From the course: Implementing the NIST Risk Management Framework
Join today to access over 24,700 courses taught by industry experts.
Categorization terms and resources
From the course: Implementing the NIST Risk Management Framework
Categorization terms and resources
There are multiple resources we use as a part of the RMF Categorize step. The first is the Federal Information Processing Standard 199, also known as FIPS 199. It is the US federal standard for categorizing information and systems according to an organization's level of concern for confidentiality, integrity, and availability, and the potential impact on organizational assets and operations. NIST SP 800-60, volume one and volume two are guides for mapping types of information and information systems to security categories. These were developed to assist agencies in their categorizations. They provide guidelines recommending the types of information and systems to be included in each security impact level for confidentiality, integrity, and availability. If your organization collects, handles, or stores controlled unclassified information, also known as CUI or CUI, then refer to the CUI registry provided by the National Archives. Even though it's considered unclassified, this type of…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.