CISSP-ISSEP · Question #204
Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)? Each correct answer represents a complete solution. Choose all that apply.
The correct answer is A. NIST Special Publication 800-59 B. NIST Special Publication 800-60 D. NIST Special Publication 800-37 E. NIST Special Publication 800-53 F. NIST Special Publication 800-53A. NIST developed a suite of publications to support the C&A process under the Risk Management Framework (RMF): SP 800-37 is the core guide for applying the RMF and conducting C&A; SP 800-53 provides the security controls catalog used during the selection phase; SP 800-53A guides th
Question
Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)? Each correct answer represents a complete solution. Choose all that apply.
Options
- ANIST Special Publication 800-59
- BNIST Special Publication 800-60
- CNIST Special Publication 800-37A
- DNIST Special Publication 800-37
- ENIST Special Publication 800-53
- FNIST Special Publication 800-53A
How the community answered
(28 responses)- A89% (25)
- C11% (3)
Explanation
NIST developed a suite of publications to support the C&A process under the Risk Management Framework (RMF): SP 800-37 is the core guide for applying the RMF and conducting C&A; SP 800-53 provides the security controls catalog used during the selection phase; SP 800-53A guides the assessment (audit) of those controls; SP 800-60 maps information types to security categories (supporting the categorization step); and SP 800-59 identifies whether a system qualifies as a National Security System, which affects how C&A is conducted.
Option C (SP 800-37A) is the distractor - this document simply does not exist. NIST revised SP 800-37 as "Revision 1" and "Revision 2," not as "800-37A," making this a fabricated document number designed to trick test-takers who confuse the naming convention with SP 800-53A.
Memory tip: Think of the C&A stack as "37 runs the show, 53 picks the controls, 53A checks them, 60 categorizes, 59 flags national security" - and remember that NIST uses "Revision" numbering for 800-37, so "800-37A" is a red flag that mimics the "53A" naming pattern.
Topics
Community Discussion
No community discussion yet for this question.