312-50V10 · Question #81
Which regulation defines security and privacy controls for Federal information systems and organizations?
The correct answer is D. NIST-800-53. NIST Special Publication 800-53 is the authoritative catalog of security and privacy controls for U.S. federal information systems.
Question
Which regulation defines security and privacy controls for Federal information systems and organizations?
Options
- AHIPAA
- BEU Safe Harbor
- CPCI-DSS
- DNIST-800-53
How the community answered
(37 responses)- A5% (2)
- B3% (1)
- C3% (1)
- D89% (33)
Why each option
NIST Special Publication 800-53 is the authoritative catalog of security and privacy controls for U.S. federal information systems.
HIPAA (Health Insurance Portability and Accountability Act) governs the privacy and security of protected health information in the healthcare sector, not federal information systems broadly.
EU Safe Harbor was a framework governing personal data transfers between the European Union and the United States for commercial entities, and has since been invalidated and replaced.
PCI-DSS (Payment Card Industry Data Security Standard) is an industry-specific standard for organizations that handle payment card data, not a federal government security control framework.
NIST SP 800-53 was developed by the National Institute of Standards and Technology specifically to provide a comprehensive catalog of security and privacy controls for federal agencies and information systems, as mandated by FISMA. It defines control families covering areas such as access control, incident response, and risk assessment, and applies directly to federal organizations and their contractors.
Concept tested: NIST 800-53 federal security control framework
Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Topics
Community Discussion
No community discussion yet for this question.