ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During categorization of a new payroll system, the assessment identifies potential impacts of Moderate for confidentiality, High for integrity, and Low for availability. According to FIPS 199 guidance, what overall impact level must be recorded in the system's security categorization section of the SSP?
FIPS 199 requires that an information system's overall security category be expressed as the highest impact level assigned to any of the three security objectives: confidentiality, integrity, or availability. Because integrity is rated High in the assessment, the overall security category must also be High. Selecting Moderate or Low would understate risk, while a term such as "Average" is not defined in FIPS 199 categories.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is FIPS 199?
Open an interactive chat with Bash
Why does FIPS 199 require using the highest impact level?
Open an interactive chat with Bash
What is an SSP and what role does categorization play in it?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Selection and Approval of Framework, Security, and Privacy Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .