SlideShare a Scribd company logo

Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)

James W. De Rienzo
James W. De Rienzo

Impact Assessment to determine Sensitivity Level of Information System/Information Types, based on NIST SP 800-60 Volume 2 Release 1

Technology
1 of 8
Download to read offline
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Appendix C: Management & Support Information & Information Systems Impact Levels I A C I A * Controls and Oversight C System Name  Proposed FIPS 199  Impact Values * Rationale and Factors for Services Delivery Support Information System Name  Current FIPS 199  Impact Values * Corrective Action Information Type L L L Program Evaluation Information Type L L L L (3) L L Program Monitoring Information Type (3) Regulatory Development * Policy and Guidance Development Information Type L L L Public Comment Tracking Information Type L L L Regulatory Creation Information Type L L L Rule Publication Information Type L L L Planning and Budgeting * Budget Formulation Information Type L L L Capital Planning Information Type L L L Enterprise Architecture Information Type L L L Strategic Planning Information Type L L L Budget Execution Information Type L L L Workforce Planning Information Type L L L Management Improvement Information Type L L L Budget and Performance Integration Information Type L L L Tax and Fiscal Policy Information Type L L L Internal Risk Management and Mitigation * Contingency Planning Information Type M M M Continuity of Operations Information Type M M M Service Recovery Information Type L L L Revenue Collection * Debt Collection Information Type M L L User Fee Collection Information Type L L M Federal Asset Sales Information Type L M L Public Affairs * Customer Services Information Type L L L Official Information Dissemination Information Type L L L Print Date: 2/19/2014 Page 1 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Product Outreach Information Type L L L L C I A System Name  Proposed FIPS 199  Impact Values C I A L Public Relations Information Type System Name  Current FIPS 199  Impact Values L Legislative Relations * Legislation Tracking Information Type L L L Legislation Testimony Information Type L L L Proposal Development Information Type M L L Congressional Liaison Operations Information Type M L L General Government * Central Fiscal Operations Information Type (4) M L L Legislative Functions Information Type L L L Executive Functions Information Type (5) L L L Central Property Management Information Type L (6) L L (7) Central Personnel Management Information Type L L L Taxation Management Information Type M L L Central Records and Statistics Management Information Type M L L Income Information Information Type (8) M M M Personal Identity and Authentication Information Information Type (8) M M M Entitlement Event Information Information Type (8) M M M Representative Payee Information Information Type (8) M M M General Information Information Type (9) L L L Notification of Finding Report Information (General Information Information Type ‐ [9]) L L L Memoranda and Guidelines (General Information Information Type ‐ [9]) L L L Presidential Directives & Executive Orders (General Information Information Type ‐ [9]) L L L Other Executive Office of the President Guidance (General Information Information Type ‐ [9]) L L L Rationale and Factors for Government Resource Management Information * Administrative Management * L (6) L (7) L (7) Facilities, Fleet, and Equipment Management Information Type Help Desk Services Information Type L L L Security Management Information Type M M L Travel Information Type L L L Workplace Policy Development and Management Information Type (Intra‐Agency Only) L L L Financial Management Print Date: 2/19/2014 * Page 2 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Assets and Liability Management Information Type L L L M M M L M L M L M L M A L Cost Accounting/ Performance Measurement Information Type I L Collections and Receivables Information Type C L Payments Information Type A L Accounting Information Type I L Funds Control Information Type C System Name  Proposed FIPS 199  Impact Values L Reporting and Information Information Type System Name  Current FIPS 199  Impact Values L Human Resource Management * HR Strategy Information Type L L L Staff Acquisition Information Type L L L Organization & Position Management Information Type L L L Compensation Management Information Type L L L Benefits Management Information Type L L L Employee Performance Management Information Type L L L Employee Relations Information Type L L L Labor Relations Information Type L L L Separation Management Information Type L L L Human Resources Development Information Type L L L Supply Chain Management * Goods Acquisition Information Type L L L Inventory Control Information Type L L L Logistics Management Information Type L L L Services Acquisition Information Type L L L Information and Technology Management * System Development Information Type L M L Lifecycle/Change Management Information Type L M L System Maintenance Information Type L M L IT Infrastructure Maintenance Information Type (10) L L L Information Security Information Type L M L Record Retention Information Type L L L Information Management Information Type (11) L M L System and Network Monitoring Information Type M M L Print Date: 2/19/2014 Page 3 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C Information Sharing Information Type I A * System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A N/A N/A N/A Appendix D: Impact Determination for Mission‐Based Information & Infomation Systems * Defense and National Security * N/S N/S N/S Homeland Security * Border and Transportation Security Information Type M M M Key Asset and Critical Infrastructure Protection Information Type H H H Catastrophic Defense Information Type H H H Executive Functions of the Executive Office of the President (EOP) Information Type (23) H M H Intelligence Operations (24) N/S N/S N/S Disaster Management * * Disaster Monitoring and Prediction Information Type L H H Disaster Preparedness and Planning Information Type L L L Disaster Repair and Restoration Information Type L L L Emergency Response Information Type L H H International Affairs and Commerce * Foreign Affairs Information Type H H M International Development and Humanitarian Aid Information Type M L L Global Trade Information Type H H H Natural Resources * Water Resource Management Information Type L L L Conservation, Marine and Land Management Information Type L L L Recreational Resource Management and Tourism Information Type L L L Agricultural Innovation and Services Information Type L L L Energy * L(25) M(26) M(26) Energy Supply Information Type Energy Conservation and Preparedness Information Type L L L Energy Resource Management Information Type M L L Energy Production Information Type L L L Environmental Management * Environmental Monitoring and Forecasting Information Type L M L Environmental Remediation Information Type M L L Pollution Prevention and Control Information Type L L L Print Date: 2/19/2014 Page 4 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Economic Development System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A * Business and Industry Development Information Type L L L Intellectual Property Protection Information Type L L L Financial Sector Oversight Information Type M L L Industry Sector Income Stabilization Information Type M L L Community and Social Services * Homeownership Promotion Information Type L L L Community and Regional Development Information Type L L L Social Services Information Type L L L Postal Services Information Type L M M Transportation * Ground Transportation Information Type L L L Water Transportation Information Type L L L Air Transportation Information Type L L L Space Operations Information Type L H H Education * Elementary, Secondary, and Vocational Education Information Type L L L Higher Education Information Type L L L Cultural and Historic Preservation Information Type L L L Cultural and Historic Exhibition Information Type L L L Workforce Management * Training and Employment Information Type L L L Labor Rights Management Information Type L L L Worker Safety Information Type L L L Health * Access to Care Information Type L M L Population Health Management and Consumer Safety Information Type L M L Health Care Administration Information Type L M L Health Care Delivery Services Information Type L H L Health Care Research and Practitioner Education Information Type L M L Income Security * General Retirement and Disability Information Type Print Date: 2/19/2014 M Page 5 of 8  M M Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Unemployment Compensation Information Type L L L L L L L L A C I A L Survivor Compensation Information Type I L Food and Nutrition Assistance Information Type C System Name  Proposed FIPS 199  Impact Values L Housing Assistance Information Type System Name  Current FIPS 199  Impact Values L Law Enforcement * Criminal Apprehension Information Type L L M Criminal Investigation and Surveillance Information Type M M M Citizen Protection Information Type M M M Leadership Protection Information Type M L L Property Protection Information Type L L L Substance Control Information Type M M M Crime Prevention Information Type L L L Trade Law Enforcement Information Type (27) M M M Litigation and Judicial Activities * Judicial Hearings Information Type M L L Legal Defense Information Type M H L Legal Investigation Information Type M M M Legal Prosecution and Litigation Information Type L M L Resolution Facilitation Information Type M L L Federal Correctional Activities * Criminal Incarceration Information Type L M L Criminal Rehabilitation Information Type L L L General Sciences and Innovation * Scientific and Technological Research and Innovation Information Type L M L Space Exploration and Innovation Information