nerdexam
(ISC)2

CISSP-ISSEP · Question #179

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that t

The correct answer is A. Level 4. FITSAF Level 4 is the correct answer because it specifically represents the stage where documented and implemented procedures and controls are tested and reviewed - meaning the organization not only has controls in place but has actively verified they work as intended. The distra

Governance and Training

Question

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed?

Options

  • ALevel 4
  • BLevel 5
  • CLevel 1
  • DLevel 2
  • ELevel 3

How the community answered

(43 responses)
  • A
    91% (39)
  • B
    2% (1)
  • D
    5% (2)
  • E
    2% (1)

Explanation

FITSAF Level 4 is the correct answer because it specifically represents the stage where documented and implemented procedures and controls are tested and reviewed - meaning the organization not only has controls in place but has actively verified they work as intended.

The distractors are wrong because each represents a different maturity stage: Level 1 indicates only a documented policy exists; Level 2 means procedures are documented but not yet implemented; Level 3 means procedures and controls are implemented but not yet tested; and Level 5 is the highest level, representing fully integrated security into the organization's culture and operations with continuous improvement.

Memory tip: Think of FITSAF as a staircase - 1=Policy, 2=Procedures, 3=Implemented, 4=Tested, 5=Integrated. The word "Tested" pairs with 4 because "T" is the 4th letter in "FITS."

Topics

#FITSAF#Security Assessment Frameworks#Security Controls Testing#Maturity Models

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice