Detections
Analytics

800-53|RA-2

Title

SECURITY CATEGORIZATION

Description

The organization:

Supplemental

Clearly defined authorization boundaries are a prerequisite for effective security categorization decisions. Security categories describe the potential adverse impacts to organizational operations, organizational assets, and individuals if organizational information and information systems are comprised through a loss of confidentiality, integrity, or availability. Organizations conduct the security categorization process as an organization-wide activity with the involvement of chief information officers, senior information security officers, information system owners, mission/business owners, and information owners/stewards. Organizations also consider the potential adverse impacts to other organizations and, in accordance with the USA PATRIOT Act of 2001 and Homeland Security Presidential Directives, potential national-level adverse impacts. Security categorization processes carried out by organizations facilitate the development of inventories of information assets, and along with CM-8, mappings to specific information system components where information is processed, stored, or transmitted.

Reference Item Details

Related: CM-8,MP-4,RA-3,SC-7

Category: RISK ASSESSMENT

Family: RISK ASSESSMENT

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
3.3.1 Ensure SharePoint Online Information Protection policies are set up and usedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.0.0
9.1.6 Ensure 'Allow users to apply sensitivity labels for content' is 'Enabled'microsoft_azureCIS Microsoft 365 Foundations E3 L1 v3.0.0