nerdexam
(ISC)2

CAP · Question #82

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that t

The correct answer is B. Level 3. FITSAF defines five maturity levels for IT security: Level 1 - Documented policy exists; Level 2 - Documented procedures exist; Level 3 - Procedures and controls have been implemented; Level 4 - Procedures and controls are tested and reviewed; Level 5 - Procedures and controls ar

Implementation of Security and Privacy Controls

Question

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

Options

  • ALevel 2
  • BLevel 3
  • CLevel 5
  • DLevel 4
  • ELevel 1

How the community answered

(48 responses)
  • A
    4% (2)
  • B
    94% (45)
  • D
    2% (1)

Explanation

FITSAF defines five maturity levels for IT security: Level 1 - Documented policy exists; Level 2 - Documented procedures exist; Level 3 - Procedures and controls have been implemented; Level 4 - Procedures and controls are tested and reviewed; Level 5 - Procedures and controls are fully integrated into a comprehensive program. Therefore, Level 3 (Answer B) is the level that specifically indicates that security procedures and controls have moved beyond documentation and are actively implemented in the organization.

Topics

#FITSAF#Security Assessment Frameworks#Control Implementation#Maturity Models

Community Discussion

No community discussion yet for this question.

Full CAP Practice