FIPS 199 and FIPS 200: The Foundation of Federal Information Security

How FIPS 199 and FIPS 200 were developed, why they were necessary, and how they became the foundation for system categorization and minimum security requirements across the federal government.

Before FIPS 199 and FIPS 200, federal agencies made independent, inconsistent decisions about how to classify the sensitivity of their systems and what security controls to apply. The result was a patchwork of incompatible security programs, no common language for risk, and no way for oversight bodies to compare security postures across agencies. FIPS 199 and FIPS 200 changed that. Published in 2004 and 2006, these two Federal Information Processing Standards introduced a mandatory, uniform methodology for categorizing federal information systems by impact level and defining the minimum security requirements each category must meet. This course traces their development from the legislative mandate in FISMA 2002 through the technical decisions that shaped the final standards, and explains why they remain the foundation of every NIST 800-53 assessment, FedRAMP authorization, and FISMA compliance program today.

What's Covered

  1. The Problem Before FISMA: Why Federal Information Security Was Broken
  2. FISMA 2002 and the Mandate for Standards
  3. FIPS 199: Standards for Security Categorization
  4. The Three Security Objectives: Confidentiality, Integrity, and Availability
  5. FIPS 200: Minimum Security Requirements for Federal Systems
  6. How FIPS 199 and 200 Connect to NIST SP 800-53
  7. Applying FIPS 199 in Practice: System Categorization
  8. The Lasting Impact: FIPS 199 and 200 in Modern Compliance
$49.00

One-time payment. Lifetime access. Access link delivered by email.

Coupons are not redeemable for cash.

Already purchased? Resend access link