cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Surferway
Viewer

NIST 37 question

NIST800-37.png

In my understanding NIST-37: Risk Management (Federal Government): Guidelines on managing cybersecurity risks (e.g., NIST SP 800-37 for the Risk Management Framework).  Where  NIST SP 800-53: covers "Security and Privacy Controls for Information Systems and Organizations" provides a comprehensive set of security and privacy controls that can be tailored to the specific needs of an organization.  Can you let me know why 800-53 is the better answer?

5 Replies
Mahfujur
Viewer

Hi,

It is very difficult which angle one answer is better than the others.when both are so close. 

 

My thinking as follows: 

  • SP 800-53: Lists the security and privacy controls to be used within the RMF.
  • SP 800-37: Details the RMF process

 

 

I agree with you alternative C 800-37 is correct  because it specifically details the Risk Management Framework (RMF). While B. 800-53 is  very closely related and provides the security and privacy controls used within the RMF, it does not detail the RMF process itself. Therefore, i consider , 800-37 is the correct choice for the publication that outlines the RMF.

 

Sometimes, the expert who formulize the question should ask why B is better than C. 

 

Best regards

Mahfujur

Surferway
Viewer

Thanks for the confirmation, that was my thinking as well.

Mahfujur
Viewer

You are welcome.
Br
Mahfuj
dips0502
Newcomer I

You are correct. This question is an example of insufficient quality control on the part of the question provider.

MALVIKA
Viewer

Here is detail about your question: NIST management framework standard against which audits, and control assessments will be performed. Which NIST special publication (SP) details the RMF? 

 

Correct Answer:  800-53 

 

https://csrc.nist.rip/Projects/risk-management/sp800-53-controls/release-search#!/families?version=5...