Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed?

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a
methodology for assessing the security of information systems. Which of the following FITSAF
levels shows that the procedures and controls are tested and reviewed?

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a
methodology for assessing the security of information systems. Which of the following FITSAF
levels shows that the procedures and controls are tested and reviewed?

A.
Level 4

B.
Level 5

C.
Level 2

D.
Level 3

E.
Level 1

Explanation:
The following are the five levels of FITSAF based on SEI’s Capability Maturity Model
(CMM): Level 1: The first level reflects that an asset has documented a security policy. Level 2:
The second level shows that the asset has documented procedures and controls to implement the
policy. Level 3: The third level indicates that these procedures and controls have been
implemented. Level 4: The fourth level shows that the procedures and controls are tested and
reviewed. Level 5: The fifth level is the final level and shows that the asset has procedures and
controls fully integrated into a comprehensive program.



Leave a Reply 0

Your email address will not be published. Required fields are marked *