Which security requirements are defined in FIPS 200?

2 Samuel 22:3-4. My God, my rock, in whom I take refuge, my shield, and the horn of my salvation, my stronghold and my refuge, my savior; you save me from violence. I call upon the Lord, who is worthy to be praised, and I am saved from my enemies.

What does FIPS 200 stand for?

FIPS 200 specifies minimum security requirements for federal information and information systems and a risk-based process for selecting the security controls necessary to satisfy the minimum requirements.

What are the levels of security defined in FIPS PUB 199?

FIPS 199 establishes three potential levels of impact (low, moderate, and high) relevant to securing Federal information and information systems for each of three stated security objectives (confidentiality, integrity, and availability).

What is the difference between FIPS 199 and FIPS 200?

FIPS 199 requires a categorization of data and systems using the CIA triad. … FIPS 200 follows FIPS 199’s categorization system by specifying 17 areas of cybersecurity where minimum security requirements are specified, including access control, incident response and risk assessment, among others.

Is FIPS 140-2 NSA approved?

The NIST’s FIPS publications, including FIPS 140-2, are approved by the U.S. Secretary of Commerce, so whether FIPS 140-2 is approved by the NSA is immaterial because there’s no official NSA approval process for FIPS publications.

THIS IS IMPORTANT:  What is Kaspersky protection extension for Firefox?

What does FIPS stand for?

The American National Standards Institute (ANSI) has taken over the management of geographic codes from the National Institute of Standards and Technology (NIST). Under NIST, the codes adhered to the Federal Information Processing Standards (FIPS).

What does security categorization mean?

Security Categorization is determining and assigning appropriate values to information or an information system based on protection needs. … Protection needs are determined by the impact to information or the information system resulting from a loss of Confidentiality, Integrity and Availability.

What is a system security plan?

A system security plan or SSP is a document that identifies the functions and features of a system, including all its hardware and the software installed on the system.

What Cnssi 1253?

1253 (CNSSI 1253), Security Categorization and Control Selection for National Security Systems provides all federal government departments, agencies, bureaus, and offices with a guidance for security categorization of National Security Systems (NSS) that collect, generate, process, store, display, transmit, or receive …

What are the NIST controls?

NIST 800 53 Control Families

  • AC – Access Control. …
  • AU – Audit and Accountability. …
  • AT – Awareness and Training. …
  • CM – Configuration Management. …
  • CP – Contingency Planning. …
  • IA – Identification and Authentication. …
  • IR – Incident Response. …
  • MA – Maintenance.