The purpose of the Categorize Step is to guide and inform subsequent risk management processes and tasks by determining the adverse impact or consequences to the organization with respect to the compromise or loss of organizational assets—including the confidentiality, integrity, and availability of organizational systems and the information processed, stored, and transmitted by those systems.
All links below point to PDF files for the Categorize Step
Security and Privacy: risk management
Laws and Regulations: E-Government Act, Federal Information Security Modernization Act