CISSP-ISSEP · Question #179
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that t
The correct answer is A. Level 4. FITSAF Level 4 is the correct answer because it specifically represents the stage where documented and implemented procedures and controls are tested and reviewed - meaning the organization not only has controls in place but has actively verified they work as intended. The distra
Question
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed?
Options
- ALevel 4
- BLevel 5
- CLevel 1
- DLevel 2
- ELevel 3
How the community answered
(43 responses)- A91% (39)
- B2% (1)
- D5% (2)
- E2% (1)
Explanation
FITSAF Level 4 is the correct answer because it specifically represents the stage where documented and implemented procedures and controls are tested and reviewed - meaning the organization not only has controls in place but has actively verified they work as intended.
The distractors are wrong because each represents a different maturity stage: Level 1 indicates only a documented policy exists; Level 2 means procedures are documented but not yet implemented; Level 3 means procedures and controls are implemented but not yet tested; and Level 5 is the highest level, representing fully integrated security into the organization's culture and operations with continuous improvement.
Memory tip: Think of FITSAF as a staircase - 1=Policy, 2=Procedures, 3=Implemented, 4=Tested, 5=Integrated. The word "Tested" pairs with 4 because "T" is the 4th letter in "FITS."
Topics
Community Discussion
No community discussion yet for this question.