Categorise Information and Systems

Apply FIPS 199 categorisation to each asset based on its confidentiality, integrity, and availability (CIA) impact.

Define criticality levels (Low, Moderate, High) to prioritise risk mitigation.

Reference: NIST FIPS 199