Controls in NIST SP 800-53

Three Primary Classes

Prev Question Next Question

Question

NIST SP 800-53 identifies controls in three primary classes.

What are they?

Answers

A. Technical, Administrative, and Environmental

B. Preventative, Detective, and Corrective

C. Technical, Operational, and Management

D. Administrative, Technical, and Operational.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

NIST SP 800-53 is used to review security in any organization, that is, in reviewing physical security.

The Physical and Environmental Protection family includes 19 different controls.

Organizations use these controls for better physical security.

These controls are reviewed to determine if they are relevant to a particular organization or not.

Many of the controls described include additional references that provide more details on how to implement them.

The National Institute of Standards and Technology (NIST) SP 800-53 rev 3 identifies 18 families of controls.

It groups these controls into three classes: -> Technical -> Operational -> Management.

The answer is D. Administrative, Technical, and Operational.

NIST SP 800-53 is a publication by the National Institute of Standards and Technology that provides guidelines for security and privacy controls for federal information systems and organizations. It identifies controls in three primary classes: administrative, technical, and operational.

Administrative Controls: These are policies and procedures that are implemented by an organization to ensure the proper management of information security. Examples include security awareness training, risk assessments, security planning, and incident response procedures.
Technical Controls: These are mechanisms that are implemented within IT systems to prevent, detect, and respond to security threats. Examples include access controls, encryption, firewalls, intrusion detection systems, and virus scanners.
Operational Controls: These are procedures that are implemented to ensure the proper operation and maintenance of IT systems. Examples include change management, backup and recovery procedures, and system monitoring.

It is important to note that these three primary classes of controls are not mutually exclusive and may overlap in their implementation. Effective information security requires a combination of administrative, technical, and operational controls that are tailored to the specific risks and threats facing an organization.

Prev Question Next Question