312-50V13 · Question #60
312-50V13 Question #60: Real Exam Question with Answer & Explanation
The correct answer is D: NIST-800-53. NIST SP 800-53 is a publication by the National Institute of Standards and Technology that specifically establishes a comprehensive catalog of security and privacy controls for federal information systems and organizations, making it the standard framework used by U.S. government
Question
Which regulation defines security and privacy controls for Federal information systems and organizations?
Options
- AHIPAA
- BEU Safe Harbor
- CPCI-DSS
- DNIST-800-53
Explanation
NIST SP 800-53 is a publication by the National Institute of Standards and Technology that specifically establishes a comprehensive catalog of security and privacy controls for federal information systems and organizations, making it the standard framework used by U.S. government agencies to comply with FISMA (Federal Information Security Management Act).
The distractors are incorrect because HIPAA governs the protection of health information in the healthcare industry (not federal systems broadly), EU Safe Harbor (now replaced by Privacy Shield/Data Privacy Framework) was a framework governing data transfers between the EU and U.S. companies, and PCI-DSS is a private-sector standard focused on protecting payment card data - none of these are specific to federal information systems.
Memory Tip: Think of NIST 800-53 as the "Federal Security Bible" - if a question mentions federal government + security controls, NIST 800-53 is almost always the answer. The number 53 can remind you it covers a large number (hundreds) of controls across multiple control families.
Topics
Community Discussion
No community discussion yet for this question.