ExpertMedium1 markMultiple Choice
CPA · Question 71 · Area II: Security
Which of the following is a requirement of the 'NIST SP 800-53' framework?
Which of the following is a requirement of the 'NIST SP 800-53' framework?
Answer options:
A.
It is mandatory for all private sector companies.
B.
It focuses solely on privacy.
C.
It provides a catalog of security and privacy controls for federal information systems.
D.
It replaces HIPAA.
How to approach this question
NIST 800-53 = Federal Controls Catalog.
Full Answer
C.It provides a catalog of security and privacy controls for federal information systems.✓ Correct
C
NIST SP 800-53 provides a catalog of security and privacy controls for all U.S. federal information systems except those related to national security. It is widely adopted by the private sector as a best practice framework.
Common mistakes
Thinking it is mandatory for everyone (only Federal agencies).
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium