Lc fips 199 Security Categorization




Yüklə 1.07 Mb.
səhifə1/6
tarix18.04.2016
ölçüsü1.07 Mb.
  1   2   3   4   5   6






LC FIPS 199 Security Categorization





Note: delete the template revision data, add your revision history and delete this note before submitting the final document.

Revision History

Revision

Date

Revised By

Notes

N/A

June 15, 2006

Steve Elky

Initial document

N/A

July 10, 2006

Steve Elky

Addressed comments from internal review

N/A

July 11, 2006

Steve Elky

Move instructions and guidance to appendix

N/A

August 3, 2006

Steve Elky

Added Mission information types, a placeholder for LC specific information types and indicated relevant information types.

N/A

August 28, 2006

Steve Elky

Combine signature information with information types and system

N/A

October 18, 2006

Steve Elky

Add NIST SP 800-60 section headings to information types in Tables

N/A

January 11, 2007

Steve Elky

System to information mappings added. Instructions revised. Sample Categorization added.

N/A

December 10, 2007

Steve Elky

Revised Privacy Act section to reflect assessing PII

N/A

January 2, 2008

Steve Elky

Addressed comments from internal review

N/A

October 22, 2008

Steve Elky

Incorporate Sensitive PII

N/A

November 6, 2008

Dan Curtiss

Incorporate feedback from Copyright

N/A

November 25, 2008

Dan Curtiss

Updated Figures 6 & 7 to reflect Information Types in the August 2008 version of NIST SP 800-60 Vol. II

N/A

December 3, 2008

Dan Curtiss

Updated links to the NIST 800-60 Vol. 1 & 2 documents

N/A

December 12, 2008

Dan Curtiss

Added last 4 digits of SSN to PII table. Added NIST descriptions and provisional impacts for most information types.

















































































































































Table of Contents

1 Introduction 1

2 Security Categorization for 2

3 Appendix A – Guidance On Performing FIPS 199 Security Categorization 41

4 Performing Categorization 42

5 Appendix B – Sample Categorization 59


Table of Figures

Figure 1 – Inventory of Information Types for 2

Figure 2 – Security Categorization for Information Types 35

Figure 3 – Sensitive Personally Identifiable Information (PII) for 39

Figure 4 – Security Categorization for Systems (Systems and Groups with Systems Only) 40

Figure 5 – Library-Specific Information Types Not Covered by NIST SP 800-60 43

Figure 6 – Management and Support Lines of Business and Information Types 44

Figure 7 – Mission Based Lines of Business and Information TypesError: Reference source not found 49

Figure 8 – Examples of Effect 55

Figure 9 – Sensitive PII 56

Figure 10 – Inventory of Information Types for Cheesemaking Division 59

Figure 11 – Security Categorization for Cheesemaking Division Information Types 63

Figure 12 – Sensitive Personally Identifiable Information for Cheesemaking Division 65

Figure 13 – Security Categorization for Cheesemaking Division Systems (Systems and Groups with Systems Only) 66

  1   2   3   4   5   6


Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azrefs.org 2016
rəhbərliyinə müraciət

    Ana səhifə