NIST SP 800-53A Flashcards

1
Q

“The selection of appropriate assessment procedures and the rigor, intensity, and scope of the assessment depend on three factors:…”

A
  1. The security categorization of the information system
  2. The assurance requirements that the organization intends to meet in determining the overall effectiveness of the security controls; and
  3. The selection of security controls from SP 800-53 as identified in the approved security plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security categorization (national security systems)

A

Is accomplished with CNSS Instruction 1253

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security categorization (other than national security systems)

A

Is accomplished in accordance with FIPS 199 and SP 800-60

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Information produced during security control assessments can be used by an organization to:

A
  1. Identify potential problems or shortfalls in the organization’s implementation of the Risk Management Framework;
  2. Identify information system weaknesses and deficiencies;
  3. Prioritize risk mitigation decisions and associated risk mitigation activities;
  4. Confirm that identified weaknesses and deficiencies in the information systems have been addressed;
  5. Support continuous monitoring activities and information security situational awareness;
  6. Facilitate security authorization decisions; and
  7. Inform budgetary decisions and the capital investment process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly