CSSLP Question #257: Real Exam Question with Answer & Explanation

The correct answer is C: NIST Special Publication 800-53A. The question seeks the NIST document that provides techniques and procedures for verifying the effectiveness of security controls in federal information systems.

Secure Software Testing

Question

You work as a security engineer for BlueWell Inc. You want to use some techniques and procedures to verify the effectiveness of security controls in Federal Information System. Which of the following NIST documents will guide you?

Options

ANIST Special Publication 800-53
BNIST Special Publication 800-59
CNIST Special Publication 800-53A
DNIST Special Publication 800-37

Explanation

The question seeks the NIST document that provides techniques and procedures for verifying the effectiveness of security controls in federal information systems.

Common mistakes.

A. NIST Special Publication 800-53 provides a catalog of security and privacy controls for federal information systems, not the assessment procedures.
B. NIST Special Publication 800-59 defines the critical assets within federal information systems, not the assessment procedures for security controls.
D. NIST Special Publication 800-37 outlines the Risk Management Framework (RMF) for federal information systems, which includes steps like categorization, selection, implementation, assessment, authorization, and monitoring, but 800-53A focuses specifically on the assessment phase.

Concept tested. NIST SP 800-53A security control assessment

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar5.pdf

Topics

#NIST SP 800-53A#Security Control Assessment#Federal Information Systems#Compliance

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions