GRC WEEK 3 CHAPTERS 5 & 6

Question 2

What is the primary purpose of NIST SP 800-53?

Answer 2

To help organizations strengthen their risk management processes by providing a catalog of security controls.

Question 3

How many controls does NIST SP 800-53 contain?

Answer 3

More than 1,000 controls.

Question 4

What types of threats does NIST SP 800-53 help protect against?

Answer 4

• Cybersecurity incidents
• Privacy breaches
• Malicious attack
• Mistakes and human error

Question 5

How many distinct control families are there in NIST SP 800-53?

Answer 5

20 distinct control families.

Question 6

What does the Access Control family focus on?

Answer 6

Controls that cover access to systems, networks, and devices.

Question 7

What is the goal of the Awareness and Training family?

Answer 7

To ensure users are adequately trained to identify threats.

Question 8

What does the Audit and Accountability family provide guidance on?

Answer 8

Procedures for event logging and auditing.

Question 9

What is the focus of the Assessment, Authorization and Monitoring family?

Answer 9

Continuous monitoring and improvement of security and privacy controls.

Question 10

What does the Configuration Management family aim to lower?

Answer 10

The risk of unauthorized hardware or software being installed on the system.

Question 11

What type of planning does the Contingency Planning family cover?

Answer 11

Planning for system failures and breaches.

Question 12

What is the purpose of the Identification and Authentication family?

Answer 12

Reliable identification of users and devices.

Question 13

What does the Incident Response family encompass?

Answer 13

All aspects of responding to serious incidents.

Question 14

What does the Maintenance family deal with?

Answer 14

System maintenance, including software updates and logging.

Question 15

What does the Media Protection family focus on?

Answer 15

The use, storage, and safe destruction of media and files.

Question 16

What does the Physical and Environmental Protection family cover?

Answer 16

Physical access to devices and facilities.

Question 17

What is included in the Planning family of controls?

Answer 17

Privacy and system security plans (SSPs).

Question 18

What does the Program Management family of controls cover?

Answer 18

Management of an information system, including processes and plans.

Question 19

What does the Personnel Security family focus on?

Answer 19

Policies and procedures around the management of personnel.

Question 20

What is the aim of the Personally Identifiable Information (PII) Processing and Transparency family?

Answer 20

To safeguard sensitive data, focusing on consent and privacy.

Question 21

What does the Risk Assessment family focus on?

Answer 21

Assessment of system vulnerabilities and relevant risk.

Question 22

What does the System and Services Acquisition family include?

Answer 22

Allocation of resources and creation of system development life cycles.

Question 23

What is the focus of the System and Communications Protection family?

Answer 23

Protection of system boundaries and management of collaborative devices.

Question 24

What does the System and Information Integrity family maintain?

Answer 24

The integrity of the information system.

Question 25

What does the Supply Chain Risk Management family cover?

Answer 25

Policies and procedures to counter risks in the supply chain.