CAP · Question #228
Which of the following guidance documents is useful in determining the impact level of a particular threat on agency systems?
The correct answer is C. FIPS 199. FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems) is the authoritative guidance for determining the impact level - Low, Moderate, or High - of potential threats on federal agency systems. It evaluates impact across three security obje
Question
Which of the following guidance documents is useful in determining the impact level of a particular threat on agency systems?
Options
- ANIST SP 800-41
- BNIST SP 800-37
- CFIPS 199
- DNIST SP 800-14
How the community answered
(42 responses)- A2% (1)
- B2% (1)
- C88% (37)
- D7% (3)
Explanation
FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems) is the authoritative guidance for determining the impact level - Low, Moderate, or High - of potential threats on federal agency systems. It evaluates impact across three security objectives: confidentiality, integrity, and availability. NIST SP 800-41 addresses firewall policy, SP 800-37 covers the RMF authorization process, and SP 800-14 provides general security principles - none of these directly define the impact categorization methodology that FIPS 199 establishes.
Topics
Community Discussion
No community discussion yet for this question.