CAP · Question #82
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that t
The correct answer is B. Level 3. FITSAF defines five maturity levels for IT security: Level 1 - Documented policy exists; Level 2 - Documented procedures exist; Level 3 - Procedures and controls have been implemented; Level 4 - Procedures and controls are tested and reviewed; Level 5 - Procedures and controls ar
Question
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
Options
- ALevel 2
- BLevel 3
- CLevel 5
- DLevel 4
- ELevel 1
How the community answered
(48 responses)- A4% (2)
- B94% (45)
- D2% (1)
Explanation
FITSAF defines five maturity levels for IT security: Level 1 - Documented policy exists; Level 2 - Documented procedures exist; Level 3 - Procedures and controls have been implemented; Level 4 - Procedures and controls are tested and reviewed; Level 5 - Procedures and controls are fully integrated into a comprehensive program. Therefore, Level 3 (Answer B) is the level that specifically indicates that security procedures and controls have moved beyond documentation and are actively implemented in the organization.
Topics
Community Discussion
No community discussion yet for this question.