nerdexam
(ISC)2

CAP · Question #140

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete soluti

The correct answer is A. Medium B. High C. Low. FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems), published by NIST in 2004, defines three levels of potential impact for security breaches: Low, Moderate (sometimes informally referred to as 'Medium' in exam contexts), and High. The

Scope of the System

Question

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AMedium
  • BHigh
  • CLow
  • DModerate

How the community answered

(30 responses)
  • A
    93% (28)
  • D
    7% (2)

Explanation

FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems), published by NIST in 2004, defines three levels of potential impact for security breaches: Low, Moderate (sometimes informally referred to as 'Medium' in exam contexts), and High. These levels help federal agencies categorize their information systems based on the worst-case potential impact to confidentiality, integrity, and availability. Option D ('Moderate') is effectively the same concept as 'Medium' (Option A) - the exam treats them as distinct choices, with the answer key indicating A, B, C (Low, Medium/Moderate, High) as the recognized trio, and D as a distractor duplicate. Note: The official FIPS 199 terminology is 'Low, Moderate, and High.'

Topics

#NIST FIPS 199#Impact Levels#Security Categorization#Risk Management Framework

Community Discussion

No community discussion yet for this question.

Full CAP Practice