assessing the criticality of critical infrastructure is an important task in the complex of tasks for ensuring the protection of critical infrastructure of the state. It is important to understand the difference in methodological approaches to criticality and risk assessment. In the paper general characteristics of the approach to the classification of critical information infrastructure objects are given. Principals and assumptions are described. The identification and categorization procedure are presented.The paper also presents Cybersecurity Guidelines for Critical Information Infrastructure in Ukraine. The provisions of the Cybersecurity Guidelines for Critical Infrastructure Facilities of Ukraine are intended to implement cybersecurity activities aimed at managing cybersecurity risks of critical information infrastructure facilities. The guidance should be used to organize systematic, targeted cybersecurity risk management activities.