Organizations must categorize their data according to how confidential, integral to operations, and available it needs to be to best protect it. Data should be categorized into sets like PII, ePHI, and trade secrets. Categorizing data is important because it allows organizations to know the potential impact if the data is compromised, and to apply the appropriate protections. The Federal Information Security Management Act (FISMA) provides standards for categorizing data based on confidentiality, integrity, and availability.