The Federal Information Processing Standard (FIPS) 199 provides organizations and individuals with the necessary guidance to determine a cybersecurity threat’s impact level accurately. These impact levels define the level of security a system should have to protect the data contained therein adequately.

This article will take you through an overview of FIPS 199 and how it can help you understand the three categories of impact levels, define terms used in FIPS 199, assess the impact of a cybersecurity threat, and provide best practices for interpreting results and mitigating risk.

Awareness

FedRAMP and DoD Impact Levels

May 17, 2023 Continuum GRC 0 Comment

As the Department of Defense (DoD) increasingly leverages cloud services, the need to classify and secure sensitive data has never been more important. To address that need, the DoD’s Cloud Computing Security Requirements Guide (SRG) provides a comprehensive framework for this, establishing different Impact Levels to classify the appropriateness of a system to handle specific kinds of data.

If you’re familiar with federal regulations and cloud services, you might already notice that another framework applies to cloud service providers–FedRAMP. That’s why the DoD has guidelines for implementing specific DoD impact level requirements alongside FedRAMP.

This article discusses the DoD Impact Levels, covering what type of data they encompass and how they interact with FedRAMP.

Awareness Frameworks

FedRAMP and FIPS-Defined Impact Levels

Dec 28, 2022 Continuum GRC 0 Comment

One of the foundational pieces of information that a cloud provider needs to know when preparing for their FedRAMP Authorization is the required Impact Level. These levels aren’t generic labels applied by agencies to highlight the importance of their data–they are clearly-defined categories laid out by the National Institute of Standards and Technology (NIST) to structure security requirements.