Categorization Formulas Developed by FIPS 199

B.

The formula for categorizing an information system was developed by FIPS 199 (Federal Information Processing Standards Publication 199) and is commonly referred to as the FIPS 199 categorization formula. The formula helps organizations determine the level of impact on the confidentiality, integrity, and availability (CIA) of their information system and the associated data.

The correct answer to the question is option B: SC information system = {(confidentiality, impact), (integrity, impact), (availability, impact)}.

Explanation of the formula:

SC information system = {(confidentiality, impact), (integrity, impact), (availability, impact)}

• SC stands for security categorization.
• The information system is categorized based on the impact level of the three CIA components: confidentiality, integrity, and availability.
• The impact level is measured using a scale of low, moderate, or high.
• The formula indicates that each component of CIA must be evaluated based on the impact level of the system if compromised, leading to a potential loss of confidentiality, integrity, or availability of the information.
• The resulting security categorization for the system will be based on the highest impact level among the three CIA components.

Therefore, the correct answer to the question is option B: SC information system = {(confidentiality, impact), (integrity, impact), (availability, impact)}.