nerdexam
(ISC)2

CAP · Question #123

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objective

The correct answer is B. NIST SP 800-26. NIST SP 800-26 provides a self-assessment guide with questionnaires and checklists that organizations use to evaluate systems against specific security control objectives.

Assessment/Audit of Security and Privacy Controls

Question

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?

Options

  • ANIST SP 800-53A
  • BNIST SP 800-26
  • CNIST SP 800-53
  • DNIST SP 800-59
  • ENIST SP 800-60
  • FNIST SP 800-37

How the community answered

(31 responses)
  • B
    87% (27)
  • C
    3% (1)
  • E
    6% (2)
  • F
    3% (1)

Why each option

NIST SP 800-26 provides a self-assessment guide with questionnaires and checklists that organizations use to evaluate systems against specific security control objectives.

ANIST SP 800-53A

NIST SP 800-53A provides assessment procedures for evaluating security and privacy controls, not questionnaire-based self-assessment checklists.

BNIST SP 800-26Correct

NIST SP 800-26, titled 'Security Self-Assessment Guide for Information Technology Systems,' provides detailed questionnaires and checklists organized by control objectives. It enables organizations to evaluate their compliance posture against defined security practices in a structured, repeatable way. This document is specifically designed for self-assessment against control objectives, distinguishing it from other NIST SPs.

CNIST SP 800-53

NIST SP 800-53 is the catalog of security and privacy controls for federal systems, not an assessment questionnaire guide.

DNIST SP 800-59

NIST SP 800-59 provides guidance on identifying whether an information system qualifies as a National Security System.

ENIST SP 800-60

NIST SP 800-60 maps types of information and information systems to security categories under FIPS 199.

FNIST SP 800-37

NIST SP 800-37 describes the Risk Management Framework (RMF) process, not questionnaire-based compliance checklists.

Concept tested: NIST SP 800-26 self-assessment questionnaire purpose

Source: https://csrc.nist.gov/publications/detail/sp/800-26/final

Topics

#NIST SP 800-26#Security Assessment#Compliance Checklists#Self-Assessment

Community Discussion

No community discussion yet for this question.

Full CAP Practice