X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 29 / 158

375 views

0 shares

0 downloads

0 comments

29 / 158

U.S. Department of Health and Human Services

FIPS 199 is used to determine the system categorization level of an IT system. This categorization is then used to identify minimum security controls, which are described in NIST SP 800-53 Rev. 3, Recommended Security Controls for Federal Information Systems and Organizations.

FIPS 200 established 17* families of security controls, also called “security-related areas." You will see the 17 families of security controls appear in many NIST special publications and processes, such as NIST SP 800-53 Rev. 3.

Note: Of the eighteen security control families in NIST Special Publication 800-53, seventeen families closely aligned with the seventeen minimum security requirements for federal information and information systems in FIPS 200. One additional family (Program Management [PM] family) provides controls for information security programs. This family, while not referenced in FIPS 200, provides security controls at the organizational rather than the information-system level.

Page 8 of 8

Information Security and the EPLC FIPS

Document info
Document views375
Page views375
Page last viewedMon Dec 05 01:43:09 UTC 2016
Pages158
Paragraphs2058
Words16945

Comments