Please enable JavaScript.
Coggle requires JavaScript to display documents.
NIST RMF (CATEGORIZATION (Main Objectives or Task (1. Identify Information…
NIST RMF
-
CATEGORIZATION
Primary Responsibilities
Information System Owner
Information Owner
Supporting Roles
Risk Executive
Senior ISSO
ISSO
CIO
Authorizating Official or Designated Representative
Main Objectives or Task
1. Identify Information Types (FIPS 199, FIPS 200)
-
Or defined by Law, Executive Order, Directive, Policy or Regulation
A specific category of Information (e.g Privay, Medical, Financial, etc)
SC(Information Type) = {(Confidentiality, Impact), (Integrity, Impact), (Availability, Impact)} NIST 800-60
-
- Determine potential Impact on org/individuals (FIPSS 199 defines 3 potential impact levels of CIA)
-
-
-
- Categorize Information Types
SC(Information Type) = {(Confidentiality, Impact), (Integrity, Impact), (Availability, Impact)} NIST 800-60
- Categorize Information System (High Watermark) Note: DoD and Intelligence communities do not use High Watermark. They use the exact categorization for the CIA (e.g High Low Moderate or HLM)
-
-
-
-
-
-