CAP · Question #140
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete soluti
The correct answer is A. Medium B. High C. Low. FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems), published by NIST in 2004, defines three levels of potential impact for security breaches: Low, Moderate (sometimes informally referred to as 'Medium' in exam contexts), and High. The
Question
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete solution. Choose all that apply.
Options
- AMedium
- BHigh
- CLow
- DModerate
How the community answered
(30 responses)- A93% (28)
- D7% (2)
Explanation
FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems), published by NIST in 2004, defines three levels of potential impact for security breaches: Low, Moderate (sometimes informally referred to as 'Medium' in exam contexts), and High. These levels help federal agencies categorize their information systems based on the worst-case potential impact to confidentiality, integrity, and availability. Option D ('Moderate') is effectively the same concept as 'Medium' (Option A) - the exam treats them as distinct choices, with the answer key indicating A, B, C (Low, Medium/Moderate, High) as the recognized trio, and D as a distractor duplicate. Note: The official FIPS 199 terminology is 'Low, Moderate, and High.'
Topics
Community Discussion
No community discussion yet for this question.