EPA - 21-E-0226 - 21-E-0226_1

Implement controls to follow National Institute of Standards and Technology guidance when conducting systems categorizations by:a. Involving the appropriate key stakeholders, including mission owners and the chief information security officer, during the system security categorization process as prescribed in the National Institute for Standards and Technology Special Publication 800-60 Volume I,Table 3, Process Roadmap.b. Having responsible parties adhere to all activity steps as outlined in the National Institute for Standards and Technology Process Roadmap, including selecting all application information types applicable to information systems.c. Having responsible parties document the security categorization determinations and decisions within system security plans as provided in the National Institute for Standards and Technology Process Roadmap, including documenting all downward adjustments toprovisional security levels.