Which NIST publication outlines the necessary controls for audits of information systems used for certification?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the WGU ITAS6291 D488 Cybersecurity Architecture and Engineering exam. Use flashcards and multiple-choice questions, each with explanations and guidance. Master your knowledge and excel in your exam!

Multiple Choice

Which NIST publication outlines the necessary controls for audits of information systems used for certification?

Explanation:
The correct answer is B, as NIST 800-53 specifically outlines the security and privacy controls necessary for federal information systems, including those related to audits. This publication provides a comprehensive framework of controls that organizations must implement to manage risk, ensuring that audits effectively assess the security posture of information systems. The controls outlined in NIST 800-53 are crucial for the certification and accreditation process as they help organizations demonstrate compliance with federal standards and best practices for protecting sensitive information. NIST 800-207, while critical in discussing zero trust architecture, does not focus on audit controls. Similarly, NIST 800-61 primarily addresses incident handling procedures rather than audit requirements. NIST 800-84 deals with the testing of security solutions and is not focused directly on auditing information systems. Thus, the focus on security and privacy controls in NIST 800-53 makes it the appropriate reference for auditing information systems in the context of certification.

The correct answer is B, as NIST 800-53 specifically outlines the security and privacy controls necessary for federal information systems, including those related to audits. This publication provides a comprehensive framework of controls that organizations must implement to manage risk, ensuring that audits effectively assess the security posture of information systems. The controls outlined in NIST 800-53 are crucial for the certification and accreditation process as they help organizations demonstrate compliance with federal standards and best practices for protecting sensitive information.

NIST 800-207, while critical in discussing zero trust architecture, does not focus on audit controls. Similarly, NIST 800-61 primarily addresses incident handling procedures rather than audit requirements. NIST 800-84 deals with the testing of security solutions and is not focused directly on auditing information systems. Thus, the focus on security and privacy controls in NIST 800-53 makes it the appropriate reference for auditing information systems in the context of certification.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy