Skip to main content
WhyHow It WorksFeaturesPricingBlog
Sign inRequest demo
FRD-SCTImplementation guide coming soon

Security Category

Also: security category, security categories, impact level, impact levels

Definition

Verbatim from FedRAMP/rules

Has the meaning from NIST FIPS 199, which is "The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals." Security categories are often referred to as "impact levels" and include Low, Moderate, and High.

Used in 3 rule requirements

This term is a defined part of the following FedRAMP rule requirements — when it appears in a rule, this definition applies precisely.

CDS-CSO-PUBCDS-CSO-SVCMAS-CSO-FLO

References

NIST FIPS 199 Standards for Security Categorization of Federal Information and Information Systems

Change history

  • 2026-07-04Initial reset for the Consolidated Rules for 2026 Public Preview.

Source of truth: FedRAMP/rules. Definitions are published verbatim; Boundera adds cross-references and implementation context.