nerdexam
(ISC)2

CAP · Question #91

Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)? Each correct answer represents a complete solution. Choose all that apply.

The correct answer is A. NIST Special Publication 800-53A C. NIST Special Publication 800-59 D. NIST Special Publication 800-53 E. NIST Special Publication 800-37 F. NIST Special Publication 800-60. NIST developed a suite of publications specifically to guide the Certification & Accreditation (C&A) process for federal information systems. NIST SP 800-37 provides the guide for applying the Risk Management Framework (the core C&A process). NIST SP 800-53 defines the security a

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)? Each correct answer represents a complete solution. Choose all that apply.

Options

  • ANIST Special Publication 800-53A
  • BNIST Special Publication 800-37A
  • CNIST Special Publication 800-59
  • DNIST Special Publication 800-53
  • ENIST Special Publication 800-37
  • FNIST Special Publication 800-60

How the community answered

(33 responses)
  • A
    91% (30)
  • B
    9% (3)

Explanation

NIST developed a suite of publications specifically to guide the Certification & Accreditation (C&A) process for federal information systems. NIST SP 800-37 provides the guide for applying the Risk Management Framework (the core C&A process). NIST SP 800-53 defines the security and privacy controls that systems must implement. NIST SP 800-53A provides the methodology for assessing those controls. NIST SP 800-59 gives guidance on identifying whether a system qualifies as a National Security System. NIST SP 800-60 maps information types to security impact categories, which feeds into the categorization step of C&A. Option B (800-37A) is a distractor - it does not exist as a real NIST publication. All five valid documents (A, C, D, E, F) form an integrated framework used throughout the C&A lifecycle.

Topics

#NIST Special Publications#Certification & Accreditation (C&A)#Risk Management Framework (RMF)#Information Security Standards

Community Discussion

No community discussion yet for this question.

Full CAP Practice