Question

FIPS Publication 200 is a mandatory federal standard developed by NIST in response to FISMA. To comply with the federal standard, organizations first determine the security category of their information system in accordance with FIPS Publication 199. Thales e-Security can help you meet the FIPS 200 and FIPS 199 data security compliance standards. Identify the relevance of the FIPS 199 and FIPS 200 documents to non-government entities.

Does the FIPS 199 document contain information relevant to non-government entities? Justify your position.

Does the FIPS 200 document contain information relevant to non-government entities? Justify your position

Answer 1

Identify the relevance of the FIPS 199 and FIPS 200 documents to non-government entities.

• Encryption and Key Management: They have centrally managed files so that it can easily locate out. It has very strong encryption which is very simple to understand. Transparent to processes so that easy to keep track. Transparent to users as well.
• Access Policies and Privileged User Controls: It has very strong restricted access to encrypted daya, the use who has access to it only can access it. The It operation can be performed with ability to see protected information.
• Security Intelligence: If there is case where logs to protected data is too much than it create security alert, and high security is provided which can be used with SIME(Security Information and Event Management).

Does the FIPS 199 document contain information relevant to non-government entities? Justify your position.

• Federal Information Processing Standards (FIPS) are standards published by NIST for use by the United States federal government and government contractors in relation to computer systems.
• FIPS-199 is security authorization developed for submission to the Federal Risk and Authorization Management Program (FedRAMP) authorizing officials. It determine the security level of cloud environment that may host any service model. As now a day's most protected information is stored on cloud only for safety reasons. so it is very necessary protect cloud environment. Main goal is CSP should implement security control to its environment.
• To keep your protected data secured your CSP should be strong. So it will be beneficial for non governing entity.

Does the FIPS 200 document contain information relevant to non-government entities? Justify your position

• FIPS-200 basically says that there are 17 security related are which federal agency must meet certain requirements.

  These security areas are:

• Access Control;
• Awareness and Training;
• Audit and Accountability;
• Certification, Accreditation, and Security Assessments;
• Configuration Management;
• Contingency Planning;
• Identification and Authentication;
• Incident Response;
• Maintenance;
• Media Protection;
• Physical and Environmental Protection;
• Planning;
• Personnel Security;
• Risk Assessment;
• Systems and Services Acquisition;
• System and Communications Protection; and
• System and Information Integrity

FIPS-200 states that when secured information system is developing, implementing the security emphasis should be at highest priority.

As we can see from 17 criteria each criteria has significant value if some criteria is imposed while developing the security system it will secure the protected data.