ISC2 Governance, Risk and Compliance (CGRC) Practice Question
While categorizing a new U.S. federal information system, the security team must reference the publication that formally defines low, moderate, and high potential impact levels for confidentiality, integrity, and availability. Which document should they consult first?
Federal Information Processing Standards (FIPS) Publication 199
Center for Internet Security (CIS) Critical Security Controls v8
ISO/IEC 27005, Information security risk management
NIST Special Publication 800-37, Risk Management Framework
FIPS Publication 199 is the mandatory federal standard for security categorization. It introduces the three potential impact levels-low, moderate, and high-for each security objective of confidentiality, integrity, and availability, and instructs agencies to assign the system's overall impact according to the highest rating among the three. NIST SP 800-37 describes the wider Risk Management Framework but defers to FIPS 199 for initial categorization. ISO/IEC 27005 is a voluntary international guideline for risk management, not a federal requirement, and the CIS Critical Security Controls provide best-practice safeguards but do not establish impact levels. Therefore, FIPS 199 is the correct and authoritative reference.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is FIPS Publication 199 considered mandatory for categorizing U.S. federal systems?
Open an interactive chat with Bash
What is the relationship between FIPS Publication 199 and NIST SP 800-37 in the Risk Management Framework?
Open an interactive chat with Bash
How do confidentiality, integrity, and availability impact levels differ in FIPS Publication 199?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Scope of the System
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .