(ISC)2(ISC)2
CGRC · Question #505
CGRC Question #505: Real Exam Question with Answer & Explanation
The correct answer is A: design, development, implementation, operation, maintenance, and disposition of government. NIST SP 800-37, Revision 1, provides comprehensive guidance for individuals involved in the full lifecycle of government information systems.
Security and Privacy Governance, Risk Management, and Compliance Program
Question
NIST SP 800-37, Revision 1, provides guidance to individuals involved in the................... Response:
Options
- Adesign, development, implementation, operation, maintenance, and disposition of government
- Bdesign, development, implementation, operation, maintenance, and disposition of security
- Cusage, training, conversion, data analysis and system control of government information systems.
- Dusage, training, conversion, data analysis and system control of security information systems.
Explanation
NIST SP 800-37, Revision 1, provides comprehensive guidance for individuals involved in the full lifecycle of government information systems.
Common mistakes.
- B. While related to security, the phrasing 'security information systems' is less precise than 'government information systems' and still requires the full lifecycle stages for accuracy.
- C. The listed activities (usage, training, conversion, data analysis, system control) are too narrow and do not encompass the full breadth of the SDLC guidance provided by SP 800-37.
- D. This option shares the same inaccuracies as C, combining an incomplete list of activities with less precise terminology for the system type.
Concept tested. NIST SP 800-37 Scope and Lifecycle
Reference. https://csrc.nist.gov/publications/detail/sp/800-37/rev-1/final
Topics
#NIST SP 800-37#Risk Management Framework#Government Information Systems#System Lifecycle
Community Discussion
No community discussion yet for this question.