nerdexam
ExamsCGRCQuestions#532
(ISC)2(ISC)2

CGRC · Question #532

CGRC Question #532: Real Exam Question with Answer & Explanation

The correct answer is B: High. FIPS 199, developed by NIST, defines a three-tiered system for categorizing information and information systems based on the potential impact of a security breach. These impact levels are Low, Moderate, and High.

Scope of the System

Question

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete solution. Choose all that apply. Response:

Options

  • AMedium
  • BHigh
  • CLow
  • DModerate

Explanation

FIPS 199, developed by NIST, defines a three-tiered system for categorizing information and information systems based on the potential impact of a security breach. These impact levels are Low, Moderate, and High.

Common mistakes.

  • A. FIPS 199 does not use "Medium" as a defined impact level; instead, it uses "Moderate."

Concept tested. FIPS 199 security impact levels

Reference. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf

Topics

#NIST FIPS 199#Impact Levels#Information System Categorization#Risk Management

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CGRC PracticeBrowse All CGRC Questions