In my understanding NIST-37: Risk Management (Federal Government): Guidelines on managing cybersecurity risks (e.g., NIST SP 800-37 for the Risk Management Framework). Where NIST SP 800-53: covers "Security and Privacy Controls for Information Systems and Organizations" provides a comprehensive set of security and privacy controls that can be tailored to the specific needs of an organization. Can you let me know why 800-53 is the better answer?
Hi,
It is very difficult which angle one answer is better than the others.when both are so close.
My thinking as follows:
I agree with you alternative C 800-37 is correct because it specifically details the Risk Management Framework (RMF). While B. 800-53 is very closely related and provides the security and privacy controls used within the RMF, it does not detail the RMF process itself. Therefore, i consider , 800-37 is the correct choice for the publication that outlines the RMF.
Sometimes, the expert who formulize the question should ask why B is better than C.
Best regards
Mahfujur
Thanks for the confirmation, that was my thinking as well.
You are correct. This question is an example of insufficient quality control on the part of the question provider.
Here is detail about your question: NIST management framework standard against which audits, and control assessments will be performed. Which NIST special publication (SP) details the RMF?
Correct Answer: 800-53