Which task handles Security Categorization?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the RMF Steps, Tasks, and Outcomes Test. Get ready for your exam with flashcards, multiple choice questions, and in-depth explanations. Master each step and outcome with ease!

Multiple Choice

Which task handles Security Categorization?

Explanation:
In RMF practice, the action of determining how sensitive the system and its information are starts with assigning impact levels for confidentiality, integrity, and availability. This labeling is exactly what Security Categorization does. It’s the task that handles the categorization because its purpose is to perform the categorization itself—establishing the security category that will drive which controls are needed. This step usually occurs at the beginning of the RMF process in the categorization phase, drawing on criteria like FIPS 199 to set whether each impact level is low, moderate, or high. The result then guides which controls to select and implement. Other tasks serve different roles: describing the system’s characteristics and boundaries, determining where and how controls are applied (control allocation), or reviewing and approving the categorization after it’s done.

In RMF practice, the action of determining how sensitive the system and its information are starts with assigning impact levels for confidentiality, integrity, and availability. This labeling is exactly what Security Categorization does. It’s the task that handles the categorization because its purpose is to perform the categorization itself—establishing the security category that will drive which controls are needed.

This step usually occurs at the beginning of the RMF process in the categorization phase, drawing on criteria like FIPS 199 to set whether each impact level is low, moderate, or high. The result then guides which controls to select and implement.

Other tasks serve different roles: describing the system’s characteristics and boundaries, determining where and how controls are applied (control allocation), or reviewing and approving the categorization after it’s done.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy