In the RMF, which step involves categorizing the information system?

Enhance your preparation for the Federal IT Security Professional Test. Use quizzes, flashcards, and detailed explanations to ensure success. Stay ahead in the field of IT Security!

Multiple Choice

In the RMF, which step involves categorizing the information system?

Explanation:
Categorizing the information system is the step that determines how much protection the system needs by evaluating the potential impact to confidentiality, integrity, and availability if there were a breach or failure. Guided by standards like FIPS 199 and NIST SP 800-60, you assign a security category (low, moderate, or high) to the system and its data. That categorization sets the baseline controls you will select and informs the entire risk management process, because the level of controls chosen later depends on how the system is categorized. Once the system is categorized, you move on to selecting the appropriate controls, implementing them, and then assessing their effectiveness. Mis-categorizing can lead to under- or over-protection, causing gaps or wasted resources.

Categorizing the information system is the step that determines how much protection the system needs by evaluating the potential impact to confidentiality, integrity, and availability if there were a breach or failure. Guided by standards like FIPS 199 and NIST SP 800-60, you assign a security category (low, moderate, or high) to the system and its data. That categorization sets the baseline controls you will select and informs the entire risk management process, because the level of controls chosen later depends on how the system is categorized. Once the system is categorized, you move on to selecting the appropriate controls, implementing them, and then assessing their effectiveness. Mis-categorizing can lead to under- or over-protection, causing gaps or wasted resources.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy