SlideShare a Scribd company logo

Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)

James W. De Rienzo
James W. De Rienzo

Impact Assessment to determine Sensitivity Level of Information System/Information Types, based on NIST SP 800-60 Volume 2 Release 1

Technology
1 of 8
Download to read offline
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Appendix C: Management & Support Information & Information Systems Impact Levels I A C I A * Controls and Oversight C System Name  Proposed FIPS 199  Impact Values * Rationale and Factors for Services Delivery Support Information System Name  Current FIPS 199  Impact Values * Corrective Action Information Type L L L Program Evaluation Information Type L L L L (3) L L Program Monitoring Information Type (3) Regulatory Development * Policy and Guidance Development Information Type L L L Public Comment Tracking Information Type L L L Regulatory Creation Information Type L L L Rule Publication Information Type L L L Planning and Budgeting * Budget Formulation Information Type L L L Capital Planning Information Type L L L Enterprise Architecture Information Type L L L Strategic Planning Information Type L L L Budget Execution Information Type L L L Workforce Planning Information Type L L L Management Improvement Information Type L L L Budget and Performance Integration Information Type L L L Tax and Fiscal Policy Information Type L L L Internal Risk Management and Mitigation * Contingency Planning Information Type M M M Continuity of Operations Information Type M M M Service Recovery Information Type L L L Revenue Collection * Debt Collection Information Type M L L User Fee Collection Information Type L L M Federal Asset Sales Information Type L M L Public Affairs * Customer Services Information Type L L L Official Information Dissemination Information Type L L L Print Date: 2/19/2014 Page 1 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Product Outreach Information Type L L L L C I A System Name  Proposed FIPS 199  Impact Values C I A L Public Relations Information Type System Name  Current FIPS 199  Impact Values L Legislative Relations * Legislation Tracking Information Type L L L Legislation Testimony Information Type L L L Proposal Development Information Type M L L Congressional Liaison Operations Information Type M L L General Government * Central Fiscal Operations Information Type (4) M L L Legislative Functions Information Type L L L Executive Functions Information Type (5) L L L Central Property Management Information Type L (6) L L (7) Central Personnel Management Information Type L L L Taxation Management Information Type M L L Central Records and Statistics Management Information Type M L L Income Information Information Type (8) M M M Personal Identity and Authentication Information Information Type (8) M M M Entitlement Event Information Information Type (8) M M M Representative Payee Information Information Type (8) M M M General Information Information Type (9) L L L Notification of Finding Report Information (General Information Information Type ‐ [9]) L L L Memoranda and Guidelines (General Information Information Type ‐ [9]) L L L Presidential Directives & Executive Orders (General Information Information Type ‐ [9]) L L L Other Executive Office of the President Guidance (General Information Information Type ‐ [9]) L L L Rationale and Factors for Government Resource Management Information * Administrative Management * L (6) L (7) L (7) Facilities, Fleet, and Equipment Management Information Type Help Desk Services Information Type L L L Security Management Information Type M M L Travel Information Type L L L Workplace Policy Development and Management Information Type (Intra‐Agency Only) L L L Financial Management Print Date: 2/19/2014 * Page 2 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Assets and Liability Management Information Type L L L M M M L M L M L M L M A L Cost Accounting/ Performance Measurement Information Type I L Collections and Receivables Information Type C L Payments Information Type A L Accounting Information Type I L Funds Control Information Type C System Name  Proposed FIPS 199  Impact Values L Reporting and Information Information Type System Name  Current FIPS 199  Impact Values L Human Resource Management * HR Strategy Information Type L L L Staff Acquisition Information Type L L L Organization & Position Management Information Type L L L Compensation Management Information Type L L L Benefits Management Information Type L L L Employee Performance Management Information Type L L L Employee Relations Information Type L L L Labor Relations Information Type L L L Separation Management Information Type L L L Human Resources Development Information Type L L L Supply Chain Management * Goods Acquisition Information Type L L L Inventory Control Information Type L L L Logistics Management Information Type L L L Services Acquisition Information Type L L L Information and Technology Management * System Development Information Type L M L Lifecycle/Change Management Information Type L M L System Maintenance Information Type L M L IT Infrastructure Maintenance Information Type (10) L L L Information Security Information Type L M L Record Retention Information Type L L L Information Management Information Type (11) L M L System and Network Monitoring Information Type M M L Print Date: 2/19/2014 Page 3 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C Information Sharing Information Type I A * System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A N/A N/A N/A Appendix D: Impact Determination for Mission‐Based Information & Infomation Systems * Defense and National Security * N/S N/S N/S Homeland Security * Border and Transportation Security Information Type M M M Key Asset and Critical Infrastructure Protection Information Type H H H Catastrophic Defense Information Type H H H Executive Functions of the Executive Office of the President (EOP) Information Type (23) H M H Intelligence Operations (24) N/S N/S N/S Disaster Management * * Disaster Monitoring and Prediction Information Type L H H Disaster Preparedness and Planning Information Type L L L Disaster Repair and Restoration Information Type L L L Emergency Response Information Type L H H International Affairs and Commerce * Foreign Affairs Information Type H H M International Development and Humanitarian Aid Information Type M L L Global Trade Information Type H H H Natural Resources * Water Resource Management Information Type L L L Conservation, Marine and Land Management Information Type L L L Recreational Resource Management and Tourism Information Type L L L Agricultural Innovation and Services Information Type L L L Energy * L(25) M(26) M(26) Energy Supply Information Type Energy Conservation and Preparedness Information Type L L L Energy Resource Management Information Type M L L Energy Production Information Type L L L Environmental Management * Environmental Monitoring and Forecasting Information Type L M L Environmental Remediation Information Type M L L Pollution Prevention and Control Information Type L L L Print Date: 2/19/2014 Page 4 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Economic Development System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A * Business and Industry Development Information Type L L L Intellectual Property Protection Information Type L L L Financial Sector Oversight Information Type M L L Industry Sector Income Stabilization Information Type M