Which publication defines standards for security categorization of federal information systems, requiring assessment in the CIA categories (Confidentiality, Integrity, and Availability)?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Get ready for the CompTIA SecurityX exam! Study with multiple choice questions, each crafted to enhance understanding and confidence for your certification journey. Successfully navigate every section to achieve your goal!

Multiple Choice

Which publication defines standards for security categorization of federal information systems, requiring assessment in the CIA categories (Confidentiality, Integrity, and Availability)?

Explanation:
The concept being tested is how federal information systems are categorized based on the impact to confidentiality, integrity, and availability. This standard is defined in FIPS 199, which requires evaluating each CIA dimension and assigning an impact level—low, moderate, or high—for each one. The resulting security category determines which security controls are appropriate and helps drive risk management decisions in the Federal RMF process. Understanding this helps you see why FIPS 199 is the right choice: it explicitly defines the CIA-based impact levels and how they translate into a system’s overall security category. In contrast, NIST SP 800-53 is a catalog of controls (not the categorization method), ISO/IEC 27001 is a general international ISMS standard, and CIS Controls are a practical set of security actions rather than a formal federal categorization framework.

The concept being tested is how federal information systems are categorized based on the impact to confidentiality, integrity, and availability. This standard is defined in FIPS 199, which requires evaluating each CIA dimension and assigning an impact level—low, moderate, or high—for each one. The resulting security category determines which security controls are appropriate and helps drive risk management decisions in the Federal RMF process.

Understanding this helps you see why FIPS 199 is the right choice: it explicitly defines the CIA-based impact levels and how they translate into a system’s overall security category. In contrast, NIST SP 800-53 is a catalog of controls (not the categorization method), ISO/IEC 27001 is a general international ISMS standard, and CIS Controls are a practical set of security actions rather than a formal federal categorization framework.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy