{"id":498,"date":"2025-06-12T18:31:34","date_gmt":"2025-06-12T21:31:34","guid":{"rendered":"https:\/\/treinamentolivre.com\/si\/cyber\/?p=498"},"modified":"2025-06-13T18:19:02","modified_gmt":"2025-06-13T21:19:02","slug":"analise-do-fips-pub-199","status":"publish","type":"post","link":"https:\/\/treinamentolivre.com\/si\/cyber\/?p=498","title":{"rendered":"An\u00e1lise do FIPS PUB 199"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<ul class=\"wp-block-list\">\n<li>FIPS PUB<sup>1<\/sup><\/li>\n\n\n\n<li>Standards for Security Categorization of Federal Information and Information Systems.<\/li>\n\n\n\n<li>Computer Security Division.<\/li>\n\n\n\n<li>Information Technology Laboratory.<\/li>\n\n\n\n<li>NIST \u2013 GAITHERSBURG \u2013 MD.<\/li>\n\n\n\n<li>FEBRUARY, 2004.<\/li>\n<\/ul>\n<\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"699\" height=\"820\" src=\"https:\/\/treinamentolivre.com\/si\/cyber\/wp-content\/uploads\/2025\/06\/fips-pub-199-CAPA.jpg\" alt=\"\" class=\"wp-image-519\" srcset=\"https:\/\/treinamentolivre.com\/si\/cyber\/wp-content\/uploads\/2025\/06\/fips-pub-199-CAPA.jpg 699w, https:\/\/treinamentolivre.com\/si\/cyber\/wp-content\/uploads\/2025\/06\/fips-pub-199-CAPA-256x300.jpg 256w\" sizes=\"auto, (max-width: 699px) 100vw, 699px\" \/><\/figure>\n\n\n\n<p> O objetivo do FIPS<sup>2<\/sup> PUB 199 \u00e9 desenvolver standards para a categoriza\u00e7\u00e3o da informa\u00e7\u00e3o e de sistemas de informa\u00e7\u00e3o. Dizem que o <a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/fips\/nist.fips.199.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">FIPS PUB 199<\/a> foi inspirado pelos eventos do 9\/11 (ataques terroristas a pr\u00e9dios monumentais dos EUA).<\/p>\n\n\n\n<p><strong>Alguns documentos relacionados:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.cia.gov\/readingroom\/docs\/CIA-RDP61-00549R000200040008-2.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Atomic Energy Act de 1954<\/a>.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.govinfo.gov\/link\/cpd\/executiveorder\/12958\" target=\"_blank\" rel=\"noreferrer noopener\">Executive Order 12958<\/a>, emitida em 17 de abril de 1995 pelo presidente Bill Clinton, que trata da pol\u00edtica de seguran\u00e7a nacional quanto \u00e0 classifica\u00e7\u00e3o e desclassifica\u00e7\u00e3o de informa\u00e7\u00f5es. Ela substituiu ordens executivas anteriores sobre o tema e buscou modernizar e tornar mais transparente o sistema de sigilo governamental nos Estados Unidos.<\/li>\n\n\n\n<li>Federal Information Security Management Act \u2013 FISMA (<a href=\"https:\/\/www.congress.gov\/107\/plaws\/publ347\/PLAW-107publ347.pdf\">Public Law 107-347<\/a>, Title III). Exigiu que todos os \u00f3rg\u00e3os federais estabelecessem programas formais de seguran\u00e7a da informa\u00e7\u00e3o. A FISMA atribuiu ao NIST (National Institute of Standards and Technology) a responsabilidade de desenvolver padr\u00f5es e diretrizes para seguran\u00e7a da informa\u00e7\u00e3o federal, em colabora\u00e7\u00e3o com a comunidade federal de TI e seguran\u00e7a.<\/li>\n\n\n\n<li><a href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/60\/v1\/r1\/final\" target=\"_blank\" rel=\"noreferrer noopener\">NIST SP 800-60<\/a>, oferece orienta\u00e7\u00e3o detalhada para aplicar o modelo de categoriza\u00e7\u00e3o de risco.<\/li>\n\n\n\n<li>A <a href=\"https:\/\/www.govinfo.gov\/link\/cpd\/executiveorder\/12958\" target=\"_blank\" rel=\"noreferrer noopener\">EO 12958<\/a> estabelece as regras para classifica\u00e7\u00e3o de informa\u00e7\u00f5es como confidenciais, secretas ou ultrassecretas (top secret) quando a divulga\u00e7\u00e3o dessas informa\u00e7\u00f5es puder causar dano \u00e0 seguran\u00e7a nacional.<\/li>\n\n\n\n<li>A EO 12958 foi modificada pela <a href=\"https:\/\/sgp.fas.org\/bush\/eo13292inout.html\" target=\"_blank\" rel=\"noreferrer noopener\">Executive Order 13292<\/a>, assinada por George W. Bush em 2003.<\/li>\n\n\n\n<li>Em 2009, a <a href=\"https:\/\/obamawhitehouse.archives.gov\/the-press-office\/executive-order-classified-national-security-information\" target=\"_blank\" rel=\"noreferrer noopener\">Executive Order 13526<\/a>, assinada por Barack Obama, revogou a EO 12958 e a <a href=\"https:\/\/sgp.fas.org\/bush\/eo13292inout.html\" target=\"_blank\" rel=\"noreferrer noopener\">13292<\/a>, atualizando todo o sistema de classifica\u00e7\u00e3o com novos crit\u00e9rios de transpar\u00eancia, revis\u00e3o e controle de acesso.<\/li>\n<\/ul>\n\n\n\n<p>Quadro comparativo resumido entre as tr\u00eas ordens executivas que tratam da classifica\u00e7\u00e3o de informa\u00e7\u00f5es de seguran\u00e7a nacional nos EUA:<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcca <strong>Comparativo: EO 12958 (Clinton, 1995) \u00d7 EO 13292 (Bush, 2003) \u00d7 EO 13526 (Obama, 2009)<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Item<\/strong><\/th><th><strong>EO 12958 (1995)<\/strong> \u2013 <em>Clinton<\/em><\/th><th><strong>EO 13292 (2003)<\/strong> \u2013 <em>Bush<\/em><\/th><th><strong>EO 13526 (2009)<\/strong> \u2013 <em>Obama<\/em><\/th><\/tr><\/thead><tbody><tr><td><strong>Objetivo<\/strong><\/td><td>Reduzir o sigilo excessivo e aumentar a transpar\u00eancia<\/td><td>Fortalecer seguran\u00e7a nacional e sigilo p\u00f3s-11\/09<\/td><td>Restaurar equil\u00edbrio entre transpar\u00eancia e seguran\u00e7a<\/td><\/tr><tr><td><strong>Desclassifica\u00e7\u00e3o autom\u00e1tica<\/strong><\/td><td>Sim, em 25 anos (com exce\u00e7\u00f5es)<\/td><td><strong>Enfraquecida<\/strong>, permite manter documentos secretos por tempo indefinido<\/td><td><strong>Refor\u00e7ada<\/strong> e centralizada no National Declassification Center<\/td><\/tr><tr><td><strong>Autoridade de classifica\u00e7\u00e3o<\/strong><\/td><td>Restringida a poucas autoridades<\/td><td><strong>Expandida<\/strong>, inclui o vice-presidente e mais cargos<\/td><td>Mantida com revis\u00e3o e exig\u00eancia de treinamento<\/td><\/tr><tr><td><strong>Defini\u00e7\u00e3o de seguran\u00e7a nacional<\/strong><\/td><td>Mais limitada (foco em defesa e rela\u00e7\u00f5es exteriores)<\/td><td><strong>Ampliada<\/strong>, inclui amea\u00e7as de terrorismo e infraestrutura cr\u00edtica<\/td><td>Mantida com crit\u00e9rios mais objetivos<\/td><\/tr><tr><td><strong>FOIA (acesso p\u00fablico)<\/strong><\/td><td>Incentivado, com justificativas para sigilo<\/td><td><strong>Restrito<\/strong>, reduz exig\u00eancia de justificativas<\/td><td>Refor\u00e7ado, com dever de balancear com o interesse p\u00fablico<\/td><\/tr><tr><td><strong>Classifica\u00e7\u00e3o de agrega\u00e7\u00f5es (mosaic theory)<\/strong><\/td><td>Pouco enfatizada<\/td><td><strong>Adicionada<\/strong>, permite classificar informa\u00e7\u00f5es pela combina\u00e7\u00e3o de dados<\/td><td>Mantida, mas com diretrizes mais claras<\/td><\/tr><tr><td><strong>Presun\u00e7\u00e3o de classifica\u00e7\u00e3o<\/strong><\/td><td>Evitada, exige justificativa clara<\/td><td><strong>Facilitada<\/strong>, admite classifica\u00e7\u00e3o preventiva<\/td><td>Evitada, retorno \u00e0 exig\u00eancia de fundamenta\u00e7\u00e3o concreta<\/td><\/tr><tr><td><strong>Institui\u00e7\u00f5es novas<\/strong><\/td><td>Nenhuma criada<\/td><td>Nenhuma criada<\/td><td><strong>Cria\u00e7\u00e3o do National Declassification Center<\/strong><\/td><\/tr><tr><td><strong>Tend\u00eancia geral<\/strong><\/td><td>\ud83d\udd13 Mais <strong>transparente<\/strong><\/td><td>\ud83d\udd10 Mais <strong>restritiva e sigilosa<\/strong><\/td><td>\u2696\ufe0f Busca de <strong>equil\u00edbrio<\/strong> e efici\u00eancia<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>Aplicabilidade <\/strong><strong>da FIPS 199<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li> Toda informa\u00e7\u00e3o do governo federal americano, exceto a descrita na Executive Order 12958, na Executive Order 13292 e no Atomic Energy Act de 1954.<\/li>\n\n\n\n<li>Promove a categoriza\u00e7\u00e3o da informa\u00e7\u00e3o.<\/li>\n<\/ul>\n\n\n\n<p><strong>Objetivos de seguran\u00e7a<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Confidencialidade<\/li>\n\n\n\n<li>Integridade<\/li>\n\n\n\n<li>Disponibilidade<\/li>\n<\/ul>\n\n\n\n<p><strong>Impactos potenciais (nas pessoas e nas organiza\u00e7\u00f5es)<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Baixo\n<ul class=\"wp-block-list\">\n<li>Efeitos adversos moderados<\/li>\n\n\n\n<li>\u00c9 poss\u00edvel realizar atividades mas com redu\u00e7\u00e3o percept\u00edvel de performance<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Moderado\n<ul class=\"wp-block-list\">\n<li>Efeitos s\u00e9rios<\/li>\n\n\n\n<li>A efetividade \u00e9 prejudicada<\/li>\n\n\n\n<li>Dano aos ativos (assets)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Alto\n<ul class=\"wp-block-list\">\n<li>Severo ou catastr\u00f3fico<\/li>\n\n\n\n<li>Perda de efetividade na miss\u00e3o<\/li>\n\n\n\n<li>Danos aos ativos<\/li>\n\n\n\n<li>Danos Financeiros<\/li>\n\n\n\n<li>Perda de vidas ou ocorr\u00eancia de ferimentos<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>Modelo<\/strong><\/p>\n\n\n\n<p>SC information type = {<\/p>\n\n\n\n<p><a><\/a> (confidentiality, impact),<\/p>\n\n\n\n<p>(integrity, impact),<\/p>\n\n\n\n<p>(availability, impact)<\/p>\n\n\n\n<p>}<\/p>\n\n\n\n<p>Exemplo<\/p>\n\n\n\n<p>SC sensordata = {<\/p>\n\n\n\n<p>(confidentiality, NA),<\/p>\n\n\n\n<p>(integrity, high),<\/p>\n\n\n\n<p>(availability, high)<\/p>\n\n\n\n<p>}<\/p>\n\n\n\n<p><strong>Tabela da FIPS 199 (escala linear)<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Confidencialidade<\/strong><\/td><td>1<\/td><td>2<\/td><td>3<\/td><\/tr><tr><td><strong>Integridade<\/strong><\/td><td>1<\/td><td>2<\/td><td>3<\/td><\/tr><tr><td><strong>Disponibilidade<\/strong><\/td><td>1<\/td><td>2<\/td><td>3<\/td><\/tr><tr><td><br><\/td><td><strong>Low<\/strong><\/td><td><strong>Moderate<\/strong><\/td><td><strong>High<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Nossa sugest\u00e3o de tabela (escala logar\u00edtmica)<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Confidencialidade<\/strong><\/td><td>1<\/td><td>10<\/td><td>100<\/td><\/tr><tr><td><strong>Integridade<\/strong><\/td><td>1<\/td><td>10<\/td><td>100<\/td><\/tr><tr><td><strong>Disponibilidade<\/strong><\/td><td>1<\/td><td>10<\/td><td>100<\/td><\/tr><tr><td><br><\/td><td><strong>Low<\/strong><\/td><td><strong>Moderate<\/strong><\/td><td><strong>High<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>[1] Pesquisa realizada no texto original da FIPS PUB 199 e no <a href=\"https:\/\/chatgpt.com\/share\/684b4e39-f2b4-800c-b31c-44c5810c3939\" target=\"_blank\" rel=\"noreferrer noopener\">ChatGPT4<\/a>.<\/p>\n\n\n\n<p>[2] FIPS &#8211; Federal Information Processing Standards.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>O objetivo do FIPS2 PUB 199 \u00e9 desenvolver standards para a categoriza\u00e7\u00e3o da informa\u00e7\u00e3o e de sistemas de informa\u00e7\u00e3o. Dizem que o FIPS PUB 199 foi inspirado pelos eventos do&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/treinamentolivre.com\/si\/cyber\/?p=498\">Continuar a ler&#8230;<span class=\"screen-reader-text\">An\u00e1lise do FIPS PUB 199<\/span><\/a><\/div>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,31,5,4],"tags":[],"class_list":["post-498","post","type-post","status-publish","format-standard","hentry","category-administracao","category-dados","category-informacao","category-seguranca","excerpt"],"_links":{"self":[{"href":"https:\/\/treinamentolivre.com\/si\/cyber\/index.php?rest_route=\/wp\/v2\/posts\/498","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/treinamentolivre.com\/si\/cyber\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/treinamentolivre.com\/si\/cyber\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/treinamentolivre.com\/si\/cyber\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/treinamentolivre.com\/si\/cyber\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=498"}],"version-history":[{"count":14,"href":"https:\/\/treinamentolivre.com\/si\/cyber\/index.php?rest_route=\/wp\/v2\/posts\/498\/revisions"}],"predecessor-version":[{"id":520,"href":"https:\/\/treinamentolivre.com\/si\/cyber\/index.php?rest_route=\/wp\/v2\/posts\/498\/revisions\/520"}],"wp:attachment":[{"href":"https:\/\/treinamentolivre.com\/si\/cyber\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=498"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/treinamentolivre.com\/si\/cyber\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=498"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/treinamentolivre.com\/si\/cyber\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}