Feds finalize standards for rating security risk

The Commerce Department has approved a new Federal Information Processing Standard for categorizing security risks to government information and systems.

The National Institute of Standards and Technology developed FIPS 199 as required by the Federal Information Security Management Act.

FISMA mandates that agencies evaluate and provide security programs for IT. The new standard spells out how agencies will categorize information and systems based on a range of risk levels. It also provides a common framework for discussing security issues.

The standard takes effect today and is compulsory for evaluation of unclassified information and for information systems not designated for national security.

NIST in May published a draft of FIPS 199 for public comment. During the three-month comment period, the agency received 13 comments from the private sector, 18 from federal organizations and one from the Canadian government. The agency changed several terms in the final document as a result of the comments, NIST officials said.

According to NIST, most of the comments concerned issues of risk assessment and threats. The draft described three levels of risk each in of the areas of confidentiality, integrity and availability. The final version instead identifies three levels of impact if the confidentiality, integrity or availability of a system is compromised.

The final version also clarifies the issue of privacy, making it explicit that privacy is an element of confidentiality.

NIST plans to post the final version of FIPS Publication 199 soon at csrc.nist.gov/publications.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected