When you hear the words low, moderate, and high in terms of FedRamp, understand that these classifications are derived from the FIPS 199 Standards for Security Categorization of Federal Information and Information Systemsm, which was also created under the FISMA umbrella.