nerdexam
(ISC)2

CISSP · Question #380

Activity to baseline, tailor, and scope security controls tikes place dring which National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) step?

The correct answer is D. Select security controls.. The activity to baseline, tailor, and scope security controls takes place during the select security controls step of the NIST RMF. The NIST RMF is a framework that provides a structured and flexible process for managing the security and risk of information systems. The NIST RMF

Submitted by carter_n· Mar 5, 2026Security and Risk Management

Question

Activity to baseline, tailor, and scope security controls tikes place dring which National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) step?

Options

  • AAuthorize IS.
  • BAssess security controls.
  • CCategorize Information system (IS).
  • DSelect security controls.

How the community answered

(61 responses)
  • A
    7% (4)
  • B
    2% (1)
  • C
    5% (3)
  • D
    87% (53)

Explanation

The activity to baseline, tailor, and scope security controls takes place during the select security controls step of the NIST RMF. The NIST RMF is a framework that provides a structured and flexible process for managing the security and risk of information systems. The NIST RMF consists of six steps: categorize IS, select security controls, implement security controls, assess security controls, authorize IS, and monitor security controls. The select security controls step is the step where the appropriate security controls are identified and applied to the information system, based on the security categorization, the risk assessment, and the organizational policies. The select security controls step involves activities such as baselining, tailoring, and scoping the security controls. Baselining is the process of selecting the minimum set of security controls based on the security categorization. Tailoring is the process of modifying or supplementing the security control baseline to address specific conditions or situations. Scoping is the process of applying the security controls to the specific components or boundaries of the information system.

Topics

#NIST RMF#Security controls selection#Baselining#Tailoring

Community Discussion

No community discussion yet for this question.

Full CISSP Practice