ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During the categorization of a new grants-management application, the risk assessment identifies potential impact levels of Confidentiality = High, Integrity = Moderate, and Availability = Low. According to FIPS 199 guidance, which single impact level must be recorded as the system's overall security categorization for use in selecting an initial control baseline?
Keep the three impact values separate and avoid assigning a single overall level
FIPS 199 applies the "high-water mark" principle: the overall security categorization of an information system is set to the highest potential impact assigned to any of the three security objectives (confidentiality, integrity, availability). Because confidentiality is rated High, the entire system is categorized as High. This high-water mark drives selection of the High baseline in NIST SP 800-53 unless tailoring or overlays justify otherwise. Choosing Moderate or Low would ignore the highest impact rating, and documenting the objectives separately without an overall value would not meet FIPS 199 requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the 'high-water mark' principle in FIPS 199?
Open an interactive chat with Bash
Why is the overall security categorization necessary for selecting a control baseline?
Open an interactive chat with Bash
What is the role of FIPS 199 in risk management frameworks?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Selection and Approval of Framework, Security, and Privacy Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .