Security categorization is the first step in a security risk management framework because of its impact on all other steps, from selection of security controls to apply based upon the assessment to the level of effort required to assess the effectiveness of the security controls put in place. Security categorization covers information (data) at rest and information systems. The approach used in this guide applies only to data at rest. The approach aligns National Institute of Standards and Technology (NIST) Special Publication (SP) 800-60 Volume 1, revision 1 [B2] and with Federal Information Processing Standards (FIPS) FIPS 199 [B1], the latter of which establishes security categories based on the magnitude of harm expected to result from compromises rather than on the results of an assessment that includes an attempt to determine the probability of compromise.
- Standard Committee
- PE/PSRCC - Power System Relaying and Control
- Status
- Active PAR
- PAR Approval
- 2021-12-08
Working Group Details
- Society
- IEEE Power and Energy Society
- Standard Committee
- PE/PSRCC - Power System Relaying and Control
- Working Group
-
H22_PC37.249 - Guide for Categorizing Security Needs for Protection and Automation Related Data Files
- IEEE Program Manager
- Malia Zaman
Contact Malia Zaman - Working Group Chair
- Amir Makki
Other Activities From This Working Group
Current projects that have been authorized by the IEEE SA Standards Board to develop a standard.
No Active Projects
Standards approved by the IEEE SA Standards Board that are within the 10-year lifecycle.
No Active Standards
These standards have been replaced with a revised version of the standard, or by a compilation of the original active standard and all its existing amendments, corrigenda, and errata.
No Superseded Standards
These standards have been removed from active status through a ballot where the standard is made inactive as a consensus decision of a balloting group.
No Inactive-Withdrawn Standards
These standards are removed from active status through an administrative process for standards that have not undergone a revision process within 10 years.
No Inactive-Reserved Standards