SlideShare a Scribd company logo

Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)

James W. De Rienzo
James W. De Rienzo

Impact Assessment to determine Sensitivity Level of Information System/Information Types, based on NIST SP 800-60 Volume 2 Release 1

Technology
1 of 8
Download to read offline
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Appendix C: Management & Support Information & Information Systems Impact Levels I A C I A * Controls and Oversight C System Name  Proposed FIPS 199  Impact Values * Rationale and Factors for Services Delivery Support Information System Name  Current FIPS 199  Impact Values * Corrective Action Information Type L L L Program Evaluation Information Type L L L L (3) L L Program Monitoring Information Type (3) Regulatory Development * Policy and Guidance Development Information Type L L L Public Comment Tracking Information Type L L L Regulatory Creation Information Type L L L Rule Publication Information Type L L L Planning and Budgeting * Budget Formulation Information Type L L L Capital Planning Information Type L L L Enterprise Architecture Information Type L L L Strategic Planning Information Type L L L Budget Execution Information Type L L L Workforce Planning Information Type L L L Management Improvement Information Type L L L Budget and Performance Integration Information Type L L L Tax and Fiscal Policy Information Type L L L Internal Risk Management and Mitigation * Contingency Planning Information Type M M M Continuity of Operations Information Type M M M Service Recovery Information Type L L L Revenue Collection * Debt Collection Information Type M L L User Fee Collection Information Type L L M Federal Asset Sales Information Type L M L Public Affairs * Customer Services Information Type L L L Official Information Dissemination Information Type L L L Print Date: 2/19/2014 Page 1 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Product Outreach Information Type L L L L C I A System Name  Proposed FIPS 199  Impact Values C I A L Public Relations Information Type System Name  Current FIPS 199  Impact Values L Legislative Relations * Legislation Tracking Information Type L L L Legislation Testimony Information Type L L L Proposal Development Information Type M L L Congressional Liaison Operations Information Type M L L General Government * Central Fiscal Operations Information Type (4) M L L Legislative Functions Information Type L L L Executive Functions Information Type (5) L L L Central Property Management Information Type L (6) L L (7) Central Personnel Management Information Type L L L Taxation Management Information Type M L L Central Records and Statistics Management Information Type M L L Income Information Information Type (8) M M M Personal Identity and Authentication Information Information Type (8) M M M Entitlement Event Information Information Type (8) M M M Representative Payee Information Information Type (8) M M M General Information Information Type (9) L L L Notification of Finding Report Information (General Information Information Type ‐ [9]) L L L Memoranda and Guidelines (General Information Information Type ‐ [9]) L L L Presidential Directives & Executive Orders (General Information Information Type ‐ [9]) L L L Other Executive Office of the President Guidance (General Information Information Type ‐ [9]) L L L Rationale and Factors for Government Resource Management Information * Administrative Management * L (6) L (7) L (7) Facilities, Fleet, and Equipment Management Information Type Help Desk Services Information Type L L L Security Management Information Type M M L Travel Information Type L L L Workplace Policy Development and Management Information Type (Intra‐Agency Only) L L L Financial Management Print Date: 2/19/2014 * Page 2 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Assets and Liability Management Information Type L L L M M M L M L M L M L M A L Cost Accounting/ Performance Measurement Information Type I L Collections and Receivables Information Type C L Payments Information Type A L Accounting Information Type I L Funds Control Information Type C System Name  Proposed FIPS 199  Impact Values L Reporting and Information Information Type System Name  Current FIPS 199  Impact Values L Human Resource Management * HR Strategy Information Type L L L Staff Acquisition Information Type L L L Organization & Position Management Information Type L L L Compensation Management Information Type L L L Benefits Management Information Type L L L Employee Performance Management Information Type L L L Employee Relations Information Type L L L Labor Relations Information Type L L L Separation Management Information Type L L L Human Resources Development Information Type L L L Supply Chain Management * Goods Acquisition Information Type L L L Inventory Control Information Type L L L Logistics Management Information Type L L L Services Acquisition Information Type L L L Information and Technology Management * System Development Information Type L M L Lifecycle/Change Management Information Type L M L System Maintenance Information Type L M L IT Infrastructure Maintenance Information Type (10) L L L Information Security Information Type L M L Record Retention Information Type L L L Information Management Information Type (11) L M L System and Network Monitoring Information Type M M L Print Date: 2/19/2014 Page 3 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C Information Sharing Information Type I A * System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A N/A N/A N/A Appendix D: Impact Determination for Mission‐Based Information & Infomation Systems * Defense and National Security * N/S N/S N/S Homeland Security * Border and Transportation Security Information Type M M M Key Asset and Critical Infrastructure Protection Information Type H H H Catastrophic Defense Information Type H H H Executive Functions of the Executive Office of the President (EOP) Information Type (23) H M H Intelligence Operations (24) N/S N/S N/S Disaster Management * * Disaster Monitoring and Prediction Information Type L H H Disaster Preparedness and Planning Information Type L L L Disaster Repair and Restoration Information Type L L L Emergency Response Information Type L H H International Affairs and Commerce * Foreign Affairs Information Type H H M International Development and Humanitarian Aid Information Type M L L Global Trade Information Type H H H Natural Resources * Water Resource Management Information Type L L L Conservation, Marine and Land Management Information Type L L L Recreational Resource Management and Tourism Information Type L L L Agricultural Innovation and Services Information Type L L L Energy * L(25) M(26) M(26) Energy Supply Information Type Energy Conservation and Preparedness Information Type L L L Energy Resource Management Information Type M L L Energy Production Information Type L L L Environmental Management * Environmental Monitoring and Forecasting Information Type L M L Environmental Remediation Information Type M L L Pollution Prevention and Control Information Type L L L Print Date: 2/19/2014 Page 4 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Economic Development System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A * Business and Industry Development Information Type L L L Intellectual Property Protection Information Type L L L Financial Sector Oversight Information Type M L L Industry Sector Income Stabilization Information Type M L L Community and Social Services * Homeownership Promotion Information Type L L L Community and Regional Development Information Type L L L Social Services Information Type L L L Postal Services Information Type L M M Transportation * Ground Transportation Information Type L L L Water Transportation Information Type L L L Air Transportation Information Type L L L Space Operations Information Type L H H Education * Elementary, Secondary, and Vocational Education Information Type L L L Higher Education Information Type L L L Cultural and Historic Preservation Information Type L L L Cultural and Historic Exhibition Information Type L L L Workforce Management * Training and Employment Information Type L L L Labor Rights Management Information Type L L L Worker Safety Information Type L L L Health * Access to Care Information Type L M L Population Health Management and Consumer Safety Information Type L M L Health Care Administration Information Type L M L Health Care Delivery Services Information Type L H L Health Care Research and Practitioner Education Information Type L M L Income Security * General Retirement and Disability Information Type Print Date: 2/19/2014 M Page 5 of 8  M M Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Unemployment Compensation Information Type L L L L L L L L A C I A L Survivor Compensation Information Type I L Food and Nutrition Assistance Information Type C System Name  Proposed FIPS 199  Impact Values L Housing Assistance Information Type System Name  Current FIPS 199  Impact Values L Law Enforcement * Criminal Apprehension Information Type L L M Criminal Investigation and Surveillance Information Type M M M Citizen Protection Information Type M M M Leadership Protection Information Type M L L Property Protection Information Type L L L Substance Control Information Type M M M Crime Prevention Information Type L L L Trade Law Enforcement Information Type (27) M M M Litigation and Judicial Activities * Judicial Hearings Information Type M L L Legal Defense Information Type M H L Legal Investigation Information Type M M M Legal Prosecution and Litigation Information Type L M L Resolution Facilitation Information Type M L L Federal Correctional Activities * Criminal Incarceration Information Type L M L Criminal Rehabilitation Information Type L L L General Sciences and Innovation * Scientific and Technological Research and Innovation Information Type L M L Space Exploration and Innovation Information Type L M L Knowledge Creation and Management * Research and Development Information Type L M L General Purpose Data and Statistics Information Type L L L Advising and Consulting Information Type L L L Knowledge Dissemination Information Type L L L Regulatory Compliance and Enforcement * Inspections and Auditing Information Type Print Date: 2/19/2014 M Page 6 of 8  M L Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Standards Setting/Reporting Guideline Development Information Type L L L L C I A System Name  Proposed FIPS 199  Impact Values C I A L Permits and Licensing Information Type System Name  Current FIPS 199  Impact Values L Public Goods Creation and Management * Manufacturing Information Type L L L Construction Information Type L L L Public Resources, Facility and Infrastructure Management Information Type L L L Information Infrastructure Management Information Type L L L Federal Financial Assistance * Federal Grants (Non‐State) Information Type L L L Direct Transfers to Individuals Information Type L L L Subsidies Information Type L L L Tax Credits Information Type M L L Credit and Insurance * Direct Loans Information Type L L L Loan Guarantees Information Type L L L General Insurance Information Type L L L Transfers to State/Local Governments * Formula Grants Information Type L L L Project/Competitive Grants Information Type L L L Earmarked Grants Information Type L L L State Loans Information Type L L L Direct Services for Citizens * Military Operations Information Type (28) N/A N/A N/A Civilian Operations Information Type (28) N/A N/A N/A APPENDIX E: Legislative & Executive & Executive Sources Establishing Sensitivity/Criticality * Legislative Mandates * Executive Mandates * Office of Management and Budget Memoranda and Guidelines * Presidential Directives and Executive Orders * Other EOP Guidance * OMB and Case Law Interpretations * Print Date: 2/19/2014 Page 7 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A 3  The confidentiality impact assigned to the Program Monitoring Information Type may necessitate the highest confidentiality impact of the information types  processed by the system. 4  Tax‐related functions are associated with the Taxation Management information type. 5  The OMB Business Reference Model “Executive Function has been expanded to include general agency executive functions as well as Executive Office of the  President (EOP) functions. Strictly EOP executive functions are treated in Appendix D, Examples of Impact Determination for Mission‐Based Information and  Information Systems. 6  High where safety of major critical infrastructure components or key national assets is at stake. 7  Moderate or High in emergency situations where time‐critical processes affecting human safety or major assets are involved. 8  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address privacy information. 9  The OMB Business Reference Model does not include a General Information information type. This information type was added as a catch‐all information type.  As such, agencies may use this to identify additional information types not defined in the BRM and assign impact levels. 10  The confidentiality impact assigned to the IT Infrastructure Maintenance Information Type may necessitate the highest confidentiality impact of the information  types processed by the system. 11  The confidentiality impact assigned to the Information Management Information Type may necessitate the highest confidentiality impact of the information  types processed by the system. 20  Impact level is usually moderate to high in emergency situations where time‐critical processes affecting human safety or major assets are involved. 21  A loss of confidentiality that causes a significant degradation in mission capability, places the agency at a significant disadvantage, or results in major damage to  assets, requiring extensive corrective actions or repairs. 23  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address functions of the Executive Office of the  President (EOP). 24  Where foreign intelligence information is involved, the information and information systems are categorized as national security information or systems and are  outside the scope of this guideline. 25  High where safety of radioactive materials, highly flammable fuels, or transmission channels or control processes at risk. 26  Usually Moderate or High where mission‐critical procedures are involved. 27  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address trade law enforcement. 28  As mode of delivery of mission‐based services, the security categorization of Direct Services to Citizens sub‐functions Military Operations and Civilian Operation  is dependent on the mission services delivered to the citizens [e.g., Health Care; Emergency Response, Environmental Remediation] should be categorized in  accordance with the mission‐based information type. Print Date: 2/19/2014 Page 8 of 8  Contact: James W. De Rienzo

Recommended

NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Improve IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapImprove IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapInfo-Tech Research Group
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Configuration Management
Configuration ManagementConfiguration Management
Configuration ManagementRajesh Kumar
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)James W. De Rienzo
 
Software quality requirements and evaluation
Software quality requirements and evaluationSoftware quality requirements and evaluation
Software quality requirements and evaluationEric Lai
 
SDLC
SDLCSDLC
SDLCPooja Chaddha
 
10.1 Plan Communication Management
10.1 Plan Communication Management10.1 Plan Communication Management
10.1 Plan Communication ManagementDavidMcLachlan1
 

Recommended

NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Improve IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapImprove IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapInfo-Tech Research Group
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Configuration Management
Configuration ManagementConfiguration Management
Configuration ManagementRajesh Kumar
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)James W. De Rienzo
 
Software quality requirements and evaluation
Software quality requirements and evaluationSoftware quality requirements and evaluation
Software quality requirements and evaluationEric Lai
 
SDLC
SDLCSDLC
SDLCPooja Chaddha
 
10.1 Plan Communication Management
10.1 Plan Communication Management10.1 Plan Communication Management
10.1 Plan Communication ManagementDavidMcLachlan1
 
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) Donald E. Hester
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Agile Program Management
Agile Program ManagementAgile Program Management
Agile Program ManagementJohanna Rothman
 
CMMI Capability Maturity Model Integration
CMMI Capability Maturity Model Integration CMMI Capability Maturity Model Integration
CMMI Capability Maturity Model Integration Anand Subramaniam
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019Gregor Polančič
 
Sure step methodology
Sure step methodologySure step methodology
Sure step methodologyTaringa!
 
Requirements Engineering
Requirements EngineeringRequirements Engineering
Requirements EngineeringBenoy Ramachandran
 
Software Project Management (lecture 3)
Software Project Management (lecture 3)Software Project Management (lecture 3)
Software Project Management (lecture 3)Syed Muhammad Hammad
 
Global leading cyber security providers Market in India
Global leading cyber security providers Market in IndiaGlobal leading cyber security providers Market in India
Global leading cyber security providers Market in IndiaSwiftnlift
 
COBIT 2019 Executive Summary_v1.1 .pdf
COBIT 2019 Executive Summary_v1.1 .pdfCOBIT 2019 Executive Summary_v1.1 .pdf
COBIT 2019 Executive Summary_v1.1 .pdfDiegoIvanAlvaradoVel
 
McCall's Quality Factors
McCall's Quality FactorsMcCall's Quality Factors
McCall's Quality FactorsUsman Khan
 
SDLC Models and Their Implementation
SDLC Models and Their ImplementationSDLC Models and Their Implementation
SDLC Models and Their ImplementationSonal Tiwari
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Project-Planning
Project-PlanningProject-Planning
Project-PlanningRon Drew
 
Software requirement engineering
Software requirement engineeringSoftware requirement engineering
Software requirement engineeringSyed Zaid Irshad
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study materialAnees Shaikh
 
Project Quality Management - PMBOK
Project Quality Management - PMBOKProject Quality Management - PMBOK
Project Quality Management - PMBOKArief Rahmana
 
Program management scope management
Program management scope managementProgram management scope management
Program management scope managementJulen Mohanty
 
Sadcw 6e chapter3
Sadcw 6e chapter3Sadcw 6e chapter3
Sadcw 6e chapter3Matthew McKenzie
 
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...James W. De Rienzo
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804James W. De Rienzo
 

More Related Content

What's hot

RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) Donald E. Hester
 
Agile Program Management
Agile Program ManagementAgile Program Management
Agile Program ManagementJohanna Rothman
 
CMMI Capability Maturity Model Integration
CMMI Capability Maturity Model Integration CMMI Capability Maturity Model Integration
CMMI Capability Maturity Model Integration Anand Subramaniam
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019Gregor Polančič
 
Sure step methodology
Sure step methodologySure step methodology
Sure step methodologyTaringa!
 
Software Project Management (lecture 3)
Software Project Management (lecture 3)Software Project Management (lecture 3)
Software Project Management (lecture 3)Syed Muhammad Hammad
 
Global leading cyber security providers Market in India
Global leading cyber security providers Market in IndiaGlobal leading cyber security providers Market in India
Global leading cyber security providers Market in IndiaSwiftnlift
 
COBIT 2019 Executive Summary_v1.1 .pdf
COBIT 2019 Executive Summary_v1.1 .pdfCOBIT 2019 Executive Summary_v1.1 .pdf
COBIT 2019 Executive Summary_v1.1 .pdfDiegoIvanAlvaradoVel
 
McCall's Quality Factors
McCall's Quality FactorsMcCall's Quality Factors
McCall's Quality FactorsUsman Khan
 
SDLC Models and Their Implementation
SDLC Models and Their ImplementationSDLC Models and Their Implementation
SDLC Models and Their ImplementationSonal Tiwari
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Project-Planning
Project-PlanningProject-Planning
Project-PlanningRon Drew
 
Software requirement engineering
Software requirement engineeringSoftware requirement engineering
Software requirement engineeringSyed Zaid Irshad
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study materialAnees Shaikh
 
Project Quality Management - PMBOK
Project Quality Management - PMBOKProject Quality Management - PMBOK
Project Quality Management - PMBOKArief Rahmana
 
Program management scope management
Program management scope managementProgram management scope management
Program management scope managementJulen Mohanty
 

What's hot (20)

RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1)
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdf
 
Agile Program Management
Agile Program ManagementAgile Program Management
Agile Program Management
 
CMMI Capability Maturity Model Integration
CMMI Capability Maturity Model Integration CMMI Capability Maturity Model Integration
CMMI Capability Maturity Model Integration
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
 
Sure step methodology
Sure step methodologySure step methodology
Sure step methodology
 
Requirements Engineering
Requirements EngineeringRequirements Engineering
Requirements Engineering
 
Software Project Management (lecture 3)
Software Project Management (lecture 3)Software Project Management (lecture 3)
Software Project Management (lecture 3)
 
Global leading cyber security providers Market in India
Global leading cyber security providers Market in IndiaGlobal leading cyber security providers Market in India
Global leading cyber security providers Market in India
 
COBIT 2019 Executive Summary_v1.1 .pdf
COBIT 2019 Executive Summary_v1.1 .pdfCOBIT 2019 Executive Summary_v1.1 .pdf
COBIT 2019 Executive Summary_v1.1 .pdf
 
McCall's Quality Factors
McCall's Quality FactorsMcCall's Quality Factors
McCall's Quality Factors
 
SDLC Models and Their Implementation
SDLC Models and Their ImplementationSDLC Models and Their Implementation
SDLC Models and Their Implementation
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Project-Planning
Project-PlanningProject-Planning
Project-Planning
 
Software requirement engineering
Software requirement engineeringSoftware requirement engineering
Software requirement engineering
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study material
 
Project Quality Management - PMBOK
Project Quality Management - PMBOKProject Quality Management - PMBOK
Project Quality Management - PMBOK
 
Program management scope management
Program management scope managementProgram management scope management
Program management scope management
 
Sadcw 6e chapter3
Sadcw 6e chapter3Sadcw 6e chapter3
Sadcw 6e chapter3
 

Viewers also liked

Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...James W. De Rienzo
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804James W. De Rienzo
 
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4James W. De Rienzo
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aJames W. De Rienzo
 
INFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition PlanINFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition PlanBill Ross
 
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...James W. De Rienzo
 
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...James W. De Rienzo
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk AssessmentSteve Bishop
 
Cyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
Cyber_Warfare_Escalation_to_Nuclear_Warfare_ExaminationCyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
Cyber_Warfare_Escalation_to_Nuclear_Warfare_ExaminationBill Ross
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)James W. De Rienzo
 
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)James W. De Rienzo
 
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...James W. De Rienzo
 
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...James W. De Rienzo
 
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...James W. De Rienzo
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the CloudNetStandard
 
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwdJob aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwdJames W. De Rienzo
 
Nist 800 60 data types catgorization tables
Nist 800 60 data types catgorization tablesNist 800 60 data types catgorization tables
Nist 800 60 data types catgorization tablesDaniel Kerberos
 
Information Security Fundamentals
Information Security FundamentalsInformation Security Fundamentals
Information Security FundamentalsJames W. De Rienzo
 

Viewers also liked (20)

Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
 
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
 
INFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition PlanINFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition Plan
 
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
 
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk Assessment
 
Cyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
Cyber_Warfare_Escalation_to_Nuclear_Warfare_ExaminationCyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
Cyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
 
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
 
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
 
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
 
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwdJob aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
 
Nist 800 60 data types catgorization tables
Nist 800 60 data types catgorization tablesNist 800 60 data types catgorization tables
Nist 800 60 data types catgorization tables
 
Information Security Fundamentals
Information Security FundamentalsInformation Security Fundamentals
Information Security Fundamentals
 

Similar to Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)

Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanTripwire
 
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docxINSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docxdirkrplav
 
Data-Classification-Study (1).pptx
Data-Classification-Study (1).pptxData-Classification-Study (1).pptx
Data-Classification-Study (1).pptxMukeshKumar798460
 
The art of securing microgrid control systems
The art of securing microgrid control systemsThe art of securing microgrid control systems
The art of securing microgrid control systemsJim Dodenhoff
 
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docxhttpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docxwellesleyterresa
 
L3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxL3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxStevenTharp2
 
NIST Framework for Information System
NIST Framework for Information SystemNIST Framework for Information System
NIST Framework for Information Systemnewbie2019
 
Jib inc260425-2
Jib inc260425-2Jib inc260425-2
Jib inc260425-2Liberteks
 
Risk Assessment In this assignment, you will perform a qualitat.docx
Risk Assessment In this assignment, you will perform a qualitat.docxRisk Assessment In this assignment, you will perform a qualitat.docx
Risk Assessment In this assignment, you will perform a qualitat.docxSUBHI7
 
Monitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs MarsMonitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs Marsamit_monty
 
Federal government security planning
Federal government security planningFederal government security planning
Federal government security planninggdobbe
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeUnderstanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeDonald E. Hester
 
It security-plan-template
It security-plan-templateIt security-plan-template
It security-plan-templatejbmills1634
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™CPaschal
 
CRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approachCRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approachCRISP Project
 
PhishingBox Overview
PhishingBox OverviewPhishingBox Overview
PhishingBox OverviewPhishingBox
 
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxProject #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxstilliegeorgiana
 
Consequence Informed Cyber Security
Consequence Informed Cyber Security Consequence Informed Cyber Security
Consequence Informed Cyber Security Dragos, Inc.
 

Similar to Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1) (20)

Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
 
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docxINSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
 
Data-Classification-Study (1).pptx
Data-Classification-Study (1).pptxData-Classification-Study (1).pptx
Data-Classification-Study (1).pptx
 
Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015
 
The art of securing microgrid control systems
The art of securing microgrid control systemsThe art of securing microgrid control systems
The art of securing microgrid control systems
 
Information security risk
Information security riskInformation security risk
Information security risk
 
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docxhttpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
 
L3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxL3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptx
 
NIST Framework for Information System
NIST Framework for Information SystemNIST Framework for Information System
NIST Framework for Information System
 
Jib inc260425-2
Jib inc260425-2Jib inc260425-2
Jib inc260425-2
 
Risk Assessment In this assignment, you will perform a qualitat.docx
Risk Assessment In this assignment, you will perform a qualitat.docxRisk Assessment In this assignment, you will perform a qualitat.docx
Risk Assessment In this assignment, you will perform a qualitat.docx
 
Monitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs MarsMonitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs Mars
 
Federal government security planning
Federal government security planningFederal government security planning
Federal government security planning
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeUnderstanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
 
It security-plan-template
It security-plan-templateIt security-plan-template
It security-plan-template
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™
 
CRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approachCRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approach
 
PhishingBox Overview
PhishingBox OverviewPhishingBox Overview
PhishingBox Overview
 
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxProject #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
 
Consequence Informed Cyber Security
Consequence Informed Cyber Security Consequence Informed Cyber Security
Consequence Informed Cyber Security
 

More from James W. De Rienzo

Nist sp 800_r5_baselines_&amp;_attributes
Nist sp 800_r5_baselines_&amp;_attributesNist sp 800_r5_baselines_&amp;_attributes
Nist sp 800_r5_baselines_&amp;_attributesJames W. De Rienzo
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417James W. De Rienzo
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 
NIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database AnalysisNIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database AnalysisJames W. De Rienzo
 
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...James W. De Rienzo
 
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804James W. De Rienzo
 
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkInformation Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkJames W. De Rienzo
 
VDI and Application Virtualization
VDI and Application VirtualizationVDI and Application Virtualization
VDI and Application VirtualizationJames W. De Rienzo
 

More from James W. De Rienzo (10)

Nist sp 800_r5_baselines_&amp;_attributes
Nist sp 800_r5_baselines_&amp;_attributesNist sp 800_r5_baselines_&amp;_attributes
Nist sp 800_r5_baselines_&amp;_attributes
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
 
NIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database AnalysisNIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database Analysis
 
SEI CERT Podcast Series
SEI CERT Podcast SeriesSEI CERT Podcast Series
SEI CERT Podcast Series
 
CNDSP Assessment Template
CNDSP Assessment TemplateCNDSP Assessment Template
CNDSP Assessment Template
 
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
 
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
 
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkInformation Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual Framework
 
VDI and Application Virtualization
VDI and Application VirtualizationVDI and Application Virtualization
VDI and Application Virtualization
 

Recently uploaded

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Recently uploaded (20)

Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)

  • 1. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Appendix C: Management & Support Information & Information Systems Impact Levels I A C I A * Controls and Oversight C System Name  Proposed FIPS 199  Impact Values * Rationale and Factors for Services Delivery Support Information System Name  Current FIPS 199  Impact Values * Corrective Action Information Type L L L Program Evaluation Information Type L L L L (3) L L Program Monitoring Information Type (3) Regulatory Development * Policy and Guidance Development Information Type L L L Public Comment Tracking Information Type L L L Regulatory Creation Information Type L L L Rule Publication Information Type L L L Planning and Budgeting * Budget Formulation Information Type L L L Capital Planning Information Type L L L Enterprise Architecture Information Type L L L Strategic Planning Information Type L L L Budget Execution Information Type L L L Workforce Planning Information Type L L L Management Improvement Information Type L L L Budget and Performance Integration Information Type L L L Tax and Fiscal Policy Information Type L L L Internal Risk Management and Mitigation * Contingency Planning Information Type M M M Continuity of Operations Information Type M M M Service Recovery Information Type L L L Revenue Collection * Debt Collection Information Type M L L User Fee Collection Information Type L L M Federal Asset Sales Information Type L M L Public Affairs * Customer Services Information Type L L L Official Information Dissemination Information Type L L L Print Date: 2/19/2014 Page 1 of 8  Contact: James W. De Rienzo
  • 2. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Product Outreach Information Type L L L L C I A System Name  Proposed FIPS 199  Impact Values C I A L Public Relations Information Type System Name  Current FIPS 199  Impact Values L Legislative Relations * Legislation Tracking Information Type L L L Legislation Testimony Information Type L L L Proposal Development Information Type M L L Congressional Liaison Operations Information Type M L L General Government * Central Fiscal Operations Information Type (4) M L L Legislative Functions Information Type L L L Executive Functions Information Type (5) L L L Central Property Management Information Type L (6) L L (7) Central Personnel Management Information Type L L L Taxation Management Information Type M L L Central Records and Statistics Management Information Type M L L Income Information Information Type (8) M M M Personal Identity and Authentication Information Information Type (8) M M M Entitlement Event Information Information Type (8) M M M Representative Payee Information Information Type (8) M M M General Information Information Type (9) L L L Notification of Finding Report Information (General Information Information Type ‐ [9]) L L L Memoranda and Guidelines (General Information Information Type ‐ [9]) L L L Presidential Directives & Executive Orders (General Information Information Type ‐ [9]) L L L Other Executive Office of the President Guidance (General Information Information Type ‐ [9]) L L L Rationale and Factors for Government Resource Management Information * Administrative Management * L (6) L (7) L (7) Facilities, Fleet, and Equipment Management Information Type Help Desk Services Information Type L L L Security Management Information Type M M L Travel Information Type L L L Workplace Policy Development and Management Information Type (Intra‐Agency Only) L L L Financial Management Print Date: 2/19/2014 * Page 2 of 8  Contact: James W. De Rienzo
  • 3. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Assets and Liability Management Information Type L L L M M M L M L M L M L M A L Cost Accounting/ Performance Measurement Information Type I L Collections and Receivables Information Type C L Payments Information Type A L Accounting Information Type I L Funds Control Information Type C System Name  Proposed FIPS 199  Impact Values L Reporting and Information Information Type System Name  Current FIPS 199  Impact Values L Human Resource Management * HR Strategy Information Type L L L Staff Acquisition Information Type L L L Organization & Position Management Information Type L L L Compensation Management Information Type L L L Benefits Management Information Type L L L Employee Performance Management Information Type L L L Employee Relations Information Type L L L Labor Relations Information Type L L L Separation Management Information Type L L L Human Resources Development Information Type L L L Supply Chain Management * Goods Acquisition Information Type L L L Inventory Control Information Type L L L Logistics Management Information Type L L L Services Acquisition Information Type L L L Information and Technology Management * System Development Information Type L M L Lifecycle/Change Management Information Type L M L System Maintenance Information Type L M L IT Infrastructure Maintenance Information Type (10) L L L Information Security Information Type L M L Record Retention Information Type L L L Information Management Information Type (11) L M L System and Network Monitoring Information Type M M L Print Date: 2/19/2014 Page 3 of 8  Contact: James W. De Rienzo
  • 4. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C Information Sharing Information Type I A * System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A N/A N/A N/A Appendix D: Impact Determination for Mission‐Based Information & Infomation Systems * Defense and National Security * N/S N/S N/S Homeland Security * Border and Transportation Security Information Type M M M Key Asset and Critical Infrastructure Protection Information Type H H H Catastrophic Defense Information Type H H H Executive Functions of the Executive Office of the President (EOP) Information Type (23) H M H Intelligence Operations (24) N/S N/S N/S Disaster Management * * Disaster Monitoring and Prediction Information Type L H H Disaster Preparedness and Planning Information Type L L L Disaster Repair and Restoration Information Type L L L Emergency Response Information Type L H H International Affairs and Commerce * Foreign Affairs Information Type H H M International Development and Humanitarian Aid Information Type M L L Global Trade Information Type H H H Natural Resources * Water Resource Management Information Type L L L Conservation, Marine and Land Management Information Type L L L Recreational Resource Management and Tourism Information Type L L L Agricultural Innovation and Services Information Type L L L Energy * L(25) M(26) M(26) Energy Supply Information Type Energy Conservation and Preparedness Information Type L L L Energy Resource Management Information Type M L L Energy Production Information Type L L L Environmental Management * Environmental Monitoring and Forecasting Information Type L M L Environmental Remediation Information Type M L L Pollution Prevention and Control Information Type L L L Print Date: 2/19/2014 Page 4 of 8  Contact: James W. De Rienzo
  • 5. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Economic Development System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A * Business and Industry Development Information Type L L L Intellectual Property Protection Information Type L L L Financial Sector Oversight Information Type M L L Industry Sector Income Stabilization Information Type M L L Community and Social Services * Homeownership Promotion Information Type L L L Community and Regional Development Information Type L L L Social Services Information Type L L L Postal Services Information Type L M M Transportation * Ground Transportation Information Type L L L Water Transportation Information Type L L L Air Transportation Information Type L L L Space Operations Information Type L H H Education * Elementary, Secondary, and Vocational Education Information Type L L L Higher Education Information Type L L L Cultural and Historic Preservation Information Type L L L Cultural and Historic Exhibition Information Type L L L Workforce Management * Training and Employment Information Type L L L Labor Rights Management Information Type L L L Worker Safety Information Type L L L Health * Access to Care Information Type L M L Population Health Management and Consumer Safety Information Type L M L Health Care Administration Information Type L M L Health Care Delivery Services Information Type L H L Health Care Research and Practitioner Education Information Type L M L Income Security * General Retirement and Disability Information Type Print Date: 2/19/2014 M Page 5 of 8  M M Contact: James W. De Rienzo
  • 6. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Unemployment Compensation Information Type L L L L L L L L A C I A L Survivor Compensation Information Type I L Food and Nutrition Assistance Information Type C System Name  Proposed FIPS 199  Impact Values L Housing Assistance Information Type System Name  Current FIPS 199  Impact Values L Law Enforcement * Criminal Apprehension Information Type L L M Criminal Investigation and Surveillance Information Type M M M Citizen Protection Information Type M M M Leadership Protection Information Type M L L Property Protection Information Type L L L Substance Control Information Type M M M Crime Prevention Information Type L L L Trade Law Enforcement Information Type (27) M M M Litigation and Judicial Activities * Judicial Hearings Information Type M L L Legal Defense Information Type M H L Legal Investigation Information Type M M M Legal Prosecution and Litigation Information Type L M L Resolution Facilitation Information Type M L L Federal Correctional Activities * Criminal Incarceration Information Type L M L Criminal Rehabilitation Information Type L L L General Sciences and Innovation * Scientific and Technological Research and Innovation Information Type L M L Space Exploration and Innovation Information Type L M L Knowledge Creation and Management * Research and Development Information Type L M L General Purpose Data and Statistics Information Type L L L Advising and Consulting Information Type L L L Knowledge Dissemination Information Type L L L Regulatory Compliance and Enforcement * Inspections and Auditing Information Type Print Date: 2/19/2014 M Page 6 of 8  M L Contact: James W. De Rienzo
  • 7. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Standards Setting/Reporting Guideline Development Information Type L L L L C I A System Name  Proposed FIPS 199  Impact Values C I A L Permits and Licensing Information Type System Name  Current FIPS 199  Impact Values L Public Goods Creation and Management * Manufacturing Information Type L L L Construction Information Type L L L Public Resources, Facility and Infrastructure Management Information Type L L L Information Infrastructure Management Information Type L L L Federal Financial Assistance * Federal Grants (Non‐State) Information Type L L L Direct Transfers to Individuals Information Type L L L Subsidies Information Type L L L Tax Credits Information Type M L L Credit and Insurance * Direct Loans Information Type L L L Loan Guarantees Information Type L L L General Insurance Information Type L L L Transfers to State/Local Governments * Formula Grants Information Type L L L Project/Competitive Grants Information Type L L L Earmarked Grants Information Type L L L State Loans Information Type L L L Direct Services for Citizens * Military Operations Information Type (28) N/A N/A N/A Civilian Operations Information Type (28) N/A N/A N/A APPENDIX E: Legislative & Executive & Executive Sources Establishing Sensitivity/Criticality * Legislative Mandates * Executive Mandates * Office of Management and Budget Memoranda and Guidelines * Presidential Directives and Executive Orders * Other EOP Guidance * OMB and Case Law Interpretations * Print Date: 2/19/2014 Page 7 of 8  Contact: James W. De Rienzo
  • 8. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A 3  The confidentiality impact assigned to the Program Monitoring Information Type may necessitate the highest confidentiality impact of the information types  processed by the system. 4  Tax‐related functions are associated with the Taxation Management information type. 5  The OMB Business Reference Model “Executive Function has been expanded to include general agency executive functions as well as Executive Office of the  President (EOP) functions. Strictly EOP executive functions are treated in Appendix D, Examples of Impact Determination for Mission‐Based Information and  Information Systems. 6  High where safety of major critical infrastructure components or key national assets is at stake. 7  Moderate or High in emergency situations where time‐critical processes affecting human safety or major assets are involved. 8  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address privacy information. 9  The OMB Business Reference Model does not include a General Information information type. This information type was added as a catch‐all information type.  As such, agencies may use this to identify additional information types not defined in the BRM and assign impact levels. 10  The confidentiality impact assigned to the IT Infrastructure Maintenance Information Type may necessitate the highest confidentiality impact of the information  types processed by the system. 11  The confidentiality impact assigned to the Information Management Information Type may necessitate the highest confidentiality impact of the information  types processed by the system. 20  Impact level is usually moderate to high in emergency situations where time‐critical processes affecting human safety or major assets are involved. 21  A loss of confidentiality that causes a significant degradation in mission capability, places the agency at a significant disadvantage, or results in major damage to  assets, requiring extensive corrective actions or repairs. 23  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address functions of the Executive Office of the  President (EOP). 24  Where foreign intelligence information is involved, the information and information systems are categorized as national security information or systems and are  outside the scope of this guideline. 25  High where safety of radioactive materials, highly flammable fuels, or transmission channels or control processes at risk. 26  Usually Moderate or High where mission‐critical procedures are involved. 27  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address trade law enforcement. 28  As mode of delivery of mission‐based services, the security categorization of Direct Services to Citizens sub‐functions Military Operations and Civilian Operation  is dependent on the mission services delivered to the citizens [e.g., Health Care; Emergency Response, Environmental Remediation] should be categorized in  accordance with the mission‐based information type. Print Date: 2/19/2014 Page 8 of 8  Contact: James W. De Rienzo