X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 29 / 158

487 views

0 shares

0 downloads

0 comments

29 / 158

U.S. Department of Health and Human Services

FIPS 199 is used to determine the system categorization level of an IT system. This categorization is then used to identify minimum security controls, which are described in NIST SP 800-53 Rev. 3, Recommended Security Controls for Federal Information Systems and Organizations.

FIPS 200 established 17* families of security controls, also called “security-related areas." You will see the 17 families of security controls appear in many NIST special publications and processes, such as NIST SP 800-53 Rev. 3.

Note: Of the eighteen security control families in NIST Special Publication 800-53, seventeen families closely aligned with the seventeen minimum security requirements for federal information and information systems in FIPS 200. One additional family (Program Management [PM] family) provides controls for information security programs. This family, while not referenced in FIPS 200, provides security controls at the organizational rather than the information-system level.

Page 8 of 8

Information Security and the EPLC FIPS

Document info
Document views487
Page views487
Page last viewedMon Jan 16 10:48:29 UTC 2017
Pages158
Paragraphs2058
Words16945

Comments