Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)? Each correct answer represents a complete solution.
Choose all that apply.
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.ACDEF.
Certification and Accreditation (C&A) is a formal process used to evaluate, test, and authorize information systems and applications to ensure that they meet specified security requirements. The National Institute of Standards and Technology (NIST) has developed a set of guidelines and publications to assist in conducting C&A processes.
The following documents were developed by NIST for conducting Certification & Accreditation:
A. NIST Special Publication 800-53A - This publication provides guidelines and assessment procedures for conducting security control assessments of federal information systems and organizations. It covers the complete set of security controls in NIST Special Publication 800-53 and provides additional guidance on the assessment process.
B. NIST Special Publication 800-37A - This publication provides guidelines for the Risk Management Framework (RMF) and the steps involved in the C&A process. It covers the initiation, development, implementation, assessment, authorization, and continuous monitoring of information systems.
C. NIST Special Publication 800-59 - This publication provides guidelines for identifying and categorizing information types and information systems. It includes guidance for selecting security controls based on the categorization of information and information systems.
D. NIST Special Publication 800-53 - This publication provides a comprehensive set of security controls for federal information systems and organizations. It includes guidelines for selecting, implementing, and assessing security controls to meet specific security requirements.
E. NIST Special Publication 800-37 - This publication provides guidelines for implementing the RMF and the steps involved in the C&A process. It covers the initiation, development, implementation, assessment, authorization, and continuous monitoring of information systems.
F. NIST Special Publication 800-60 - This publication provides guidelines for mapping security controls from NIST Special Publication 800-53 to other security frameworks, including ISO 27001, HIPAA, and PCI DSS.
Therefore, the correct answers are A, B, D, and E.