L L Community and Social Services * Homeownership Promotion Information Type L L L Community and Regional Development Information Type L L L Social Services Information Type L L L Postal Services Information Type L M M Transportation * Ground Transportation Information Type L L L Water Transportation Information Type L L L Air Transportation Information Type L L L Space Operations Information Type L H H Education * Elementary, Secondary, and Vocational Education Information Type L L L Higher Education Information Type L L L Cultural and Historic Preservation Information Type L L L Cultural and Historic Exhibition Information Type L L L Workforce Management * Training and Employment Information Type L L L Labor Rights Management Information Type L L L Worker Safety Information Type L L L Health * Access to Care Information Type L M L Population Health Management and Consumer Safety Information Type L M L Health Care Administration Information Type L M L Health Care Delivery Services Information Type L H L Health Care Research and Practitioner Education Information Type L M L Income Security * General Retirement and Disability Information Type Print Date: 2/19/2014 M Page 5 of 8  M M Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Unemployment Compensation Information Type L L L L L L L L A C I A L Survivor Compensation Information Type I L Food and Nutrition Assistance Information Type C System Name  Proposed FIPS 199  Impact Values L Housing Assistance Information Type System Name  Current FIPS 199  Impact Values L Law Enforcement * Criminal Apprehension Information Type L L M Criminal Investigation and Surveillance Information Type M M M Citizen Protection Information Type M M M Leadership Protection Information Type M L L Property Protection Information Type L L L Substance Control Information Type M M M Crime Prevention Information Type L L L Trade Law Enforcement Information Type (27) M M M Litigation and Judicial Activities * Judicial Hearings Information Type M L L Legal Defense Information Type M H L Legal Investigation Information Type M M M Legal Prosecution and Litigation Information Type L M L Resolution Facilitation Information Type M L L Federal Correctional Activities * Criminal Incarceration Information Type L M L Criminal Rehabilitation Information Type L L L General Sciences and Innovation * Scientific and Technological Research and Innovation Information Type L M L Space Exploration and Innovation Information Type L M L Knowledge Creation and Management * Research and Development Information Type L M L General Purpose Data and Statistics Information Type L L L Advising and Consulting Information Type L L L Knowledge Dissemination Information Type L L L Regulatory Compliance and Enforcement * Inspections and Auditing Information Type Print Date: 2/19/2014 M Page 6 of 8  M L Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Standards Setting/Reporting Guideline Development Information Type L L L L C I A System Name  Proposed FIPS 199  Impact Values C I A L Permits and Licensing Information Type System Name  Current FIPS 199  Impact Values L Public Goods Creation and Management * Manufacturing Information Type L L L Construction Information Type L L L Public Resources, Facility and Infrastructure Management Information Type L L L Information Infrastructure Management Information Type L L L Federal Financial Assistance * Federal Grants (Non‐State) Information Type L L L Direct Transfers to Individuals Information Type L L L Subsidies Information Type L L L Tax Credits Information Type M L L Credit and Insurance * Direct Loans Information Type L L L Loan Guarantees Information Type L L L General Insurance Information Type L L L Transfers to State/Local Governments * Formula Grants Information Type L L L Project/Competitive Grants Information Type L L L Earmarked Grants Information Type L L L State Loans Information Type L L L Direct Services for Citizens * Military Operations Information Type (28) N/A N/A N/A Civilian Operations Information Type (28) N/A N/A N/A APPENDIX E: Legislative & Executive & Executive Sources Establishing Sensitivity/Criticality * Legislative Mandates * Executive Mandates * Office of Management and Budget Memoranda and Guidelines * Presidential Directives and Executive Orders * Other EOP Guidance * OMB and Case Law Interpretations * Print Date: 2/19/2014 Page 7 of 8  Contact: James W. De Rienzo
Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A 3  The confidentiality impact assigned to the Program Monitoring Information Type may necessitate the highest confidentiality impact of the information types  processed by the system. 4  Tax‐related functions are associated with the Taxation Management information type. 5  The OMB Business Reference Model “Executive Function has been expanded to include general agency executive functions as well as Executive Office of the  President (EOP) functions. Strictly EOP executive functions are treated in Appendix D, Examples of Impact Determination for Mission‐Based Information and  Information Systems. 6  High where safety of major critical infrastructure components or key national assets is at stake. 7  Moderate or High in emergency situations where time‐critical processes affecting human safety or major assets are involved. 8  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address privacy information. 9  The OMB Business Reference Model does not include a General Information information type. This information type was added as a catch‐all information type.  As such, agencies may use this to identify additional information types not defined in the BRM and assign impact levels. 10  The confidentiality impact assigned to the IT Infrastructure Maintenance Information Type may necessitate the highest confidentiality impact of the information  types processed by the system. 11  The confidentiality impact assigned to the Information Management Information Type may necessitate the highest confidentiality impact of the information  types processed by the system. 20  Impact level is usually moderate to high in emergency situations where time‐critical processes affecting human safety or major assets are involved. 21  A loss of confidentiality that causes a significant degradation in mission capability, places the agency at a significant disadvantage, or results in major damage to  assets, requiring extensive corrective actions or repairs. 23  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address functions of the Executive Office of the  President (EOP). 24  Where foreign intelligence information is involved, the information and information systems are categorized as national security information or systems and are  outside the scope of this guideline. 25  High where safety of radioactive materials, highly flammable fuels, or transmission channels or control processes at risk. 26  Usually Moderate or High where mission‐critical procedures are involved. 27  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address trade law enforcement. 28  As mode of delivery of mission‐based services, the security categorization of Direct Services to Citizens sub‐functions Military Operations and Civilian Operation  is dependent on the mission services delivered to the citizens [e.g., Health Care; Emergency Response, Environmental Remediation] should be categorized in  accordance with the mission‐based information type. Print Date: 2/19/2014 Page 8 of 8  Contact: James W. De Rienzo

Recommended

ISO/IEC 27001 and ISO 22301: How do they map?
ISO/IEC 27001 and ISO 22301: How do they map?ISO/IEC 27001 and ISO 22301: How do they map?
ISO/IEC 27001 and ISO 22301: How do they map?PECB
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)James W. De Rienzo
 
Business Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In PracticeBusiness Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In PracticeDipankar Ghosh
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 
Risk Assessment And Mitigation Plan PowerPoint Presentation Slides
Risk Assessment And Mitigation Plan PowerPoint Presentation SlidesRisk Assessment And Mitigation Plan PowerPoint Presentation Slides
Risk Assessment And Mitigation Plan PowerPoint Presentation SlidesSlideTeam
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 

Recommended

ISO/IEC 27001 and ISO 22301: How do they map?
ISO/IEC 27001 and ISO 22301: How do they map?ISO/IEC 27001 and ISO 22301: How do they map?
ISO/IEC 27001 and ISO 22301: How do they map?PECB
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review ChecklistEberly Wilson
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)James W. De Rienzo
 
Business Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In PracticeBusiness Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In PracticeDipankar Ghosh
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 
Risk Assessment And Mitigation Plan PowerPoint Presentation Slides
Risk Assessment And Mitigation Plan PowerPoint Presentation SlidesRisk Assessment And Mitigation Plan PowerPoint Presentation Slides
Risk Assessment And Mitigation Plan PowerPoint Presentation SlidesSlideTeam
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-systemintellisenseit
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningInstitute for Business Continuity Training
 
Risk assessment tools and techniques
Risk assessment tools and techniquesRisk assessment tools and techniques
Risk assessment tools and techniquesAhmad Azwang Aisram Omar
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSmart ERP Solutions, Inc.
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Denise Tawwab
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
BUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMBUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMLibcorpio
 
Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides SlideTeam
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Risk Mitigation Strategy PowerPoint Presentation Slides
Risk Mitigation Strategy PowerPoint Presentation SlidesRisk Mitigation Strategy PowerPoint Presentation Slides
Risk Mitigation Strategy PowerPoint Presentation SlidesSlideTeam
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Business impact assessment (bia)
Business impact assessment (bia)Business impact assessment (bia)
Business impact assessment (bia)Shashwat Shankar
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity CapabilityRod Davis
 
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) Donald E. Hester
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...James W. De Rienzo
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804James W. De Rienzo
 

More Related Content

What's hot

Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-systemintellisenseit
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSmart ERP Solutions, Inc.
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Denise Tawwab
 
BUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMBUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMLibcorpio
 
Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides SlideTeam
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Risk Mitigation Strategy PowerPoint Presentation Slides
Risk Mitigation Strategy PowerPoint Presentation SlidesRisk Mitigation Strategy PowerPoint Presentation Slides
Risk Mitigation Strategy PowerPoint Presentation SlidesSlideTeam
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Business impact assessment (bia)
Business impact assessment (bia)Business impact assessment (bia)
Business impact assessment (bia)Shashwat Shankar
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity CapabilityRod Davis
 
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) Donald E. Hester
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 

What's hot (20)

Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-system
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Risk assessment tools and techniques
Risk assessment tools and techniquesRisk assessment tools and techniques
Risk assessment tools and techniques
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2Understanding the NIST Risk Management Framework: 800-37 Rev. 2
Understanding the NIST Risk Management Framework: 800-37 Rev. 2
 
Security audit
Security auditSecurity audit
Security audit
 
BUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMBUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRM
 
Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
Risk Mitigation Strategy PowerPoint Presentation Slides
Risk Mitigation Strategy PowerPoint Presentation SlidesRisk Mitigation Strategy PowerPoint Presentation Slides
Risk Mitigation Strategy PowerPoint Presentation Slides
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Business impact assessment (bia)
Business impact assessment (bia)Business impact assessment (bia)
Business impact assessment (bia)
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity Capability
 
RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1) RMF Roles and Responsibilities (Part 1)
RMF Roles and Responsibilities (Part 1)
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
 

Viewers also liked

Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...James W. De Rienzo
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804James W. De Rienzo
 
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4James W. De Rienzo
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aJames W. De Rienzo
 
INFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition PlanINFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition PlanBill Ross
 
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...James W. De Rienzo
 
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...James W. De Rienzo
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk AssessmentSteve Bishop
 
Cyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
Cyber_Warfare_Escalation_to_Nuclear_Warfare_ExaminationCyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
Cyber_Warfare_Escalation_to_Nuclear_Warfare_ExaminationBill Ross
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)James W. De Rienzo
 
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)James W. De Rienzo
 
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...James W. De Rienzo
 
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...James W. De Rienzo
 
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...James W. De Rienzo
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the CloudNetStandard
 
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwdJob aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwdJames W. De Rienzo
 
Nist 800 60 data types catgorization tables
Nist 800 60 data types catgorization tablesNist 800 60 data types catgorization tables
Nist 800 60 data types catgorization tablesDaniel Kerberos
 
Information Security Fundamentals
Information Security FundamentalsInformation Security Fundamentals
Information Security FundamentalsJames W. De Rienzo
 

Viewers also liked (20)

Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
 
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
 
INFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition PlanINFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition Plan
 
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
 
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk Assessment
 
Cyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
Cyber_Warfare_Escalation_to_Nuclear_Warfare_ExaminationCyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
Cyber_Warfare_Escalation_to_Nuclear_Warfare_Examination
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
 
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
 
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
 
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
 
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwdJob aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
 
Nist 800 60 data types catgorization tables
Nist 800 60 data types catgorization tablesNist 800 60 data types catgorization tables
Nist 800 60 data types catgorization tables
 
Information Security Fundamentals
Information Security FundamentalsInformation Security Fundamentals
Information Security Fundamentals
 

Similar to Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)

Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanTripwire
 
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docxINSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docxdirkrplav
 
Data-Classification-Study (1).pptx
Data-Classification-Study (1).pptxData-Classification-Study (1).pptx
Data-Classification-Study (1).pptxMukeshKumar798460
 
The art of securing microgrid control systems
The art of securing microgrid control systemsThe art of securing microgrid control systems
The art of securing microgrid control systemsJim Dodenhoff
 
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docxhttpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docxwellesleyterresa
 
L3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxL3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxStevenTharp2
 
NIST Framework for Information System
NIST Framework for Information SystemNIST Framework for Information System
NIST Framework for Information Systemnewbie2019
 
Jib inc260425-2
Jib inc260425-2Jib inc260425-2
Jib inc260425-2Liberteks
 
Risk Assessment In this assignment, you will perform a qualitat.docx
Risk Assessment In this assignment, you will perform a qualitat.docxRisk Assessment In this assignment, you will perform a qualitat.docx
Risk Assessment In this assignment, you will perform a qualitat.docxSUBHI7
 
Monitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs MarsMonitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs Marsamit_monty
 
Federal government security planning
Federal government security planningFederal government security planning
Federal government security planninggdobbe
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeUnderstanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeDonald E. Hester
 
It security-plan-template
It security-plan-templateIt security-plan-template
It security-plan-templatejbmills1634
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™CPaschal
 
CRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approachCRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approachCRISP Project
 
PhishingBox Overview
PhishingBox OverviewPhishingBox Overview
PhishingBox OverviewPhishingBox
 
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxProject #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxstilliegeorgiana
 
Consequence Informed Cyber Security
Consequence Informed Cyber Security Consequence Informed Cyber Security
Consequence Informed Cyber Security Dragos, Inc.
 

Similar to Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1) (20)

Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
 
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docxINSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
 
Data-Classification-Study (1).pptx
Data-Classification-Study (1).pptxData-Classification-Study (1).pptx
Data-Classification-Study (1).pptx
 
Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015
 
The art of securing microgrid control systems
The art of securing microgrid control systemsThe art of securing microgrid control systems
The art of securing microgrid control systems
 
Information security risk
Information security riskInformation security risk
Information security risk
 
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docxhttpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
httpwww.csun.edu~dn58412IS531Lecture 12Informatio.docx
 
L3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxL3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptx
 
NIST Framework for Information System
NIST Framework for Information SystemNIST Framework for Information System
NIST Framework for Information System
 
Jib inc260425-2
Jib inc260425-2Jib inc260425-2
Jib inc260425-2
 
Risk Assessment In this assignment, you will perform a qualitat.docx
Risk Assessment In this assignment, you will perform a qualitat.docxRisk Assessment In this assignment, you will perform a qualitat.docx
Risk Assessment In this assignment, you will perform a qualitat.docx
 
Monitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs MarsMonitoring With Alterpoint And Cs Mars
Monitoring With Alterpoint And Cs Mars
 
Federal government security planning
Federal government security planningFederal government security planning
Federal government security planning
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: CategorizeUnderstanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 6: Categorize
 
It security-plan-template
It security-plan-templateIt security-plan-template
It security-plan-template
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™
 
CRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approachCRISP evaluation using the STEFi approach
CRISP evaluation using the STEFi approach
 
PhishingBox Overview
PhishingBox OverviewPhishingBox Overview
PhishingBox Overview
 
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxProject #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
 
Consequence Informed Cyber Security
Consequence Informed Cyber Security Consequence Informed Cyber Security
Consequence Informed Cyber Security
 

More from James W. De Rienzo

Nist sp 800_r5_baselines_&amp;_attributes
Nist sp 800_r5_baselines_&amp;_attributesNist sp 800_r5_baselines_&amp;_attributes
Nist sp 800_r5_baselines_&amp;_attributesJames W. De Rienzo
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417James W. De Rienzo
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 
NIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database AnalysisNIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database AnalysisJames W. De Rienzo
 
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...James W. De Rienzo
 
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804James W. De Rienzo
 
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkInformation Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkJames W. De Rienzo
 
VDI and Application Virtualization
VDI and Application VirtualizationVDI and Application Virtualization
VDI and Application VirtualizationJames W. De Rienzo
 

More from James W. De Rienzo (10)

Nist sp 800_r5_baselines_&amp;_attributes
Nist sp 800_r5_baselines_&amp;_attributesNist sp 800_r5_baselines_&amp;_attributes
Nist sp 800_r5_baselines_&amp;_attributes
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
 
NIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database AnalysisNIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database Analysis
 
SEI CERT Podcast Series
SEI CERT Podcast SeriesSEI CERT Podcast Series
SEI CERT Podcast Series
 
CNDSP Assessment Template
CNDSP Assessment TemplateCNDSP Assessment Template
CNDSP Assessment Template
 
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
 
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
 
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkInformation Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual Framework
 
VDI and Application Virtualization
VDI and Application VirtualizationVDI and Application Virtualization
VDI and Application Virtualization
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)

  • 1. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Appendix C: Management & Support Information & Information Systems Impact Levels I A C I A * Controls and Oversight C System Name  Proposed FIPS 199  Impact Values * Rationale and Factors for Services Delivery Support Information System Name  Current FIPS 199  Impact Values * Corrective Action Information Type L L L Program Evaluation Information Type L L L L (3) L L Program Monitoring Information Type (3) Regulatory Development * Policy and Guidance Development Information Type L L L Public Comment Tracking Information Type L L L Regulatory Creation Information Type L L L Rule Publication Information Type L L L Planning and Budgeting * Budget Formulation Information Type L L L Capital Planning Information Type L L L Enterprise Architecture Information Type L L L Strategic Planning Information Type L L L Budget Execution Information Type L L L Workforce Planning Information Type L L L Management Improvement Information Type L L L Budget and Performance Integration Information Type L L L Tax and Fiscal Policy Information Type L L L Internal Risk Management and Mitigation * Contingency Planning Information Type M M M Continuity of Operations Information Type M M M Service Recovery Information Type L L L Revenue Collection * Debt Collection Information Type M L L User Fee Collection Information Type L L M Federal Asset Sales Information Type L M L Public Affairs * Customer Services Information Type L L L Official Information Dissemination Information Type L L L Print Date: 2/19/2014 Page 1 of 8  Contact: James W. De Rienzo
  • 2. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Product Outreach Information Type L L L L C I A System Name  Proposed FIPS 199  Impact Values C I A L Public Relations Information Type System Name  Current FIPS 199  Impact Values L Legislative Relations * Legislation Tracking Information Type L L L Legislation Testimony Information Type L L L Proposal Development Information Type M L L Congressional Liaison Operations Information Type M L L General Government * Central Fiscal Operations Information Type (4) M L L Legislative Functions Information Type L L L Executive Functions Information Type (5) L L L Central Property Management Information Type L (6) L L (7) Central Personnel Management Information Type L L L Taxation Management Information Type M L L Central Records and Statistics Management Information Type M L L Income Information Information Type (8) M M M Personal Identity and Authentication Information Information Type (8) M M M Entitlement Event Information Information Type (8) M M M Representative Payee Information Information Type (8) M M M General Information Information Type (9) L L L Notification of Finding Report Information (General Information Information Type ‐ [9]) L L L Memoranda and Guidelines (General Information Information Type ‐ [9]) L L L Presidential Directives & Executive Orders (General Information Information Type ‐ [9]) L L L Other Executive Office of the President Guidance (General Information Information Type ‐ [9]) L L L Rationale and Factors for Government Resource Management Information * Administrative Management * L (6) L (7) L (7) Facilities, Fleet, and Equipment Management Information Type Help Desk Services Information Type L L L Security Management Information Type M M L Travel Information Type L L L Workplace Policy Development and Management Information Type (Intra‐Agency Only) L L L Financial Management Print Date: 2/19/2014 * Page 2 of 8  Contact: James W. De Rienzo
  • 3. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Assets and Liability Management Information Type L L L M M M L M L M L M L M A L Cost Accounting/ Performance Measurement Information Type I L Collections and Receivables Information Type C L Payments Information Type A L Accounting Information Type I L Funds Control Information Type C System Name  Proposed FIPS 199  Impact Values L Reporting and Information Information Type System Name  Current FIPS 199  Impact Values L Human Resource Management * HR Strategy Information Type L L L Staff Acquisition Information Type L L L Organization & Position Management Information Type L L L Compensation Management Information Type L L L Benefits Management Information Type L L L Employee Performance Management Information Type L L L Employee Relations Information Type L L L Labor Relations Information Type L L L Separation Management Information Type L L L Human Resources Development Information Type L L L Supply Chain Management * Goods Acquisition Information Type L L L Inventory Control Information Type L L L Logistics Management Information Type L L L Services Acquisition Information Type L L L Information and Technology Management * System Development Information Type L M L Lifecycle/Change Management Information Type L M L System Maintenance Information Type L M L IT Infrastructure Maintenance Information Type (10) L L L Information Security Information Type L M L Record Retention Information Type L L L Information Management Information Type (11) L M L System and Network Monitoring Information Type M M L Print Date: 2/19/2014 Page 3 of 8  Contact: James W. De Rienzo
