CAP · Question #297
Which of the following NIST documents defines impact?
The correct answer is C. NIST SP 800-30. NIST SP 800-30 (Guide for Conducting Risk Assessments) is the primary document that defines impact within the risk assessment process, describing it as the magnitude of harm that could result from the exploitation of a vulnerability. SP 800-53 catalogs security and privacy contro
Question
Which of the following NIST documents defines impact?
Options
- ANIST SP 800-53
- BNIST SP 800-26
- CNIST SP 800-30
- DNIST SP 800-53A
How the community answered
(24 responses)- A4% (1)
- C92% (22)
- D4% (1)
Explanation
NIST SP 800-30 (Guide for Conducting Risk Assessments) is the primary document that defines impact within the risk assessment process, describing it as the magnitude of harm that could result from the exploitation of a vulnerability. SP 800-53 catalogs security and privacy controls; SP 800-26 was a self-assessment guide (now retired/superseded); and SP 800-53A provides procedures for assessing those controls. Impact as a risk component is defined in SP 800-30.
Topics
Community Discussion
No community discussion yet for this question.