://connect.educause.edu/display/46333#comments Cybersecurity Policy Data Classification Policies Data Security National Institute of Standards and Technology Security Policies security standards Contributed by Organizations or Campuses Government Documents, Laws, Testimonies or Reports Mon, 03 Mar 2008 13:55:22 -0600 ckeller 46333 at http://connect.educause.edu