nerdexam
(ISC)2

CISSP-ISSEP · Question #204

Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)? Each correct answer represents a complete solution. Choose all that apply.

The correct answer is A. NIST Special Publication 800-59 B. NIST Special Publication 800-60 D. NIST Special Publication 800-37 E. NIST Special Publication 800-53 F. NIST Special Publication 800-53A. NIST developed a suite of publications to support the C&A process under the Risk Management Framework (RMF): SP 800-37 is the core guide for applying the RMF and conducting C&A; SP 800-53 provides the security controls catalog used during the selection phase; SP 800-53A guides th

Risk Management

Question

Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)? Each correct answer represents a complete solution. Choose all that apply.

Options

  • ANIST Special Publication 800-59
  • BNIST Special Publication 800-60
  • CNIST Special Publication 800-37A
  • DNIST Special Publication 800-37
  • ENIST Special Publication 800-53
  • FNIST Special Publication 800-53A

How the community answered

(28 responses)
  • A
    89% (25)
  • C
    11% (3)

Explanation

NIST developed a suite of publications to support the C&A process under the Risk Management Framework (RMF): SP 800-37 is the core guide for applying the RMF and conducting C&A; SP 800-53 provides the security controls catalog used during the selection phase; SP 800-53A guides the assessment (audit) of those controls; SP 800-60 maps information types to security categories (supporting the categorization step); and SP 800-59 identifies whether a system qualifies as a National Security System, which affects how C&A is conducted.

Option C (SP 800-37A) is the distractor - this document simply does not exist. NIST revised SP 800-37 as "Revision 1" and "Revision 2," not as "800-37A," making this a fabricated document number designed to trick test-takers who confuse the naming convention with SP 800-53A.

Memory tip: Think of the C&A stack as "37 runs the show, 53 picks the controls, 53A checks them, 60 categorizes, 59 flags national security" - and remember that NIST uses "Revision" numbering for 800-37, so "800-37A" is a red flag that mimics the "53A" naming pattern.

Topics

#C&A#NIST SP 800-series#RMF#Security controls

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice