FITSAF stands for Federal Information Technology Security Assessment Framework. It is a
methodology for assessing the security of information systems. Which of the following FITSAF
levels shows that the procedures and controls are tested and reviewed?
A.
Level 4
B.
Level 5
C.
Level 2
D.
Level 3
E.
Level 1
Explanation:
The following are the five levels of FITSAF based on SEI’s Capability Maturity Model
(CMM): Level 1: The first level reflects that an asset has documented a security policy. Level 2:
The second level shows that the asset has documented procedures and controls to implement the
policy. Level 3: The third level indicates that these procedures and controls have been
implemented. Level 4: The fourth level shows that the procedures and controls are tested and
reviewed. Level 5: The fifth level is the final level and shows that the asset has procedures and
controls fully integrated into a comprehensive program.