FIPS 199 defines security categories for federal information and systems at what levels?

FIPS 199 defines three security categories for federal information and systems: Low, Moderate, and High. These levels reflect the potential impact on an organization if there is a breach of confidentiality, integrity, or availability. A Low category means limited adverse effects, Moderate means serious adverse effects, and High means severe or catastrophic effects. This categorization guides how stringent the protective controls should be, aligning with risk management practices like selecting appropriate safeguards in NIST guidelines. The other options don’t fit because Very Low isn’t a defined category in FIPS 199, Critical is not used in this framework (High is the correct top level), and Confidential, Secret, Top Secret are traditional information classification levels, not the security categorization scheme FIPS 199 uses.