Which mandate uses NIST SP-800-53?

Enhance your preparation for the Federal IT Security Professional Test. Use quizzes, flashcards, and detailed explanations to ensure success. Stay ahead in the field of IT Security!

Multiple Choice

Which mandate uses NIST SP-800-53?

Explanation:
NIST SP 800-53 is the formal catalog of security controls federal information systems should implement. Agencies use these controls to satisfy requirements set by the federal mandate that governs information security—FISMA. FISMA requires the development, documentation, and implementation of an information security program and the selection and application of appropriate controls to protect information and systems. FIPS 200 defines the minimum security requirements and references SP 800-53 for the actual controls, but the obligation to use SP 800-53 comes from FISMA itself, not from FIPS 200 or ISO 27001. SP 800-37 is the guidance for applying the Risk Management Framework to those controls, but again, the mandate driving the use of SP 800-53 is FISMA.

NIST SP 800-53 is the formal catalog of security controls federal information systems should implement. Agencies use these controls to satisfy requirements set by the federal mandate that governs information security—FISMA. FISMA requires the development, documentation, and implementation of an information security program and the selection and application of appropriate controls to protect information and systems. FIPS 200 defines the minimum security requirements and references SP 800-53 for the actual controls, but the obligation to use SP 800-53 comes from FISMA itself, not from FIPS 200 or ISO 27001. SP 800-37 is the guidance for applying the Risk Management Framework to those controls, but again, the mandate driving the use of SP 800-53 is FISMA.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy