NIST releases draft security standard

Draft FIPS 199: Standards for Security Categorization of Federal Information and Information Systems

The National Institute of Standards and Technology's Computer Security Division today released the draft of a new Federal Information Processing Standard, FIPS 199, which dictates how agencies should categorize their systems based on the security risk faced by each.

The standard is the first step in several requirements generated by NIST under the Federal Information Security Management Act (FISMA) of 2002, all aimed at setting minimum security requirements for all government systems not related to national security.

The draft outlines three categories of risk, which are based on the potential impact of a breach in three areas: the confidentiality, integrity and availability of the information in the system.

NIST chose to focus on impact because every federal system faces some level of threat, and that threat changes every day, said Ed Roback, chief of the NIST Computer Security Division. Therefore, the most prudent path to follow is to base categorization on the potential harm to the agency and to the people whose information is stored in the system, he said.

Comments on the draft are due within 90 days, and can be submitted to

The next steps for NIST will be to issue guidance on how different types of information — such as medical, judicial and geospatial — align with the three categories, and to then set guidance for the minimum security steps to be taken based on the categories, Roback said.


  • Management
    people standing on keyboard (Who is Danny/

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.