CAP · Question #397
Which of the following RMF phases identifies key threats and vulnerabilities that could compromise the confidentiality, integrity, and availability of the institutional critical assets?
The correct answer is B. Phase 1. Phase 1 of the Risk Management Framework (RMF) is the phase focused on identifying key threats and vulnerabilities that could compromise critical asset confidentiality, integrity, and availability.
Question
Which of the following RMF phases identifies key threats and vulnerabilities that could compromise the confidentiality, integrity, and availability of the institutional critical assets?
Options
- APhase 2
- BPhase 1
- CPhase 3
- DPhase 0
How the community answered
(64 responses)- A2% (1)
- B94% (60)
- C3% (2)
- D2% (1)
Why each option
Phase 1 of the Risk Management Framework (RMF) is the phase focused on identifying key threats and vulnerabilities that could compromise critical asset confidentiality, integrity, and availability.
Phase 2 of the RMF typically focuses on assessing and quantifying risks - evaluating likelihood and impact - building on the threat and vulnerability data gathered in Phase 1.
Phase 1 of the RMF is dedicated to identifying and cataloging threats and vulnerabilities that pose risk to the confidentiality, integrity, and availability of institutional critical assets. This identification phase produces the threat and vulnerability data that all subsequent risk assessment and treatment phases depend on.
Phase 3 of the RMF generally involves selecting, implementing, and verifying security controls to treat the risks identified and assessed in earlier phases.
Phase 0 represents preparation and scoping activities such as defining the assessment boundary and establishing context, not the identification of specific threats and vulnerabilities.
Concept tested: RMF Phase 1 threat and vulnerability identification
Source: https://csrc.nist.gov/projects/risk-management/about-rmf
Topics
Community Discussion
No community discussion yet for this question.