ISC2 Governance, Risk and Compliance (CGRC) Practice Question
While completing the FIPS 199 security categorization for a U.S. federal grant-management system, analysts assign impact values of Moderate for confidentiality, High for integrity, and Low for availability. Using the high-water-mark principle, what overall impact level should they record for the system?
FIPS Publication 199 requires that each security objective-confidentiality, integrity, and availability-be evaluated separately and assigned a potential impact value of Low, Moderate, or High. The publication further states that the system's overall security category is determined by the highest impact value assigned to any one of the three objectives, a method commonly called the high-water-mark principle. Because integrity is rated High in this scenario, the system's overall impact level must also be High, even though the other two objectives are Moderate and Low. Selecting Moderate, Low, or any combined value would disregard the mandated high-water-mark rule and underestimate the system's required protection level.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is FIPS 199 and why is it important?
Open an interactive chat with Bash
What does the high-water-mark principle mean in security categorization?
Open an interactive chat with Bash
Why are confidentiality, integrity, and availability important in risk classification?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Scope of the System
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .