Certified Administrative Professional (CAP) Practice Exam

The minimum information security requirements for information and information systems are defined by FIPS 200, which is the Federal Information Processing Standards Publication. FIPS 200 outlines the minimum security requirements for federal information systems and is specifically associated with the risk management framework established by FISMA (Federal Information Security Management Act). It provides a foundation for ensuring adequate security controls are implemented based on the classification of information systems, effectively linking security requirements to the overall security program.

FIPS 200 outlines a set of security requirements that federal agencies must follow, which supports the overall objectives of protecting the confidentiality, integrity, and availability of federal information. By establishing minimum security standards, it ensures that government agencies can adequately protect against threats and vulnerabilities, creating a baseline framework for consistent security practices across federal information systems.

In contrast, options such as NIST SP 800-53 focus on specific security controls for implementing an information security program, while FIPS 199 categorizes the security impact of information and information systems but does not define the minimum requirements itself. ISO 27001 is a broader international standard for information security management systems, but it does not specify minimum federal requirements.