Type L M L Knowledge Creation and Management * Research and Development Information Type L M L General Purpose Data and Statistics Information Type L L L Advising and Consulting Information Type L L L Knowledge Dissemination Information Type L L L Regulatory Compliance and Enforcement * Inspections and Auditing Information Type Print Date: 2/19/2014 M Page 6 of 8  M L Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Standards Setting/Reporting Guideline Development Information Type L L L L C I A System Name  Proposed FIPS 199  Impact Values C I A L Permits and Licensing Information Type System Name  Current FIPS 199  Impact Values L Public Goods Creation and Management * Manufacturing Information Type L L L Construction Information Type L L L Public Resources, Facility and Infrastructure Management Information Type L L L Information Infrastructure Management Information Type L L L Federal Financial Assistance * Federal Grants (Non‐State) Information Type L L L Direct Transfers to Individuals Information Type L L L Subsidies Information Type L L L Tax Credits Information Type M L L Credit and Insurance * Direct Loans Information Type L L L Loan Guarantees Information Type L L L General Insurance Information Type L L L Transfers to State/Local Governments * Formula Grants Information Type L L L Project/Competitive Grants Information Type L L L Earmarked Grants Information Type L L L State Loans Information Type L L L Direct Services for Citizens * Military Operations Information Type (28) N/A N/A N/A Civilian Operations Information Type (28) N/A N/A N/A APPENDIX E: Legislative & Executive & Executive Sources Establishing Sensitivity/Criticality * Legislative Mandates * Executive Mandates * Office of Management and Budget Memoranda and Guidelines * Presidential Directives and Executive Orders * Other EOP Guidance * OMB and Case Law Interpretations * Print Date: 2/19/2014 Page 7 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A 3  The confidentiality impact assigned to the Program Monitoring Information Type may necessitate the highest confidentiality impact of the information types  processed by the system. 4  Tax‐related functions are associated with the Taxation Management information type. 5  The OMB Business Reference Model “Executive Function has been expanded to include general agency executive functions as well as Executive Office of the  President (EOP) functions. Strictly EOP executive functions are treated in Appendix D, Examples of Impact Determination for Mission‐Based Information and  Information Systems. 6  High where safety of major critical infrastructure components or key national assets is at stake. 7  Moderate or High in emergency situations where time‐critical processes affecting human safety or major assets are involved. 8  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address privacy information. 9  The OMB Business Reference Model does not include a General Information information type. This information type was added as a catch‐all information type.  As such, agencies may use this to identify additional information types not defined in the BRM and assign impact levels. 10  The confidentiality impact assigned to the IT Infrastructure Maintenance Information Type may necessitate the highest confidentiality impact of the information  types processed by the system. 11  The confidentiality impact assigned to the Information Management Information Type may necessitate the highest confidentiality impact of the information  types processed by the system. 20  Impact level is usually moderate to high in emergency situations where time‐critical processes affecting human safety or major assets are involved. 21  A loss of confidentiality that causes a significant degradation in mission capability, places the agency at a significant disadvantage, or results in major damage to  assets, requiring extensive corrective actions or repairs. 23  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address functions of the Executive Office of the  President (EOP). 24  Where foreign intelligence information is involved, the information and information systems are categorized as national security information or systems and are  outside the scope of this guideline. 25  High where safety of radioactive materials, highly flammable fuels, or transmission channels or control processes at risk. 26  Usually Moderate or High where mission‐critical procedures are involved. 27  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address trade law enforcement. 28  As mode of delivery of mission‐based services, the security categorization of Direct Services to Citizens sub‐functions Military Operations and Civilian Operation  is dependent on the mission services delivered to the citizens [e.g., Health Care; Emergency Response, Environmental Remediation] should be categorized in  accordance with the mission‐based information type. Print Date: 2/19/2014 Page 8 of 8  Contact: James W. De Rienzo

Recommended

NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)James W. De Rienzo
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Measuring Success - Security KPIs
Measuring Success - Security KPIsMeasuring Success - Security KPIs
Measuring Success - Security KPIsH Contrex
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information SecurityJohnHPazEMCPMPITIL5G
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 

Recommended

NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)James W. De Rienzo
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Measuring Success - Security KPIs
Measuring Success - Security KPIsMeasuring Success - Security KPIs
Measuring Success - Security KPIsH Contrex
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information SecurityJohnHPazEMCPMPITIL5G
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery PlanningJohn Wilson
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Donald E. Hester
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).pptAjjuSingh2
 
CISO's first 100 days
CISO's first 100 daysCISO's first 100 days
CISO's first 100 daysMichaelSadeghiPhDABD
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelinesSrishti Ahuja
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbazRisk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbazMohamed Saeed
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedSounil Yu
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations centerCyberhat
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Risk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesRisk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesSlideTeam
 
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...James W. De Rienzo
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804James W. De Rienzo
 

More Related Content

What's hot

Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery PlanningJohn Wilson
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Donald E. Hester
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).pptAjjuSingh2
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelinesSrishti Ahuja
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbazRisk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbazMohamed Saeed
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedSounil Yu
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations centerCyberhat
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Risk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesRisk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesSlideTeam
 

What's hot (20)

Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery Planning
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
 
CISO's first 100 days
CISO's first 100 daysCISO's first 100 days
CISO's first 100 days
 
Cloud Security using NIST guidelines
Cloud Security using NIST guidelinesCloud Security using NIST guidelines
Cloud Security using NIST guidelines
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
Risk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbazRisk 0-risk-guide book for pmi-rmp by amer elbaz
Risk 0-risk-guide book for pmi-rmp by amer elbaz
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber Security
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations center
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Risk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesRisk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation Slides
 

Viewers also liked

Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...James W. De Rienzo
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804James W. De Rienzo
 
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4James W. De Rienzo
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aJames W. De Rienzo
 
INFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition PlanINFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition PlanBill Ross
 
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...James W. De Rienzo
 
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...James W. De Rienzo
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk AssessmentSteve Bishop
 
Cyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
Cyber_Warfare_Escalation_to_Nuclear_Warfare_ExaminationCyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
Cyber_Warfare_Escalation_to_Nuclear_Warfare_ExaminationBill Ross
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)James W. De Rienzo
 
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)James W. De Rienzo
 
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...James W. De Rienzo
 
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...James W. De Rienzo
 
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...James W. De Rienzo
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the CloudNetStandard
 
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwdJob aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwdJames W. De Rienzo
 
Nist 800 60 data types catgorization tables
Nist 800 60 data types catgorization tablesNist 800 60 data types catgorization tables
Nist 800 60 data types catgorization tablesDaniel Kerberos
 
Information Security Fundamentals
Information Security FundamentalsInformation Security Fundamentals
Information Security FundamentalsJames W. De Rienzo
 

Viewers also liked (20)

Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
 
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
 
INFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition PlanINFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition Plan
 
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
 
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk Assessment
 
Cyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
Cyber_Warfare_Escalation_to_Nuclear_Warfare_ExaminationCyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
Cyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
 
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
 
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
 
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
 
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwdJob aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
 
Nist 800 60 data types catgorization tables
Nist 800 60 data types catgorization tablesNist 800 60 data types catgorization tables
Nist 800 60 data types catgorization tables
 
Information Security Fundamentals
Information Security FundamentalsInformation Security Fundamentals
Information Security Fundamentals
 

Similar to Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)

Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanTripwire
 
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docxINSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docxdirkrplav
 
Data-Classification-Study (1).pptx
Data-Classification-Study (1).pptxData-Classification-Study (1).pptx
Data-Classification-Study (1).pptxMukeshKumar798460
 
The art of securing microgrid control systems
The art of securing microgrid control systemsThe art of securing microgrid control systems
The art of securing microgrid control systemsJim Dodenhoff
 
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docxhttpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docxwellesleyterresa
 
L3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxL3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxStevenTharp2
 
NIST Framework for Information System
NIST Framework for Information SystemNIST Framework for Information System
NIST Framework for Information Systemnewbie2019
 
Jib inc260425-2
Jib inc260425-2Jib inc260425-2
Jib inc260425-2Liberteks
 
Risk Assessment In this assignment, you will perform a qualitat.docx
Risk Assessment In this assignment, you will perform a qualitat.docxRisk Assessment In this assignment, you will perform a qualitat.docx
Risk Assessment In this assignment, you will perform a qualitat.docxSUBHI7
 
Monitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs MarsMonitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs Marsamit_monty
 
Federal government security planning
Federal government security planningFederal government security planning
Federal government security planninggdobbe
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeUnderstanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeDonald E. Hester
 
It security-plan-template
It security-plan-templateIt security-plan-template
It security-plan-templatejbmills1634
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™CPaschal
 
CRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approachCRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approachCRISP Project
 
PhishingBox Overview
PhishingBox OverviewPhishingBox Overview
PhishingBox OverviewPhishingBox
 
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxProject #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxstilliegeorgiana
 
Consequence Informed Cyber Security
Consequence Informed Cyber Security Consequence Informed Cyber Security
Consequence Informed Cyber Security Dragos, Inc.
 

Similar to Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1) (20)

Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
 
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docxINSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
 
Data-Classification-Study (1).pptx
Data-Classification-Study (1).pptxData-Classification-Study (1).pptx
Data-Classification-Study (1).pptx
 
Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015
 
The art of securing microgrid control systems
The art of securing microgrid control systemsThe art of securing microgrid control systems
The art of securing microgrid control systems
 
Information security risk
Information security riskInformation security risk
Information security risk
 
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docxhttpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
 
L3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxL3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptx
 
NIST Framework for Information System
NIST Framework for Information SystemNIST Framework for Information System
NIST Framework for Information System
 
Jib inc260425-2
Jib inc260425-2Jib inc260425-2
Jib inc260425-2
 
Risk Assessment In this assignment, you will perform a qualitat.docx
Risk Assessment In this assignment, you will perform a qualitat.docxRisk Assessment In this assignment, you will perform a qualitat.docx
Risk Assessment In this assignment, you will perform a qualitat.docx
 
Monitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs MarsMonitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs Mars
 
Federal government security planning
Federal government security planningFederal government security planning
Federal government security planning
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeUnderstanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
 
It security-plan-template
It security-plan-templateIt security-plan-template
It security-plan-template
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™
 
CRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approachCRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approach
 
PhishingBox Overview
PhishingBox OverviewPhishingBox Overview
PhishingBox Overview
 
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxProject #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
 
Consequence Informed Cyber Security
Consequence Informed Cyber Security Consequence Informed Cyber Security
Consequence Informed Cyber Security
 

More from James W. De Rienzo

Nist sp 800_r5_baselines_&amp;_attributes
Nist sp 800_r5_baselines_&amp;_attributesNist sp 800_r5_baselines_&amp;_attributes
Nist sp 800_r5_baselines_&amp;_attributesJames W. De Rienzo
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417James W. De Rienzo
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 
NIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database AnalysisNIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database AnalysisJames W. De Rienzo
 
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...James W. De Rienzo
 
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804James W. De Rienzo
 
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkInformation Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkJames W. De Rienzo
 
VDI and Application Virtualization
VDI and Application VirtualizationVDI and Application Virtualization
VDI and Application VirtualizationJames W. De Rienzo
 

More from James W. De Rienzo (10)

Nist sp 800_r5_baselines_&amp;_attributes
Nist sp 800_r5_baselines_&amp;_attributesNist sp 800_r5_baselines_&amp;_attributes
Nist sp 800_r5_baselines_&amp;_attributes
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
 
NIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database AnalysisNIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database Analysis
 
SEI CERT Podcast Series
SEI CERT Podcast SeriesSEI CERT Podcast Series
SEI CERT Podcast Series
 
CNDSP Assessment Template
CNDSP Assessment TemplateCNDSP Assessment Template
CNDSP Assessment Template
 
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
 
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
 
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkInformation Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual Framework
 
VDI and Application Virtualization
VDI and Application VirtualizationVDI and Application Virtualization
VDI and Application Virtualization
 

Recently uploaded

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Recently uploaded (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)

  • 1. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Appendix C: Management & Support Information & Information Systems Impact Levels I A C I A * Controls and Oversight C System Name  Proposed FIPS 199  Impact Values * Rationale and Factors for Services Delivery Support Information System Name  Current FIPS 199  Impact Values * Corrective Action Information Type L L L Program Evaluation Information Type L L L L (3) L L Program Monitoring Information Type (3) Regulatory Development * Policy and Guidance Development Information Type L L L Public Comment Tracking Information Type L L L Regulatory Creation Information Type L L L Rule Publication Information Type L L L Planning and Budgeting * Budget Formulation Information Type L L L Capital Planning Information Type L L L Enterprise Architecture Information Type L L L Strategic Planning Information Type L L L Budget Execution Information Type L L L Workforce Planning Information Type L L L Management Improvement Information Type L L L Budget and Performance Integration Information Type L L L Tax and Fiscal Policy Information Type L L L Internal Risk Management and Mitigation * Contingency Planning Information Type M M M Continuity of Operations Information Type M M M Service Recovery Information Type L L L Revenue Collection * Debt Collection Information Type M L L User Fee Collection Information Type L L M Federal Asset Sales Information Type L M L Public Affairs * Customer Services Information Type L L L Official Information Dissemination Information Type L L L Print Date: 2/19/2014 Page 1 of 8  Contact: James W. De Rienzo
  • 2. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Product Outreach Information Type L L L L C I A System Name  Proposed FIPS 199  Impact Values C I A L Public Relations Information Type System Name  Current FIPS 199  Impact Values L Legislative Relations * Legislation Tracking Information Type L L L Legislation Testimony Information Type L L L Proposal Development Information Type M L L Congressional Liaison Operations Information Type M L L General Government * Central Fiscal Operations Information Type (4) M L L Legislative Functions Information Type L L L Executive Functions Information Type (5) L L L Central Property Management Information Type L (6) L L (7) Central Personnel Management Information Type L L L Taxation Management Information Type M L L Central Records and Statistics Management Information Type M L L Income Information Information Type (8) M M M Personal Identity and Authentication Information Information Type (8) M M M Entitlement Event Information Information Type (8) M M M Representative Payee Information Information Type (8) M M M General Information Information Type (9) L L L Notification of Finding Report Information (General Information Information Type ‐ [9]) L L L Memoranda and Guidelines (General Information Information Type ‐ [9]) L L L Presidential Directives & Executive Orders (General Information Information Type ‐ [9]) L L L Other Executive Office of the President Guidance (General Information Information Type ‐ [9]) L L L Rationale and Factors for Government Resource Management Information * Administrative Management * L (6) L (7) L (7) Facilities, Fleet, and Equipment Management Information Type Help Desk Services Information Type L L L Security Management Information Type M M L Travel Information Type L L L Workplace Policy Development and Management Information Type (Intra‐Agency Only) L L L Financial Management Print Date: 2/19/2014 * Page 2 of 8  Contact: James W. De Rienzo
  • 3. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Assets and Liability Management Information Type L L L M M M L M L M L M L M A L Cost Accounting/ Performance Measurement Information Type I L Collections and Receivables Information Type C L Payments Information Type A L Accounting Information Type I L Funds Control Information Type C System Name  Proposed FIPS 199  Impact Values L Reporting and Information Information Type System Name  Current FIPS 199  Impact Values L Human Resource Management * HR Strategy Information Type L L L Staff Acquisition Information Type L L L Organization & Position Management Information Type L L L Compensation Management Information Type L L L Benefits Management Information Type L L L Employee Performance Management Information Type L L L Employee Relations Information Type L L L Labor Relations Information Type L L L Separation Management Information Type L L L Human Resources Development Information Type L L L Supply Chain Management * Goods Acquisition Information Type L L L Inventory Control Information Type L L L Logistics Management Information Type L L L Services Acquisition Information Type L L L Information and Technology Management * System Development Information Type L M L Lifecycle/Change Management Information Type L M L System Maintenance Information Type L M L IT Infrastructure Maintenance Information Type (10) L L L Information Security Information Type L M L Record Retention Information Type L L L Information Management Information Type (11) L M L System and Network Monitoring Information Type M M L Print Date: 2/19/2014 Page 3 of 8  Contact: James W. De Rienzo
  • 4. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C Information Sharing Information Type I A * System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A N/A N/A N/A Appendix D: Impact Determination for Mission‐Based Information & Infomation Systems * Defense and National Security * N/S N/S N/S Homeland Security * Border and Transportation Security Information Type M M M Key Asset and Critical Infrastructure Protection Information Type H H H Catastrophic Defense Information Type H H H Executive Functions of the Executive Office of the President (EOP) Information Type (23) H M H Intelligence Operations (24) N/S N/S N/S Disaster Management * * Disaster Monitoring and Prediction Information Type L H H Disaster Preparedness and Planning Information Type L L L Disaster Repair and Restoration Information Type L L L Emergency Response Information Type L H H International Affairs and Commerce * Foreign Affairs Information Type H H M International Development and Humanitarian Aid Information Type M L L Global Trade Information Type H H H Natural Resources * Water Resource Management Information Type L L L Conservation, Marine and Land Management Information Type L L L Recreational Resource Management and Tourism Information Type L L L Agricultural Innovation and Services Information Type L L L Energy * L(25) M(26) M(26) Energy Supply Information Type Energy Conservation and Preparedness Information Type L L L Energy Resource Management Information Type M L L Energy Production Information Type L L L Environmental Management * Environmental Monitoring and Forecasting Information Type L M L Environmental Remediation Information Type M L L Pollution Prevention and Control Information Type L L L Print Date: 2/19/2014 Page 4 of 8  Contact: James W. De Rienzo
  • 5. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Economic Development System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A * Business and Industry Development Information Type L L L Intellectual Property Protection Information Type L L L Financial Sector Oversight Information Type M L L Industry Sector Income Stabilization Information Type M L L Community and Social Services * Homeownership Promotion Information Type L L L Community and Regional Development Information Type L L L Social Services Information Type L L L Postal Services Information Type L M M Transportation * Ground Transportation Information Type L L L Water Transportation Information Type L L L Air Transportation Information Type L L L Space Operations Information Type L H H Education * Elementary, Secondary, and Vocational Education Information Type L L L Higher Education Information Type L L L Cultural and Historic Preservation Information Type L L L Cultural and Historic Exhibition Information Type L L L Workforce Management * Training and Employment Information Type L L L Labor Rights Management Information Type L L L Worker Safety Information Type L L L Health * Access to Care Information Type L M L Population Health Management and Consumer Safety Information Type L M L Health Care Administration Information Type L M L Health Care Delivery Services Information Type L H L Health Care Research and Practitioner Education Information Type L M L Income Security * General Retirement and Disability Information Type Print Date: 2/19/2014 M Page 5 of 8  M M Contact: James W. De Rienzo
  • 6. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Unemployment Compensation Information Type L L L L L L L L A C I A L Survivor Compensation Information Type I L Food and Nutrition Assistance Information Type C System Name  Proposed FIPS 199  Impact Values L Housing Assistance Information Type System Name  Current FIPS 199  Impact Values L Law Enforcement * Criminal Apprehension Information Type L L M Criminal Investigation and Surveillance Information Type M M M Citizen Protection Information Type M M M Leadership Protection Information Type M L L Property Protection Information Type L L L Substance Control Information Type M M M Crime Prevention Information Type L L L Trade Law Enforcement Information Type (27) M M M Litigation and Judicial Activities * Judicial Hearings Information Type M L L Legal Defense Information Type M H L Legal Investigation Information Type M M M Legal Prosecution and Litigation Information Type L M L Resolution Facilitation Information Type M L L Federal Correctional Activities * Criminal Incarceration Information Type L M L Criminal Rehabilitation Information Type L L L General Sciences and Innovation * Scientific and Technological Research and Innovation Information Type L M L Space Exploration and Innovation Information Type L M L Knowledge Creation and Management * Research and Development Information Type L M L General Purpose Data and Statistics Information Type L L L Advising and Consulting Information Type L L L Knowledge Dissemination Information Type L L L Regulatory Compliance and Enforcement * Inspections and Auditing Information Type Print Date: 2/19/2014 M Page 6 of 8  M L Contact: James W. De Rienzo
  • 7. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Standards Setting/Reporting Guideline Development Information Type L L L L C I A System Name  Proposed FIPS 199  Impact Values C I A L Permits and Licensing Information Type System Name  Current FIPS 199  Impact Values L Public Goods Creation and Management * Manufacturing Information Type L L L Construction Information Type L L L Public Resources, Facility and Infrastructure Management Information Type L L L Information Infrastructure Management Information Type L L L Federal Financial Assistance * Federal Grants (Non‐State) Information Type L L L Direct Transfers to Individuals Information Type L L L Subsidies Information Type L L L Tax Credits Information Type M L L Credit and Insurance * Direct Loans Information Type L L L Loan Guarantees Information Type L L L General Insurance Information Type L L L Transfers to State/Local Governments * Formula Grants Information Type L L L Project/Competitive Grants Information Type L L L Earmarked Grants Information Type L L L State Loans Information Type L L L Direct Services for Citizens * Military Operations Information Type (28) N/A N/A N/A Civilian Operations Information Type (28) N/A N/A N/A APPENDIX E: Legislative & Executive & Executive Sources Establishing Sensitivity/Criticality * Legislative Mandates * Executive Mandates * Office of Management and Budget Memoranda and Guidelines * Presidential Directives and Executive Orders * Other EOP Guidance * OMB and Case Law Interpretations * Print Date: 2/19/2014 Page 7 of 8  Contact: James W. De Rienzo
  • 8. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A 3  The confidentiality impact assigned to the Program Monitoring Information Type may necessitate the highest confidentiality impact of the information types  processed by the system. 4  Tax‐related functions are associated with the Taxation Management information type. 5  The OMB Business Reference Model “Executive Function has been expanded to include general agency executive functions as well as Executive Office of the  President (EOP) functions. Strictly EOP executive functions are treated in Appendix D, Examples of Impact Determination for Mission‐Based Information and  Information Systems. 6  High where safety of major critical infrastructure components or key national assets is at stake. 7  Moderate or High in emergency situations where time‐critical processes affecting human safety or major assets are involved. 8  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address privacy information. 9  The OMB Business Reference Model does not include a General Information information type. This information type was added as a catch‐all information type.  As such, agencies may use this to identify additional information types not defined in the BRM and assign impact levels. 10  The confidentiality impact assigned to the IT Infrastructure Maintenance Information Type may necessitate the highest confidentiality impact of the information  types processed by the system. 11  The confidentiality impact assigned to the Information Management Information Type may necessitate the highest confidentiality impact of the information  types processed by the system. 20  Impact level is usually moderate to high in emergency situations where time‐critical processes affecting human safety or major assets are involved. 21  A loss of confidentiality that causes a significant degradation in mission capability, places the agency at a significant disadvantage, or results in major damage to  assets, requiring extensive corrective actions or repairs. 23  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address functions of the Executive Office of the  President (EOP). 24  Where foreign intelligence information is involved, the information and information systems are categorized as national security information or systems and are  outside the scope of this guideline. 25  High where safety of radioactive materials, highly flammable fuels, or transmission channels or control processes at risk. 26  Usually Moderate or High where mission‐critical procedures are involved. 27  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address trade law enforcement. 28  As mode of delivery of mission‐based services, the security categorization of Direct Services to Citizens sub‐functions Military Operations and Civilian Operation  is dependent on the mission services delivered to the citizens [e.g., Health Care; Emergency Response, Environmental Remediation] should be categorized in  accordance with the mission‐based information type. Print Date: 2/19/2014 Page 8 of 8  Contact: James W. De Rienzo