FIPS 199

Abstract: A new Federal Information Processing Standard (FIPS), recently approved by the Secretary of Commerce, will help federal agencies protect the informa­ tion and information systems that support their operations and assets. FIPS 199, Standards for Security Cate­ gorization of Federal Information and Information Systems, is an important component of a suite of standards and guidelines that NIST is developing to improve the security in federal infor­ mation systems, including those sys­ tems that are part of the nation's critical infrastructure. (See listing of these planned publications at the end of this bulletin.) FIPS 199 will enable agencies to meet the requirements of the Federal Infor­ mation Security Management Act (FISMA) and improve the security of federal information systems. The secu­ rity standard will also make it possible for federal agencies to establish priori­ ties for protecting their information systems, ranging from very sensitive, mission-critical operations to lower-priority systems performing less criti­ cal operations. Background informa­ tion on NIST's efforts to provide the security standards, guidelines, and technical tools for implementing FISMA is available at: FIPS 199 was approved after an open public review and comment process that included notices published in the Federal Register and posted on the NIST website. Comments and recom­ mendations were received from more than thirty individuals and groups. The new FIPS 199 is available elec­ tronically at: FIPS 199 is effective immediately and applies to: All information within the federal government other than that infor­ mation that has been determined pursuant to Executive Order 12958, as amended by Executive Order 13292, or any predecessor order, or by the Atomic Energy Act of 1954, as amended, to require protection against unauthorized disclosure and is marked to indicate its classified status; and All federal information systems other than those information sys­ tems designated as national security systems as defined in 44 United States Code Section 3542(b)(2). 347), was passed by the one hundred and seventh Congress and signed into law by the President in December 2002. This legislation recognizes the importance of information security to the economic and national security interests of the United States, and tasked NIST with responsibilities for standards and guidelines, including the development of: ❑ Standards to be used by all federal agencies to categorize all informa­ tion and information systems col­ lected or maintained by or on behalf of each agency based on the objec­ tives of providing appropriate levels of information …