Which of the following NIST Special Publication documents provides a guideline on network security testing?
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.NIST SP 800-42 provides a guideline on network security testing.
Answer: E, D, B, F, and C are incorrect.
NIST has developed a suite of documents.
for conducting Certification & Accreditation (C&A)
These documents are as follows: NIST Special Publication 800-37: This document is a guide for the security certification and accreditation of Federal Information Systems.
NIST Special Publication 800-53: This document provides a guideline for security controls for Federal Information Systems.
NIST Special Publication 800-53A.
This document consists of techniques and procedures for verifying the effectiveness of security controls in Federal Information System.
NIST Special Publication 800-59: This document is a guideline for identifying an information system as a National Security System.
NIST Special Publication 800-60: This document is a guide for mapping types of information and information systems to security objectives and risk levels.
The NIST (National Institute of Standards and Technology) is a non-regulatory agency of the United States Department of Commerce that develops and publishes standards, guidelines, and best practices for information security.
Among the various Special Publication documents published by NIST, some provide guidelines for specific areas of information security, including network security testing. The correct answer to the question is:
B. NIST SP 800-53A
NIST SP 800-53A, "Assessment Procedures for Security and Privacy Controls," provides guidance on how to assess the effectiveness of security and privacy controls implemented in federal information systems. Part of the assessment procedures involves testing network security controls to verify that they are functioning as intended and providing the necessary protection.
NIST SP 800-42, "Guideline on Network Security Testing," focuses specifically on network security testing and provides guidance on how to plan, conduct, and analyze network security testing activities. However, it does not provide a comprehensive list of assessment procedures for security and privacy controls like NIST SP 800-53A does.
NIST SP 800-60, "Guide for Mapping Types of Information and Information Systems to Security Categories," provides guidance on how to categorize information and information systems according to their security requirements. This document does not provide guidelines on network security testing.
NIST SP 800-53, "Security and Privacy Controls for Federal Information Systems and Organizations," provides a catalog of security and privacy controls for federal information systems and organizations. It does not provide specific guidance on network security testing.
NIST SP 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems," provides guidance on how to apply a risk management framework to federal information systems. It does not provide specific guidance on network security testing.
NIST SP 800-59, "Guidelines for Identifying an Information System as a National Security System," provides guidelines for identifying information systems that require protection based on national security considerations. It does not provide guidance on network security testing.