Published: 8/22/2023
Watch and Learn: System Categorization in CFACTS
Watch the video about assigning a FIPS 199 Security Category to your system, and learn how to use CFACTS to simplify the process
Each new CMS FISMA system must define its security categorization based on the Federal Information Processing Standards Publication 199 (FIPS 199). Each system must be reviewed in the following categories:
- Confidentiality
- Integrity
- Availability
During review, each category is assigned a rating of low, moderate, or high impact. The most severe rating from any category becomes the system's overall security categorization.
In the past, the ISSO completed this review using the System Categorization Worksheet (SCW). The SCW is outdated and has been retired. ISSOs can now complete their system categorization using CFACTS. Watch the video to learn about this process.
If you have questions, you can contact the CFACTS Team in CMS Slack in the #cfacts_community channel.
About the publisher:
The CMS FISMA Continuous Tracking System (CFACTS) is the database used to track system security and support the system authorization process. The CFACTS Team works on improvements to the platform and helps people use it effectively.