  • 4. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C Information Sharing Information Type I A * System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A N/A N/A N/A Appendix D: Impact Determination for Mission‐Based Information & Infomation Systems * Defense and National Security * N/S N/S N/S Homeland Security * Border and Transportation Security Information Type M M M Key Asset and Critical Infrastructure Protection Information Type H H H Catastrophic Defense Information Type H H H Executive Functions of the Executive Office of the President (EOP) Information Type (23) H M H Intelligence Operations (24) N/S N/S N/S Disaster Management * * Disaster Monitoring and Prediction Information Type L H H Disaster Preparedness and Planning Information Type L L L Disaster Repair and Restoration Information Type L L L Emergency Response Information Type L H H International Affairs and Commerce * Foreign Affairs Information Type H H M International Development and Humanitarian Aid Information Type M L L Global Trade Information Type H H H Natural Resources * Water Resource Management Information Type L L L Conservation, Marine and Land Management Information Type L L L Recreational Resource Management and Tourism Information Type L L L Agricultural Innovation and Services Information Type L L L Energy * L(25) M(26) M(26) Energy Supply Information Type Energy Conservation and Preparedness Information Type L L L Energy Resource Management Information Type M L L Energy Production Information Type L L L Environmental Management * Environmental Monitoring and Forecasting Information Type L M L Environmental Remediation Information Type M L L Pollution Prevention and Control Information Type L L L Print Date: 2/19/2014 Page 4 of 8  Contact: James W. De Rienzo
  • 5. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Economic Development System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A * Business and Industry Development Information Type L L L Intellectual Property Protection Information Type L L L Financial Sector Oversight Information Type M L L Industry Sector Income Stabilization Information Type M L L Community and Social Services * Homeownership Promotion Information Type L L L Community and Regional Development Information Type L L L Social Services Information Type L L L Postal Services Information Type L M M Transportation * Ground Transportation Information Type L L L Water Transportation Information Type L L L Air Transportation Information Type L L L Space Operations Information Type L H H Education * Elementary, Secondary, and Vocational Education Information Type L L L Higher Education Information Type L L L Cultural and Historic Preservation Information Type L L L Cultural and Historic Exhibition Information Type L L L Workforce Management * Training and Employment Information Type L L L Labor Rights Management Information Type L L L Worker Safety Information Type L L L Health * Access to Care Information Type L M L Population Health Management and Consumer Safety Information Type L M L Health Care Administration Information Type L M L Health Care Delivery Services Information Type L H L Health Care Research and Practitioner Education Information Type L M L Income Security * General Retirement and Disability Information Type Print Date: 2/19/2014 M Page 5 of 8  M M Contact: James W. De Rienzo
  • 6. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Unemployment Compensation Information Type L L L L L L L L A C I A L Survivor Compensation Information Type I L Food and Nutrition Assistance Information Type C System Name  Proposed FIPS 199  Impact Values L Housing Assistance Information Type System Name  Current FIPS 199  Impact Values L Law Enforcement * Criminal Apprehension Information Type L L M Criminal Investigation and Surveillance Information Type M M M Citizen Protection Information Type M M M Leadership Protection Information Type M L L Property Protection Information Type L L L Substance Control Information Type M M M Crime Prevention Information Type L L L Trade Law Enforcement Information Type (27) M M M Litigation and Judicial Activities * Judicial Hearings Information Type M L L Legal Defense Information Type M H L Legal Investigation Information Type M M M Legal Prosecution and Litigation Information Type L M L Resolution Facilitation Information Type M L L Federal Correctional Activities * Criminal Incarceration Information Type L M L Criminal Rehabilitation Information Type L L L General Sciences and Innovation * Scientific and Technological Research and Innovation Information Type L M L Space Exploration and Innovation Information Type L M L Knowledge Creation and Management * Research and Development Information Type L M L General Purpose Data and Statistics Information Type L L L Advising and Consulting Information Type L L L Knowledge Dissemination Information Type L L L Regulatory Compliance and Enforcement * Inspections and Auditing Information Type Print Date: 2/19/2014 M Page 6 of 8  M L Contact: James W. De Rienzo
  • 7. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * Standards Setting/Reporting Guideline Development Information Type L L L L C I A System Name  Proposed FIPS 199  Impact Values C I A L Permits and Licensing Information Type System Name  Current FIPS 199  Impact Values L Public Goods Creation and Management * Manufacturing Information Type L L L Construction Information Type L L L Public Resources, Facility and Infrastructure Management Information Type L L L Information Infrastructure Management Information Type L L L Federal Financial Assistance * Federal Grants (Non‐State) Information Type L L L Direct Transfers to Individuals Information Type L L L Subsidies Information Type L L L Tax Credits Information Type M L L Credit and Insurance * Direct Loans Information Type L L L Loan Guarantees Information Type L L L General Insurance Information Type L L L Transfers to State/Local Governments * Formula Grants Information Type L L L Project/Competitive Grants Information Type L L L Earmarked Grants Information Type L L L State Loans Information Type L L L Direct Services for Citizens * Military Operations Information Type (28) N/A N/A N/A Civilian Operations Information Type (28) N/A N/A N/A APPENDIX E: Legislative & Executive & Executive Sources Establishing Sensitivity/Criticality * Legislative Mandates * Executive Mandates * Office of Management and Budget Memoranda and Guidelines * Presidential Directives and Executive Orders * Other EOP Guidance * OMB and Case Law Interpretations * Print Date: 2/19/2014 Page 7 of 8  Contact: James W. De Rienzo
  • 8. Information System Name:                                                          _________________________________ Official Use Only (When Filled) National Security (N/S) Information Out of Scope IMPACT ASSESSMENT (Determines the Sensitivity Level of an Information System/Information Type) Sensitivity Level of Information System (IS)/Information Type (Perceived impact from the loss to the three fundamental security attributes of information: confidentiality, integrity and availability. Impact Value Highest Water Mark: Current = BLANK; Proposed = BLANK Information Types Provisional  View  SP 800‐60v2r1  Impact Values Headers Enter System Name <‐‐‐‐‐‐‐ C I A * System Name  Current FIPS 199  Impact Values C I A System Name  Proposed FIPS 199  Impact Values C I A 3  The confidentiality impact assigned to the Program Monitoring Information Type may necessitate the highest confidentiality impact of the information types  processed by the system. 4  Tax‐related functions are associated with the Taxation Management information type. 5  The OMB Business Reference Model “Executive Function has been expanded to include general agency executive functions as well as Executive Office of the  President (EOP) functions. Strictly EOP executive functions are treated in Appendix D, Examples of Impact Determination for Mission‐Based Information and  Information Systems. 6  High where safety of major critical infrastructure components or key national assets is at stake. 7  Moderate or High in emergency situations where time‐critical processes affecting human safety or major assets are involved. 8  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address privacy information. 9  The OMB Business Reference Model does not include a General Information information type. This information type was added as a catch‐all information type.  As such, agencies may use this to identify additional information types not defined in the BRM and assign impact levels. 10  The confidentiality impact assigned to the IT Infrastructure Maintenance Information Type may necessitate the highest confidentiality impact of the information  types processed by the system. 11  The confidentiality impact assigned to the Information Management Information Type may necessitate the highest confidentiality impact of the information  types processed by the system. 20  Impact level is usually moderate to high in emergency situations where time‐critical processes affecting human safety or major assets are involved. 21  A loss of confidentiality that causes a significant degradation in mission capability, places the agency at a significant disadvantage, or results in major damage to  assets, requiring extensive corrective actions or repairs. 23  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address functions of the Executive Office of the  President (EOP). 24  Where foreign intelligence information is involved, the information and information systems are categorized as national security information or systems and are  outside the scope of this guideline. 25  High where safety of radioactive materials, highly flammable fuels, or transmission channels or control processes at risk. 26  Usually Moderate or High where mission‐critical procedures are involved. 27  The identified information types are not a derivative of OMB’s Business Reference Model and were added to address trade law enforcement. 28  As mode of delivery of mission‐based services, the security categorization of Direct Services to Citizens sub‐functions Military Operations and Civilian Operation  is dependent on the mission services delivered to the citizens [e.g., Health Care; Emergency Response, Environmental Remediation] should be categorized in  accordance with the mission‐based information type. Print Date: 2/19/2014 Page 8 of 8  Contact: James W. De Rienzo