What does FIPS 199 establish?

Prepare for the FISMA Interview Test. Get familiar with key topics and enhance your knowledge with flashcards and multiple-choice questions. Study effectively and be ready for your exam!

Multiple Choice

What does FIPS 199 establish?

Explanation:
FIPS 199 is about classifying information and information systems by the potential impact if a breach occurs. It defines three impact levels—low, moderate, and high—for the security objectives of confidentiality, integrity, and availability and uses those to determine a security category for each information type and system. That category then guides the selection of appropriate controls. This is why the correct choice states that FIPS 199 establishes security categorizations for information types and information systems. It does not specify encryption algorithms, incident response planning, or how to develop an access control policy, as those topics are covered by other standards and guidance.

FIPS 199 is about classifying information and information systems by the potential impact if a breach occurs. It defines three impact levels—low, moderate, and high—for the security objectives of confidentiality, integrity, and availability and uses those to determine a security category for each information type and system. That category then guides the selection of appropriate controls. This is why the correct choice states that FIPS 199 establishes security categorizations for information types and information systems. It does not specify encryption algorithms, incident response planning, or how to develop an access control policy, as those topics are covered by other standards and guidance.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy