RA-2: Security Categorization

NIST Baseline: Low 

DIR Required By:  07/20/2023 

TAMUS required By:  08/01/2022 

Review Date:  07/31/2024 

1. Information resource owners or their designee, in coordination with the Tarleton State University (Tarleton) Chief Information Security Officer (CISO), are responsible for determining and documenting the data classification category for each information resource under their control following the Texas A&M University System (TAMUS) Data Classification and Protection Standard.  

2. Information resource owners or their designee are responsible for maintaining an accurate inventory of information resources that store or process data classified as Confidential (see Control PM-5, System Inventory).  

3. The final determination of classification categories may be subject to review by the Tarleton CISO. 

---

References/Additional Resources

FIPS 199 

FIPS 200 

SP 800-30 

SP 800-37 

SP 800-39 

SP 800-60-1 

SP 800-60-2 

SP 800-160-1 

CNSSI 1253 

NARA CUI 

1 TAC § 202.24(b)(1)  

1 TAC § 202.74(b)(1)  

1 TAC Chapter 202 Subchapter A  

DIR Data Classification Guide 

TAMUS Data Classification and Protection Standard