CAP · Question #219
Which of the following formulas was developed by FIPS 199 for categorization of an information system?
The correct answer is C. SCinformation system = {(confidentiality, impact), (integrity, impact), (availability, impact)}. FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems) defines the security category (SC) formula as: SC = {(confidentiality, impact), (integrity, impact), (availability, impact)}. Each of the three security objectives - confidentiality, i
Question
Which of the following formulas was developed by FIPS 199 for categorization of an information system?
Options
- ASCinformation system = {(confidentiality, impact), (integrity, controls), (availability, risk)}
- BSCinformation system = {(confidentiality, risk), (integrity, impact), (availability, controls)}
- CSCinformation system = {(confidentiality, impact), (integrity, impact), (availability, impact)}
- DSCinformation system = {(confidentiality, controls), (integrity, controls), (availability, controls )}
How the community answered
(68 responses)- A1% (1)
- B1% (1)
- C93% (63)
- D4% (3)
Explanation
FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems) defines the security category (SC) formula as: SC = {(confidentiality, impact), (integrity, impact), (availability, impact)}. Each of the three security objectives - confidentiality, integrity, and availability (the CIA triad) - is paired with a potential impact value (Low, Moderate, or High). The other answer choices incorrectly substitute 'controls' or 'risk' in place of 'impact.'
Topics
Community Discussion
No community discussion yet for this question.