Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

FIPS 200

Minimum Security Requirements for Federal Information and Information Systems

Date Published: March 2006

Planning Note (5/25/2018): See the current publishing schedule.

Supersedes: SP 800-26 (November 2001)


National Institute of Standards and Technology



risk-assessment; security controls; security requirements
Control Families

Access Control; Audit and Accountability; Awareness and Training; Security Assessment and Authorization; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; Risk Assessment; System and Communications Protection; System and Information Integrity; System and Services Acquisition;


FIPS 200 (DOI)
Local Download

Supplemental Material:
None available

Related NIST Publications:
FIPS 199