- All Exams Instant Download
Which of the following processes should be performed FIRST to properly implement the NIST SP 800-53 r4 control framework in an organization?
Which of the following processes should be performed FIRST to properly implement the NIST SP 800-53 r4 control framework in an organization?
A . A selection of the security objectives the organization wants to improve
B . A security categorization of the information systems
C . A comprehensive business impact analysis (BIA)
D . A comprehensive tailoring of the controls of the framework
Answer: B
Explanation:
A security categorization of the information systems should be performed first to properly implement the NIST SP 800-53 r4 control framework in an organization. Security categorization is the process of determining the potential impact on organizational operations, organizational assets, individuals, other organizations, and the Nation resulting from a loss of confidentiality, integrity, or availability of an information system and the information processed, stored, or transmitted by that system. Security categorization is based on the application of FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems, which defines three levels of impact: low, moderate, and high. Security categorization is the first step in the Risk Management Framework (RMF) described in NIST SP 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. Security categorization helps to identify the security requirements for the information system and to select an initial set of baseline security controls from NIST SP 800-53 r4, Security and Privacy Controls
for Federal Information Systems and Organizations. The baseline security controls can then be tailored and supplemented as needed to address specific organizational needs, risk factors, and compliance obligations12.
Reference: SP 800-53 Rev. 4, Security & Privacy Controls for Federal Info Sys … SP 800-37 Rev. 2, Risk Management Framework for Information …
Latest CCAK Dumps Valid Version with 76 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Subscribe
Login
0 Comments
