nerdexam
(ISC)2

CAP · Question #219

Which of the following formulas was developed by FIPS 199 for categorization of an information system?

The correct answer is C. SCinformation system = {(confidentiality, impact), (integrity, impact), (availability, impact)}. FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems) defines the security category (SC) formula as: SC = {(confidentiality, impact), (integrity, impact), (availability, impact)}. Each of the three security objectives - confidentiality, i

Scope of the System

Question

Which of the following formulas was developed by FIPS 199 for categorization of an information system?

Options

  • ASCinformation system = {(confidentiality, impact), (integrity, controls), (availability, risk)}
  • BSCinformation system = {(confidentiality, risk), (integrity, impact), (availability, controls)}
  • CSCinformation system = {(confidentiality, impact), (integrity, impact), (availability, impact)}
  • DSCinformation system = {(confidentiality, controls), (integrity, controls), (availability, controls )}

How the community answered

(68 responses)
  • A
    1% (1)
  • B
    1% (1)
  • C
    93% (63)
  • D
    4% (3)

Explanation

FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems) defines the security category (SC) formula as: SC = {(confidentiality, impact), (integrity, impact), (availability, impact)}. Each of the three security objectives - confidentiality, integrity, and availability (the CIA triad) - is paired with a potential impact value (Low, Moderate, or High). The other answer choices incorrectly substitute 'controls' or 'risk' in place of 'impact.'

Topics

#FIPS 199#System Categorization#Impact Assessment#CIA Triad

Community Discussion

No community discussion yet for this question.

Full CAP Practice