NIST releases security guidance on mapping information

The National Institute of Standards and Technology has released the final version of its guidelines for categorizing information housed in federal IT systems.

The Federal Information Security Management Act requires agencies to identify categories of information they maintain and to assess the impact on the agency's mission of compromises to that information. NIST is charged with providing guidance on this and other FISMA requirements.

The guidance is provided in Special Publication 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories. This version incorporates suggestions made in public workshops and during a public comment period.

The document is published in two parts. Volume 1 provides guidelines for identifying impact levels for violations of confidentiality, integrity or availability of a given type of information. Volume 2 includes examples of mission-based information types and suggests provisional impact levels.

The document focuses primarily on management and administrative information, which is likely to be common among many agencies, rather than on mission-specific information.

The publication is one of a series of guides published by NIST to provide a structured, flexible framework for selecting, specifying, employing and evaluating the security controls in implementing FISMA.

About the Author

William Jackson is a Maryland-based freelance writer.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected