CMMI Frequently Asked Questions and their responses from CMMI Consultant(s)
What is FIPS 199 (Federal Information Processing Standard Publication 199)?
5th November, 2013
FIPS 199 is the acronym for Federal Information Processing Standard Publication 199. FIPS 199 is the Standards for Security Categorization of Federal Information and Information Systems of the United States Federal Government standard. It establishes security categorization of the information systems used by the Federal Government, one component of risk assessment.
FIPS 199 and FIPS 200 are the mandatory security standards required by Federal Information Security Management Act of 2002 (FISMA).
To be in compliance of FIPS 199, Federal agencies have to assess their information systems. Information system has to be assessed for each of the categories of confidentiality, integrity and availability. After assessment rating for each system is provided in terms of low, moderate or high impact in each category. The information system’s overall security categorization is derived from the most severe rating from any category.
The E-Government Act of 2002 recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act identified the following tasks to be done for the information security:
- Standards to be used by all federal agencies to categorize all information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to a range of risk levels;
- Guidelines recommending the types of information and information systems to be included in each category; and
- Minimum information security requirements (i.e., management, operational, and technical controls), for information and information systems in each such category.
Out of these tasks 1st task is addressed by the FIPS Publication 199. FIPS Publication 199 provides the guidance on the categorization of all information in terms of the Confidentiality, Integrity and Availability into Low, Moderate and High Impact.
Implementation Guidance for FIPS 199
DQS India provides implementation guidance for FIPS 199 to the organizations across the world. You can rely on our services as we have Security Experts with years of experience of working with different Security Standards, Technologies and Domains.
Previous Post
Data Management Maturity Model under development by CMMI InstituteNext Post
What is FIPS 200 (Federal Information Processing Standard Publication 200)?Sidebar
Author: Rajendra Khare
Rajendra's LinkedIn Profile
Rajendra is a qualified and certified Lead Appraiser and Instructor for the following :
- SCAMPI High Maturity Lead Appraiser (Certified)
- CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Acquisition (Certified)
- CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Development (Certified)
- CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Services (Certified)
- CMMI Institute-Certified Introduction to CMMI-DEV v1.3 Instructor (Certified)
- CMMI Institute-Certified Services Supplement for CMMI-DEV Instructor (Certified)
- CMMI Institute-Certified CMMI-DEV Level 2 for Practitioners Instructor (Certified)
- CMMI Institute-Certified CMMI-DEV Level 3 for Practitioners Instructor (Certified)
- CMMI Institute-Certified SCAMPI B & C Team Leader for Acquisition (Certified)
- CMMI Institute-Certified SCAMPI B & C Team Leader for Development (Certified)
- CMMI Institute-Certified SCAMPI B & C Team Leader for Services (Certified)
Rajendra is Lead Assessor for ISO 9001 (QMS), ISO 14001 (EMS), OHSAS 18001 (OHSMS) since 1994
International Automotive Task Force (IATF) approved Lead Assessor for Automotive Standard TS 16949:2009
Lead Assessor for ISO 27001 (ISMS) and ISO 20000-1 (ITSM)
Rajendra has 25 years experience in the industry.