Security control baseline defines minimum standards for which information?

Prepare for the FISMA Interview Test. Get familiar with key topics and enhance your knowledge with flashcards and multiple-choice questions. Study effectively and be ready for your exam!

Multiple Choice

Security control baseline defines minimum standards for which information?

Explanation:
A security control baseline sets the minimum protections for information based on its potential impact on the organization if compromised. The standard approach is to categorize information systems by impact levels—low, moderate, or high—and apply a baseline of security controls appropriate to that level. This ensures a consistent, risk-based floor for safeguards across systems handling information with similar sensitivity. It’s not about labeling data as public/internal/confidential, nor about specific data types (personal, financial, health), or about organizational usage levels (operational, tactical, strategic). The minimum standards correspond to the information’s impact level, making low, moderate, or high impact information the correct fit.

A security control baseline sets the minimum protections for information based on its potential impact on the organization if compromised. The standard approach is to categorize information systems by impact levels—low, moderate, or high—and apply a baseline of security controls appropriate to that level. This ensures a consistent, risk-based floor for safeguards across systems handling information with similar sensitivity. It’s not about labeling data as public/internal/confidential, nor about specific data types (personal, financial, health), or about organizational usage levels (operational, tactical, strategic). The minimum standards correspond to the information’s impact level, making low, moderate, or high impact information the correct fit.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy