Which of the following is a requirement of the 'NIST SP 800-53' framework?

Answer options:

It is mandatory for all private sector companies.

It focuses solely on privacy.

It provides a catalog of security and privacy controls for federal information systems.

It replaces HIPAA.

How to approach this question

NIST 800-53 = Federal Controls Catalog.

Full Answer

C.It provides a catalog of security and privacy controls for federal information systems.✓ Correct

NIST SP 800-53 provides a catalog of security and privacy controls for all U.S. federal information systems except those related to national security. It is widely adopted by the private sector as a best practice framework.

Common mistakes

Thinking it is mandatory for everyone (only Federal agencies).

Question 70 All questions Question 72

Practice the full CPA ISC Practice Exam 3

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...Medium Q02During a review of a client's cloud governance structure, an auditor notes that the client uses a...Medium Q03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...Hard Q04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...Hard Q05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium

View all 82 questions →