CMMCDocs.comFIPS 199
Also known as: Federal Information Processing Standard 199
The federal standard that defines security categorization of federal information and information systems by their potential impact on confidentiality, integrity, and availability.
Federal Information Processing Standard (FIPS) Publication 199, 'Standards for Security Categorization of Federal Information and Information Systems,' is the foundational standard that defines how federal information is categorized by its potential impact on confidentiality, integrity, and availability.
FIPS 199 establishes three impact levels — Low, Moderate, and High — based on the worst-case consequence of a compromise. The categorization drives the security control baseline that the system must implement.
For CMMC purposes, FIPS 199 is mostly relevant indirectly: CUI is generally categorized as Moderate impact for confidentiality, which is why FedRAMP Moderate is the required baseline for cloud services handling CUI on behalf of defense contractors.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account