Promote the development of standards and guidelines to support the Federal Information Security Management Act including---

• Security categorization of information and information systems;
   
• Selection of appropriate security controls for information systems;
   
• Verification of security control effectiveness and determination of information system vulnerabilities; and
   
• Operational authorization for processing (security accreditation) of information systems.

Leading to---

• More consistent, comparable, and repeatable evaluations of security controls applied to information systems;
   
• A better understanding of enterprise-wide mission risks resulting from the operation of information systems;
   
• More complete, reliable, and trustworthy information for authorizing officials---facilitating more informed security accreditation decisions; and
   
• More secure information systems within the Federal government including the critical infrastructure of the United States.