The IT Law Wiki
Explore
Main Page
All Pages
Community
Interactive Maps
Random page
TopContent
Most Visited Pages
Cell phone
Radio frequency spectrum
RFID tag
Cloud consumer
Internet
Newly Changed Pages
Computer terminal
Persuasive evidence
Website operator
Bfdi
Email bombing
Pornography
Message modification
Most Popular Pages
community
Community portal
forum
FANDOM
Fan Central
BETA
Games
Anime
Movies
TV
Video
Wikis
Explore Wikis
Community Central
Start a Wiki
Don't have an account?
Register
Sign In
Sign In
Register
The IT Law Wiki
34,539
pages
Explore
Main Page
All Pages
Community
Interactive Maps
Random page
TopContent
Most Visited Pages
Cell phone
Radio frequency spectrum
RFID tag
Cloud consumer
Internet
Newly Changed Pages
Computer terminal
Persuasive evidence
Website operator
Bfdi
Email bombing
Pornography
Message modification
Most Popular Pages
community
Community portal
forum
Editing
FIPS 200
(section)
Back to page
Edit
Edit source
View history
Talk (0)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Overview == FIPS 200 is a mandatory federal standard developed by [[NIST]] in response to [[FISMA]]. To comply with the federal standard, organizations must first determine the [[security]] category of their [[information system]] in accordance with [[FIPS 199]], "Standards for Security Categorization of Federal Information and Information Systems," and then apply the appropriately tailored set of [[baseline security]] controls in [[NIST Special Publication 800-53]]. These baseline control recommendations are: * '''Access control:''' limit [[information system]] [[access]] to [[authorized user]]s and to the types of transactions and functions that [[authorized user]]s are permitted to exercise. * '''Certification, accreditation, and security assessments:''' periodically assess [[security control]]s, develop and [[implement]] plans of action designed to correct deficiencies and reduce or eliminate [[vulnerabilities]], authorize operation of systems and any associated system connections, and [[monitor]] [[system]] [[security control]]s on an ongoing basis. * '''Risk assessment:''' periodically assess the [[risk]] to operations, assets, and individuals, resulting from the operation of systems and the associated [[data processing|processing]], [[storage]], or [[transmission]] of [[information]].
Summary:
Please note that all contributions to the The IT Law Wiki are considered to be released under the CC-BY-SA
Cancel
Editing help
(opens in new window)
Follow on IG
TikTok
Join Fan Lab