UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

- Trained on our vast library of engineering resources.

FIPS PUB 200

Minimum Security Requirements for Federal Information and Information Systems

active, Most Current
Publication Date: 1 March 2006
Status: active
Page Count: 17
scope:

Applicability.

This standard is applicable to: (i) all information within the federal government other than that information that has been determined pursuant to Executive Order 12958, as amended by Executive Order 13292, or any predecessor order, or by the Atomic Energy Act of 1954, as amended, to require protection against unauthorized disclosure and is marked to indicate its classified status; and (ii) all federal information systems other than those information systems designated as national security systems as defined in 44 United States Code Section 3542(b)(2). The standard has been broadly developed from a technical perspective to complement similar standards for national security systems. In addition to the agencies of the federal government, state, local, and tribal governments, and private sector organizations that compose the critical infrastructure of the United States are encouraged to consider the use of this standard, as appropriate.

PURPOSE

The E-Government Act of 2002 (Public Law 107-347), passed by the one hundred and seventh Congress and signed into law by the President in December 2002, recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, entitled the Federal Information Security Management Act (FISMA) of 2002, tasked NIST with the responsibility of developing security standards and guidelines for the federal government including the development of:

• Standards for categorizing information and information systems1 collected or maintained by or on behalf of each federal agency based on the objectives of providing appropriate levels of information security according to a range of risk levels;

• Guidelines recommending the types of information and information systems to be included in each category; and

• Minimum information security requirements for information and information systems in each such category.

FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems, approved by the Secretary of Commerce in February 2004, is the first of two mandatory security standards required by the FISMA legislation.2 FIPS Publication 200, the second of the mandatory security standards, specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and a risk-based process for selecting the security controls necessary to satisfy the minimum security requirements. This standard will promote the development, implementation, and operation of more secure information systems within the federal government by establishing minimum levels of due diligence for information security and facilitating a more consistent, comparable, and repeatable approach for selecting and specifying security controls for information systems that meet minimum security requirements.

1 An information system is a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. Information resources include information and related resources, such as personnel, equipment, funds, and information technology.

2 NIST security standards and guidelines referenced in this publication are available at http://csrc.nist.gov.

Document History

FIPS PUB 200
March 1, 2006
Minimum Security Requirements for Federal Information and Information Systems
Applicability. This standard is applicable to: (i) all information within the federal government other than that information that has been determined pursuant to Executive Order 12958, as amended by...

References

Advertisement