What does FIPS 199 specify?

Enhance your preparation for the Federal IT Security Professional Test. Use quizzes, flashcards, and detailed explanations to ensure success. Stay ahead in the field of IT Security!

Multiple Choice

What does FIPS 199 specify?

Explanation:
FIPS 199 defines how to categorize federal information and information systems by the potential impact if there were a loss of confidentiality, integrity, or availability. It establishes three impact levels—low, moderate, and high—for each of those security objectives. This categorization guides what controls are appropriate and sets the stage for selecting security requirements in later steps (in particular, it pairs with FIPS 200, which specifies the minimum security requirements). It does not specify identity verification programs (that’s FIPS 201) or cryptographic algorithms like HMAC. So, the standard focused on naming and applying impact-based security categories is FIPS 199.

FIPS 199 defines how to categorize federal information and information systems by the potential impact if there were a loss of confidentiality, integrity, or availability. It establishes three impact levels—low, moderate, and high—for each of those security objectives. This categorization guides what controls are appropriate and sets the stage for selecting security requirements in later steps (in particular, it pairs with FIPS 200, which specifies the minimum security requirements). It does not specify identity verification programs (that’s FIPS 201) or cryptographic algorithms like HMAC. So, the standard focused on naming and applying impact-based security categories is FIPS 199.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy