Risk Management and Compliance Quiz

Questions and Answers

What is the most cost-effective approach to risk management likely to occur as a result of?

• Effectively addressing significant risks with strong controls (correct)
• Ignoring risks and focusing solely on policy development
• Seeking management approval without implementing controls
• Conducting regular risk assessments without any controls

Which NIST document does CNSSI-1253 align with?

• SP 800-37 rev. 1
• SP 800-53 (correct)
• SP 800-53A
• FIPS-200

Which document specifies the requirements for the Risk Management Framework (RMF) Step 1?

• SP 800-41
• FIPS-200 (correct)
• FIPS-199
• SP 800-60

Who do Rules of Engagement provide rules for?

System Owner (B)

What should policy development consider in relation to organizational risk?

Consider all organizational risks (D)

Flashcards are hidden until you start studying

Study Notes

Risk Management Approach

• The most cost-effective approach to risk management occurs by effectively addressing significant risks with strong controls.
• This approach ensures that resources are allocated to mitigate the most critical risks.

NIST Document Alignment

• CNSSI-1253 is formatted to align with NIST's SP 800-53.
• This alignment ensures consistency and compliance with NIST's guidelines.

Risk Management Framework (RMF)

• The requirements for RMF Step 1 are spelled out in FIPS-199.
• This document provides guidance on the initial steps of the RMF process.

Rules of Engagement

• Rules of Engagement provide rules for the Authorizing Official (AO).
• The AO is responsible for ensuring that the system or application meets the necessary security requirements.