Each new CMS FISMA system must define its security categorization based on the Federal Information Processing Standards Publication 199 (FIPS 199). Each system must be reviewed in the following categories:
- Confidentiality
- Integrity
- Availability
During review, each category is assigned a rating of low, moderate, or high impact. The most severe rating from any category becomes the system's overall security categorization.
In the past, the ISSO completed this review using the System Categorization Worksheet (SCW). The SCW is outdated and has been retired. ISSOs can now complete their system categorization using CFACTS. Watch the video to learn about this process.
If you have questions, you can contact the CFACTS Team in CMS Slack in the #cfacts_community channel.
Watch the video about assigning a FIPS 199 Security Category to your system, and learn how to use CFACTS to simplify the process