Question

The FIPS 199 requirement to secure an information system to the ________________________ or highest impact level must be applied when grouping minor applications/subsystems with varying FIPS 199 impact levels into a single general support system or major application unless there is adequate boundary protection.

A) Medium impact level
B) Low impact level
C) Moderate impact level
D) High impact level

Answer 1

The FIPS 199 requirement applies the highest impact level when grouping minor applications into a larger system, unless there is adequate boundary protection.

Step-by-step explanation:

The FIPS 199 requirement to secure an information system to the highest impact level must be applied when grouping minor applications/subsystems with varying FIPS 199 impact levels into a single general support system or major application unless there is adequate boundary protection.

This means that when combining minor applications or subsystems into a larger system, the security requirements of the highest impact level need to be implemented, unless there are sufficient measures in place to protect the boundaries of the system.

For example, if there are multiple applications with different impact levels, and they are being grouped into a single major application, the security measures should meet the requirements of the highest impact level.