Security Categorization

JDBiggs created the Security Categorization Methodology to correctly identify the information families, information types, rating (Low, Moderate, High) for Confidentiality, Integrity, & Availability, and also provide justification of rating disparities. This methodology is designed to assist system owners and contractors in completing the annual requirement and determining which security controls will be tested in accordance with NIST Special Publications.

During the Security Categorization process, the system owner and contractor should evaluate the questions in NIST SP 800-59 and ensure the system is not a National Security System. It is paramount to the success of this exercise that senior level security and privacy consulting professionals facilitate this activity with stakeholders that include: System Program Manager, ISSO, Personnel and Physical Security, Network Operation Center and vendor responsible for application implementation and management.