CISSP · Question #380
Activity to baseline, tailor, and scope security controls tikes place dring which National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) step?
The correct answer is D. Select security controls.. The activity to baseline, tailor, and scope security controls takes place during the select security controls step of the NIST RMF. The NIST RMF is a framework that provides a structured and flexible process for managing the security and risk of information systems. The NIST RMF
Question
Activity to baseline, tailor, and scope security controls tikes place dring which National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) step?
Options
- AAuthorize IS.
- BAssess security controls.
- CCategorize Information system (IS).
- DSelect security controls.
How the community answered
(61 responses)- A7% (4)
- B2% (1)
- C5% (3)
- D87% (53)
Explanation
The activity to baseline, tailor, and scope security controls takes place during the select security controls step of the NIST RMF. The NIST RMF is a framework that provides a structured and flexible process for managing the security and risk of information systems. The NIST RMF consists of six steps: categorize IS, select security controls, implement security controls, assess security controls, authorize IS, and monitor security controls. The select security controls step is the step where the appropriate security controls are identified and applied to the information system, based on the security categorization, the risk assessment, and the organizational policies. The select security controls step involves activities such as baselining, tailoring, and scoping the security controls. Baselining is the process of selecting the minimum set of security controls based on the security categorization. Tailoring is the process of modifying or supplementing the security control baseline to address specific conditions or situations. Scoping is the process of applying the security controls to the specific components or boundaries of the information system.
Topics
Community Discussion
No community discussion yet for this question.