Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects NIST Risk Management Framework About the RMF

NIST Risk Management Framework RMF

Risk Management Framework (RMF) - Categorize Step

At A Glance

RMF Categorize Step

 

     

    Purpose: Inform organizational risk management processes and tasks by determining the adverse impact  with respect to the loss of ity, integrity, and availability of systems and the information processed, stored, and transmitted by those systems
     
    Outcomes: 

    • system characteristics documented
    • security categorization of the system and information completed
    • categorization decision reviewed/approved by authorizing official

     

    Resources for Implementers

    Federal Information Processing Standard (FIPS) 199Standards for Security Categorization of Federal Information and Information Systems

    • Standard for categorizing information and systems according to an organization's level of concern for ity, integrity, and availability and the potential impact on organizational assets and operations.

    NIST SP 800-60 Volume I and Volume II, Guide for Mapping Types of Information and Information Systems to Security Categories

    • Developed to assist agencies categorize information and systems.
    • Guidelines recommending the types of information and systems to be included in each security impact level for ity, integrity, and availability.

     

    Back to About the RMF

    Contacts

    NIST Risk Management Framework Team
    [email protected]

    Created November 30, 2016, Updated March 11, 2025