FIPS 199 is the acronym for Federal Information Processing Standard Publication 199. FIPS 199 is the Standards for Security Categorization of Federal Information and Information Systems of the United States Federal Government standard. It establishes security categorization of the information systems used by the Federal Government, one component of risk assessment.
FIPS 199 and FIPS 200 are the mandatory security standards required by Federal Information Security Management Act of 2002 (FISMA).
To be in compliance of FIPS 199, Federal agencies have to assess their information systems. Information system has to be assessed for each of the categories of confidentiality, integrity and availability. After assessment rating for each system is provided in terms of low, moderate or high impact in each category. The information system’s overall security categorization is derived from the most severe rating from any category.
The E-Government Act of 2002 recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act identified the following tasks to be done for the information security:
Standards to be used by all federal agencies to categorize all information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to a range of risk levels;
Guidelines recommending the types of information and information systems to be included in each category; and
Minimum information security requirements (i.e., management, operational, and technical controls), for information and information systems in each such category.
Out of these tasks 1st task is addressed by the FIPS Publication 199. FIPS Publication 199 provides the guidance on the categorization of all information in terms of the Confidentiality, Integrity and Availability into Low, Moderate and High Impact.