Which FIPS specifies minimum security requirements for federal information and information systems?

FIPS 200 specifies the minimum security requirements for federal information and information systems. This standard establishes foundational security controls required to protect federal information systems and ensures they are resilient against various threats. It outlines the necessary security controls that must be implemented to meet specific security objectives.

FIPS 200 categorizes information systems based on the impact of a security breach (low, moderate, or high) and establishes the baseline security requirements that need to be addressed for systems at each category level. This standard serves as a guiding framework for federal agencies to implement adequate security measures to safeguard their information and systems.

In contrast, FIPS 140-2 focuses specifically on the security requirements for cryptographic modules, while FIPS 199 addresses the standards for categorizing information and information systems based on their impact levels. FIPS 201 pertains to personal identity verification of federal employees and contractors, emphasizing identity management rather than overarching security requirements.

In summary, FIPS 200 is the relevant standard that outlines the minimum security requirements essential for ensuring the protection of federal information and systems.