https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75182#M3609 <P>You are correct. This question is an example of insufficient quality control on the part of the question provider.</P> Sun, 17 Nov 2024 17:09:05 GMT dips0502 2024-11-17T17:09:05Z https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75166#M3603 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="NIST800-37.png" style="width: 400px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/9196iF4773DE712BC2ABF/image-size/medium?v=v2&amp;px=400" role="button" title="NIST800-37.png" alt="NIST800-37.png" /></span></P><P> </P><P><SPAN>In my understanding NIST-37: Risk Management (Federal Government): Guidelines on managing cybersecurity risks (e.g., NIST SP 800-37 for the Risk Management Framework).&nbsp; Where &nbsp;NIST SP 800-53: covers "Security and Privacy Controls for Information Systems and Organizations" provides a comprehensive set of security and privacy controls that can be tailored to the specific needs of an organization.&nbsp; Can you let me know why 800-53 is the better answer?</SPAN></P> Fri, 15 Nov 2024 20:57:46 GMT https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75166#M3603 Surferway 2024-11-15T20:57:46Z https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75173#M3605 <P>Hi,</P><P>It is very difficult which angle one answer is better than the others.when both are so close.&nbsp;</P><P>&nbsp;</P><P>My thinking as follows:&nbsp;</P><UL><LI><STRONG>SP 800-53</STRONG>: Lists the security and privacy controls to be <STRONG>used within the RMF</STRONG>.</LI><LI><STRONG>SP 800-37</STRONG><SPAN>: Details the RMF process</SPAN></LI></UL><P>&nbsp;</P><P>&nbsp;</P><P>I agree with you alternative <STRONG>C 800-37</STRONG> is correct&nbsp; because it specifically details the Risk Management Framework (RMF). While B. 800-53 is&nbsp; very closely related and provides the security and privacy controls used within the RMF, it does not detail the RMF process itself. Therefore, i consider , 800-37 is the correct choice for the publication that outlines the RMF.</P><P>&nbsp;</P><P>Sometimes, the expert who formulize the question should ask why B is better than C.&nbsp;</P><P>&nbsp;</P><P><SPAN>Best regards</SPAN></P><P><SPAN>Mahfujur</SPAN></P> Sat, 16 Nov 2024 15:25:18 GMT https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75173#M3605 Mahfujur 2024-11-16T15:25:18Z https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75179#M3607 <P>Thanks for the confirmation, that was my thinking as well.</P> Sun, 17 Nov 2024 12:41:22 GMT https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75179#M3607 Surferway 2024-11-17T12:41:22Z https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75180#M3608 You are welcome.<BR />Br<BR />Mahfuj Sun, 17 Nov 2024 14:25:11 GMT https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75180#M3608 Mahfujur 2024-11-17T14:25:11Z https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75182#M3609 <P>You are correct. This question is an example of insufficient quality control on the part of the question provider.</P> Sun, 17 Nov 2024 17:09:05 GMT https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75182#M3609 dips0502 2024-11-17T17:09:05Z https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75281#M3625 <P>Here is detail about your question:&nbsp;NIST management framework standard against which audits, and control assessments will be performed. Which NIST special publication (SP) details the RMF?&nbsp;</P><P>&nbsp;</P><P>Correct Answer: &nbsp;800-53<SPAN>&nbsp;</SPAN></P><P>&nbsp;</P><P><A href="https://csrc.nist.rip/Projects/risk-management/sp800-53-controls/release-search#!/families?version=5.1" target="_blank">https://csrc.nist.rip/Projects/risk-management/sp800-53-controls/release-search#!/families?version=5.1</A></P> Sun, 24 Nov 2024 02:19:47 GMT https://community.isc2.org/t5/Exams/NIST-37-question/m-p/75281#M3625 MALVIKA 2024-11-24T02:19:47Z