CISSP · Question #271
Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?
The correct answer is B. Management, operational, and technical. Security Test and Evaluation (ST&E) organizes security requirements into three control families: management, operational, and technical, aligned with NIST SP 800-53 control classifications.
Question
Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?
Options
- ATactical, strategic, and financial
- BManagement, operational, and technical
- CDocumentation, observation, and manual
- DStandards, policies, and procedures
How the community answered
(50 responses)- A4% (2)
- B86% (43)
- C8% (4)
- D2% (1)
Why each option
Security Test and Evaluation (ST&E) organizes security requirements into three control families: management, operational, and technical, aligned with NIST SP 800-53 control classifications.
Tactical, strategic, and financial are business planning or budgeting categories, not a recognized grouping framework used in ST&E or NIST security control families.
NIST SP 800-53 and ST&E methodologies categorize security controls into management (administrative governance and oversight), operational (day-to-day procedures and human factors), and technical (hardware/software mechanisms) groupings. This tripartite structure provides a comprehensive framework for evaluating all dimensions of an information system's security posture. ST&E test plans are designed around these three families to ensure complete coverage of security requirements.
Documentation, observation, and manual describe assessment methods or techniques used during testing (i.e., how tests are conducted), not a strategy for grouping security requirements.
Standards, policies, and procedures represent a hierarchy of governance documents, not a recognized ST&E requirement grouping strategy as defined by NIST or related frameworks.
Concept tested: ST&E security requirements grouping strategy NIST controls
Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Topics
Community Discussion
No community discussion yet for this question.