Which NIST standard provides guidance for developing test, training, and exercise programs for IT capabilities?

The guidance for developing test, training, and exercise programs for IT capabilities is found in NIST Special Publication 800-84. This standard specifically outlines the processes for conducting exercises and tests to validate, measure, and enhance cybersecurity capabilities in an organization. By adhering to the framework and methodologies provided in this document, organizations can effectively simulate potential attack scenarios and assess their readiness to handle cyber threats.

NIST 800-84 emphasizes the importance of real-world scenarios and structured training programs, which are essential to enhance the skills and preparedness of personnel handling IT systems. It influences how organizations can develop comprehensive strategies for testing and improving their security measures through practical application and training exercises.

The other options reference different areas of focus within the NIST cybersecurity framework, which includes risk management (800-53), identity and access management (800-63), and the zero trust architecture (800-207), but none specifically address the development of test, training, and exercise programs for IT capabilities like NIST 800-84 does.