What standard defines how information systems are categorized and the impact levels (Low, Moderate, High)?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $25.99Unlock all

Study for the RMF Steps, Tasks, and Outcomes Test. Get ready for your exam with flashcards, multiple choice questions, and in-depth explanations. Master each step and outcome with ease!

Multiple Choice

What standard defines how information systems are categorized and the impact levels (Low, Moderate, High)?

Defining how information systems are categorized by impact level is the role of FIPS 199. It sets the security categorization framework using three impact levels—Low, Moderate, and High—for each information type, evaluated against potential damage to confidentiality, integrity, or availability. This categorization then guides the selection of appropriate security controls and informs the risk-management process (RMF) that follows, often aligning with control baselines in NIST SP 800-53. Other standards play different roles: NIST SP 800-53 lists the controls themselves, NIST SP 800-37 outlines the RMF steps, and ISO/IEC 27001 focuses on an information security management system. So, the standard that defines how systems are categorized by impact levels is FIPS 199.

What standard defines how information systems are categorized and the impact levels (Low, Moderate, High)?

Study for the RMF Steps, Tasks, and Outcomes Test. Get ready for your exam with flashcards, multiple choice questions, and in-depth explanations. Master each step and outcome with ease!

What standard defines how information systems are categorized and the impact levels (Low, Moderate, High)?

Get the latest from Passetra