Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A) Each correct answer represents a complete solution.
Choose all that apply.
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.DEFAB.
Certification & Accreditation (C&A) is the process of evaluating and documenting security-related aspects of an information system. The National Institute of Standards and Technology (NIST) has developed a set of guidelines and best practices for conducting C&A, which is called the Risk Management Framework (RMF). The RMF consists of several steps, and NIST has developed a series of documents that provide guidance on each step.
The following NIST Special Publications (SPs) were developed for conducting C&A:
A. NIST Special Publication 800-59: This SP provides guidance for identifying an organization's information protection needs and for developing and implementing an information security program.
B. NIST Special Publication 800-60: This SP provides guidance for developing an information security program for federal agencies.
C. NIST Special Publication 800-37A: This SP provides guidance for applying the Risk Management Framework (RMF) to information systems.
D. NIST Special Publication 800-37: This SP provides guidance for applying a risk management framework to federal information systems.
E. NIST Special Publication 800-53: This SP provides guidelines for selecting and specifying security controls for federal information systems.
F. NIST Special Publication 800-53A: This SP provides guidelines for assessing the effectiveness of security controls specified in SP 800-53.
In summary, the correct answers are A, B, C, D, E, and F. Each of these documents provides guidance for a different aspect of the C&A process.