nerdexam
(ISC)2

CISSP-ISSEP · Question #138

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objective

The correct answer is D. NIST SP 800-26. NIST SP 800-26, "Security Self-Assessment Guide for Information Technology Systems," is the correct answer because it was specifically designed to provide questionnaires and checklists that organizations could use to self-assess their systems against defined control objectives -

Security Operations

Question

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?

Options

  • ANIST SP 800-53A
  • BNIST SP 800-37
  • CNIST SP 800-53
  • DNIST SP 800-26
  • ENIST SP 800-59
  • FNIST SP 800-60

How the community answered

(42 responses)
  • C
    2% (1)
  • D
    90% (38)
  • E
    2% (1)
  • F
    5% (2)

Explanation

NIST SP 800-26, "Security Self-Assessment Guide for Information Technology Systems," is the correct answer because it was specifically designed to provide questionnaires and checklists that organizations could use to self-assess their systems against defined control objectives - making it the only publication in this list structured around that evaluation format.

The distractors address related but distinct purposes: 800-53 is the catalog of security and privacy controls themselves; 800-53A provides assessment procedures (interviews, testing, examination) for evaluating those controls, but is not a questionnaire/checklist guide; 800-37 describes the Risk Management Framework (RMF) process; 800-59 identifies whether a system qualifies as a National Security System; and 800-60 maps information types to FIPS 199 security categories.

Memory tip: Think of 800-26 as a "2-6 question survey" - the number itself hints at a questionnaire format, and it predates the modern RMF era as a simpler self-check tool. It has since been superseded, but on exams it remains the answer tied to "questionnaires and checklists for compliance self-assessment."

Topics

#NIST Special Publications#Security Self-Assessment#Compliance Evaluation#Security Controls

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice