NIST Special Publication 800-60

Citation
NIST, Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories (NIST Special Publication 800-60) (Aug. 2008) (full-text).

Overview
This guideline was developed to assist Federal government agencies to categorize information and information systems. The guideline’s objective is to facilitate application of appropriate levels of information security according to a range of levels of impact or consequences that might result from the unauthorized disclosure, modification, or use of the information or information system. The guideline and its appendices:


 * Review the security categorization terms and definitions established by FIPS 199;
 * Recommend a security categorization process;
 * Describe a methodology for identifying types of Federal information and information systems;
 * Suggest provisional security impact levels for common information types;
 * Discuss information attributes that may result in variances from the provisional impact level assignment; and
 * Describe how to establish a system security categorization based on the system’s use, connectivity, and aggregate information content.