Which standard addresses the specification of minimum security requirements for federal information systems?

FIPS 200, or Federal Information Processing Standards Publication 200, specifically outlines minimum security requirements for federal information systems. This standard is essential because it establishes the security requirements necessary to effectively protect federal information and information systems from various threats and vulnerabilities.

By focusing on minimum security requirements, FIPS 200 ensures a uniform level of protection across federal systems, promoting a baseline standard that agencies must adhere to in order to safeguard sensitive information. This is especially important for creating a national security framework that is consistent and effective, thereby enabling better risk management practices among federal entities.

The other standards mentioned serve different purposes. For instance, NIST 800-30 primarily focuses on risk assessment processes rather than specifying security requirements. FIPS 199 addresses the categorization of federal information and information systems based on their impact levels, while CNSS Instruction 1253 provides guidance on the protection of national security systems, which may not be exclusively tied to federal information systems. Thus, FIPS 200 is the correct choice as it directly relates to establishing the minimum security requirements necessary for federal information systems.