Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

This is an archive
(replace .gov by .rip)

FIPS 200

Minimum Security Requirements for Federal Information and Information Systems

Date Published: March 2006

Planning Note (5/25/2018): See the current publishing schedule.

Supersedes: SP 800-26 (November 2001)


National Institute of Standards and Technology



risk-assessment; security controls; security requirements
Control Families

Access Control; Audit and Accountability; Awareness and Training; Security Assessment and Authorization; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; Risk Assessment; System and Communications Protection; System and Information Integrity; System and Services Acquisition;


FIPS 200 (DOI)
Local Download

Supplemental Material:
None available

Related NIST Publications:
FIPS 199