FIPS 199 Sets the Standards for Security Categorization of Federal Information and Information System and SP 800-60 guides the application of those standards. The table below summarizes the Security Objective vs. Potential Impact.

DLZP Group shall treat all client data and environments as **Confidential-High** 

Therefore, all systems built and maintained by DLZP in the AWS cloud shall meet this standard. This is achievable in the AWS cloud environment at no extra cost to the client. Furthermore, by adopting a single standard DLZP limits the possibility of exposing data due to accidental mis-classification.

FIPS 200 sets the minimum security requirements for Federal Information Systems. And, NIST 800-53 rev.4 provides a library of controls configuration items (CI's) and policies that provides the operating environment framework that must be met to maintain compliance with FedRAMP standards. To meet the DLZP Group Security Standard of Confidential-High, DLZP will maintain appropriate 800-53 controls throughout its business and data processing practices.

All systems BASE CI's will meet relevant NIST 800-53 Confidential-High security objectives.
DLZP Group offers clients the choice of a Compliance Framework (Advanced CI's) to match their business requirements.

This ensure our client's have the most secure environment and matches the cost associated with their Compliance Standards e.g. FedRAMP, HIPAA, PCI, FERPA to the regulatory environment of the customers business model and entity needs.

Steps 3 thru 6 cover data processing and governance business practices that will we covered within their own wiki chapters.