In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199?
Each correct answer represents a complete solution. Choose all that apply.
A.
Moderate
B.
High
C.
Low
D.
Medium
Explanation:
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. FIPS 199 is a standard for security categorization of Federal Information and Information Systems. It defines three levels of potential impact:
Low: It causes a limited adverse effect.
Medium: It causes a serious adverse effect.
High: It causes a severe adverse effect.
What is FIPS 200? Hide
The NIST Special Publication 800-53 (Security Controls for Federal Information Systems) is now known as FIPS 200. FIPS 200 is a standard for Minimum Security Controls for Federal Information Systems. The IT departments of all systems at civilian federal agencies must implement processes to secure all assets and services. They are also responsible for ensuring service levels, policy compliance, and appropriate risk management.
I just recently started working in Risk Management, and I have seen “Low” “Moderate” and “High”… not “Medium”. Is this answer correct?
0
0