nerdexam
EC-Council

312-50V9 · Question #347

Security and privacy of/on information systems are two entities that requires lawful regulations. Which of the following regulations defines security and privacy controls for Federal information syste

The correct answer is A. NIST SP 800-53. NIST SP 800-53 is the federal standard for security and privacy controls applicable to U.S. government information systems and organizations.

Introduction to Ethical Hacking

Question

Security and privacy of/on information systems are two entities that requires lawful regulations. Which of the following regulations defines security and privacy controls for Federal information systems and organizations?

Options

  • ANIST SP 800-53
  • BPCI-DSS
  • CEU Safe Harbor
  • DHIPAA

How the community answered

(21 responses)
  • A
    90% (19)
  • C
    5% (1)
  • D
    5% (1)

Why each option

NIST SP 800-53 is the federal standard for security and privacy controls applicable to U.S. government information systems and organizations.

ANIST SP 800-53Correct

NIST SP 800-53 'Security and Privacy Controls for Information Systems and Organizations' is a publication by the National Institute of Standards and Technology that provides a comprehensive catalog of security and privacy controls specifically designed for federal information systems. It is mandated under FISMA for U.S. federal agencies and serves as the authoritative framework for assessing and selecting controls to manage risk. No other listed regulation fulfills this specific federal mandate.

BPCI-DSS

PCI-DSS (Payment Card Industry Data Security Standard) governs the protection of cardholder data for organizations that process card payments, not federal information systems.

CEU Safe Harbor

EU Safe Harbor was a framework governing the transfer of personal data between the European Union and the United States for commercial entities, not a federal systems security control standard.

DHIPAA

HIPAA (Health Insurance Portability and Accountability Act) establishes privacy and security rules for protected health information in the healthcare industry, not for federal information systems broadly.

Concept tested: NIST SP 800-53 federal security and privacy controls

Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Topics

#NIST SP 800-53#security controls#federal compliance#information security regulations

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice