CGRC · Question #454
CGRC Question #454: Real Exam Question with Answer & Explanation
The correct answer is B: SP 800 53A. The question describes a NIST publication that provides guidelines for assessing security controls, specifically those defined in SP 800-53, to ensure consistent and repeatable evaluations.
Question
The guidelines in this publication apply to the security controls defined in NIST Special Publication 800 53 in an effort to enable more consistent, comparable, and repeatable assessments of security controls. Response:
Options
- ASP 800 53
- BSP 800 53A
- CSP 800 37
- DFIPS 200
Explanation
The question describes a NIST publication that provides guidelines for assessing security controls, specifically those defined in SP 800-53, to ensure consistent and repeatable evaluations.
Common mistakes.
- A. NIST SP 800-53 defines the security controls themselves, not the guidelines for assessing them.
- C. NIST SP 800-37 describes the Risk Management Framework (RMF), which is the overarching process for managing security and privacy risk, but it does not detail the specific assessment procedures for individual controls.
- D. FIPS 200, "Minimum Security Requirements for Federal Information and Information Systems," sets the minimum security requirements, referencing SP 800-53 for controls, but does not provide assessment guidelines.
Concept tested. NIST SP 800-53A Role
Reference. https://csrc.nist.gov/publications/detail/sp/800-53a/rev-5/final
Topics
Community Discussion
No community discussion yet for this question.