NIST RMF and Control Tailoring Quiz
16 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

According to the text, what is the NIST RMF?

  • A comprehensive approach to implementing a structured information security program (correct)
  • A more evolved and mature version of the NIST Cybersecurity Framework
  • A high level graphic used for federal IT systems
  • A risk management framework used by the US government

    • What is the main difference between the NIST RMF and the NIST Cybersecurity Framework?

  • The NIST RMF is a dinosaur compared to the evolved and mature NIST Cybersecurity Framework
  • The NIST RMF is a six-step process while the NIST Cybersecurity Framework is a high level graphic (correct)
  • The NIST RMF is used by federal IT systems while the NIST Cybersecurity Framework is not
  • The NIST RMF is still used by the US government while the NIST Cybersecurity Framework is not

    • Who provided the NIST RMF diagram?

  • Emilio Garcia
  • Tom Bishop
  • Aaron Lang (correct)
  • Gerald Dozier

    • What is the purpose of the NIST RMF?

    <p>To implement proper controls on federal IT systems</p> Signup and view all the answers

    Which step in the Risk Management Framework (RMF) involves categorizing the system and reviewing the system categorization?

    <p>Step 3: System categorization</p> Signup and view all the answers

    What is the recommended time frame for conducting a third of the controls assessment in the RMF?

    <p>Every year</p> Signup and view all the answers

    What document is used for system categorization in the RMF?

    <p>NIST SP 800-860</p> Signup and view all the answers

    How often should the controls be monitored in the RMF?

    <p>Every year</p> Signup and view all the answers

    Which level of the Risk Management Framework (RMF) is typically associated with auditing?

    <p>Information system level</p> Signup and view all the answers

    What is Step One of the RMF process?

    <p>Categorizing the information system based on the data it contains</p> Signup and view all the answers

    Which category is most commonly associated with information systems under the RMF?

    <p>Moderate</p> Signup and view all the answers

    What is Step Four of the RMF process?

    <p>Assessing the controls through independent auditing</p> Signup and view all the answers

    Which document is used to look up federal information systems and their corresponding provisional impact levels?

    <p>NIST 800 SP 860</p> Signup and view all the answers

    What does the CIA Triad stand for in the context of the NIST RMF?

    <p>Confidentiality, Integrity, Availability</p> Signup and view all the answers

    What does control tailoring involve in the NIST RMF?

    <p>Adjusting or excluding certain controls based on specific requirements or conditions</p> Signup and view all the answers

    Which document provides the complete control dictionary in the NIST RMF?

    <p>NIST 800 SP 853</p> Signup and view all the answers

    Study Notes

    Overview of NIST RMF and Control Tailoring Process

    • NIST RMF consists of two volumes: Volume 1 provides guidance for mapping categories, and Volume 2 contains appendices for mapping.
    • The document NIST 800 SP 860 is used to look up federal information systems and their corresponding provisional impact levels.
    • The CIA Triad (confidentiality, integrity, availability) is used to map the security category for different information types.
    • The NIST RMF requires choosing the high water mark for the security control levels, even if some aspects are low.
    • Tailoring in the RMF allows for the customization of controls based on specific security objectives and needs.
    • The selection of controls is done by filtering the NIST 800 SP 853 control spreadsheet based on the chosen baseline (e.g., moderate).
    • Controls can be categorized as preventive, detective, deterrent, manual, or automatic, and can fall under physical, technical, or administrative control categories.
    • Different authority documents, such as ISO, PCI, or NIST 853, provide control frameworks for selecting controls.
    • Control tailoring involves adjusting or excluding certain controls based on specific requirements or conditions.
    • Tailoring controls can be done to address unique situations, such as not having locks on certain doors for safety reasons.
    • The RMF process involves reviewing and selecting controls based on the impact levels determined in the categorization step.
    • NIST 800 SP 53 is the complete control dictionary, while 800 SP 53b is the control baseline extraction specifically for meeting minimum requirements.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge of the NIST RMF and Control Tailoring Process with this informative quiz. Learn about the different volumes, the CIA Triad, control selection, and the customization of controls based on specific security objectives. Challenge yourself to understand the process of tailoring controls and how it addresses unique situations. This quiz will help you become familiar with the various authority documents and control frameworks.

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser