Discuss information attributes that may result in variances from the provisional impactlevel assignment

Title III of the E-Government Act (Public Law 107-347), titled the Federal Information SecurityManagement Act (FISMA), tasked the National Institute of Standards and Technology (NIST) todevelop:• Standards to be used by all Federal agencies to categorize all information and informationsystems collected or maintained by or on behalf of each agency based on the objectivesof providing appropriate levels of information security according to a range of risk levels;• Guidelines recommending the types of information and information systems to beincluded in each such category; and• Minimum information security requirements (i.e., management, operational, andtechnical security controls), for information and information systems in each suchcategory.In response to the second of these tasks, this guideline has been developed to assist Federalgovernment agencies to categorize information and information systems. The guideline’sobjective is to facilitate application of appropriate levels of information security according to arange of levels of impact or consequences that might result from the unauthorized disclosure,modification, or use of the information or information system. This guideline assumes that theuser is familiar with Standards for Security Categorization of Federal Information andInformation Systems (Federal Information Processing Standard [FIPS] 199). The guideline andits appendices:• Review the security categorization terms and definitions established by FIPS 199;• Recommend a security categorization process;• Describe a methodology for identifying types of Federal information and informationsystems;• Suggest provisional1security impact levels for common information types;• Discuss information attributes that may result in variances from the provisional impactlevel assignment; and• Describe how to establish a system security categorization based on the system’s use,connectivity, and aggregate information content.This document is intended as a reference resource rather than as a tutorial and not all of thematerial will be relevant to all agencies. This document includes two volumes, a basic guidelineand a volume of appendices. Users should review the guidelines provided in Volume I, thenrefer to only that specific material from the appendices that applies to their own systems andapplications. The provisional impact assignments are provided in Volume II, Appendix C and D.The basis employed in this guideline for the identification of information types is the Office of

Hello, this question is here because we've worked on this and other similar assignments. If you don't know the answer, you can ask us for help. We guarantee an original paper free from Plagiarism.

Order a Similar Paper Order Different Paper

We got you covered for the whole semester.