nerdexam
(ISC)2

CAP · Question #297

Which of the following NIST documents defines impact?

The correct answer is C. NIST SP 800-30. NIST SP 800-30 (Guide for Conducting Risk Assessments) is the primary document that defines impact within the risk assessment process, describing it as the magnitude of harm that could result from the exploitation of a vulnerability. SP 800-53 catalogs security and privacy contro

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which of the following NIST documents defines impact?

Options

  • ANIST SP 800-53
  • BNIST SP 800-26
  • CNIST SP 800-30
  • DNIST SP 800-53A

How the community answered

(24 responses)
  • A
    4% (1)
  • C
    92% (22)
  • D
    4% (1)

Explanation

NIST SP 800-30 (Guide for Conducting Risk Assessments) is the primary document that defines impact within the risk assessment process, describing it as the magnitude of harm that could result from the exploitation of a vulnerability. SP 800-53 catalogs security and privacy controls; SP 800-26 was a self-assessment guide (now retired/superseded); and SP 800-53A provides procedures for assessing those controls. Impact as a risk component is defined in SP 800-30.

Topics

#NIST SP 800-30#Risk Assessment#Impact Analysis#NIST Guidance

Community Discussion

No community discussion yet for this question.

Full CAP Practice