CGRC · Question #681
CGRC Question #681: Real Exam Question with Answer & Explanation
The correct answer is D: Level 4. In the Federal Information Technology Security Assessment Framework (FITSAF), Level 4 signifies that security procedures and controls have been formally tested and reviewed for effectiveness, ensuring they operate as intended. This level validates the operational readiness of con
Question
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed? Response:
Options
- ALevel 1
- BLevel 2
- CLevel 3
- DLevel 4
- ELevel 5
Explanation
In the Federal Information Technology Security Assessment Framework (FITSAF), Level 4 signifies that security procedures and controls have been formally tested and reviewed for effectiveness, ensuring they operate as intended. This level validates the operational readiness of controls.
Common mistakes.
- A. Level 1 (Initial) denotes an ad-hoc or informal approach to security, with little to no documentation or consistent procedures.
- B. Level 2 (Documented) indicates that security procedures are written down but not necessarily consistently implemented or verified through testing.
- C. Level 3 (Implemented) means that security procedures are in place and generally followed, but formal testing and review to confirm effectiveness might still be lacking.
- E. Level 5 (Optimized) represents a state of continuous improvement and adaptation based on performance metrics and feedback, which goes beyond merely testing and reviewing controls.
Concept tested. Federal Information Technology Security Assessment Framework (FITSAF) levels
Topics
Community Discussion
No community discussion yet for this question.