In the context of NIST SP 800-53, what does the term 'Control Baseline' refer to?

Answer options:

The current state of controls before any improvements.

A set of minimum security controls defined for a low, moderate, or high impact information system.

The maximum budget allowed for security.

A list of all possible controls in the catalog.

How to approach this question

NIST SP 800-53 uses 'Baselines' (Low, Mod, High) to tell agencies which controls to pick.

Full Answer

B.A set of minimum security controls defined for a low, moderate, or high impact information system.✓ Correct

A set of minimum security controls defined for a low, moderate, or high impact information system.

NIST SP 800-53 provides three security control baselines (Low, Moderate, High). These are pre-defined sets of controls intended to protect systems based on their impact level.

Common mistakes

Confusing baseline with the full catalog.

Question 34 All questions Question 36

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →