nerdexam
(ISC)2

CAP · Question #228

Which of the following guidance documents is useful in determining the impact level of a particular threat on agency systems?

The correct answer is C. FIPS 199. FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems) is the authoritative guidance for determining the impact level - Low, Moderate, or High - of potential threats on federal agency systems. It evaluates impact across three security obje

Scope of the System

Question

Which of the following guidance documents is useful in determining the impact level of a particular threat on agency systems?

Options

  • ANIST SP 800-41
  • BNIST SP 800-37
  • CFIPS 199
  • DNIST SP 800-14

How the community answered

(42 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    88% (37)
  • D
    7% (3)

Explanation

FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems) is the authoritative guidance for determining the impact level - Low, Moderate, or High - of potential threats on federal agency systems. It evaluates impact across three security objectives: confidentiality, integrity, and availability. NIST SP 800-41 addresses firewall policy, SP 800-37 covers the RMF authorization process, and SP 800-14 provides general security principles - none of these directly define the impact categorization methodology that FIPS 199 establishes.

Topics

#FIPS 199#Impact Level#Security Categorization#NIST

Community Discussion

No community discussion yet for this question.

Full CAP Practice