Certified Governance Risk and Compliance (CGRC) Practice Exam 2025 - Free CGRC Practice Questions and Study Guide

Disable ads (and more) with a premium pass for a one time $4.99 payment

Question: 1 / 315

Which document serves as a guideline for implementing security controls for information systems?

NIST SP 800-53

NIST SP 800-53 is considered the correct answer because it provides a comprehensive framework for selecting and specifying security controls for federal information systems, as well as for other organizations seeking to enhance their security posture. This publication outlines a set of baseline security controls that organizations can implement to manage risk and protect their information systems. It categorizes controls into families, addressing various aspects such as access control, incident response, and system integrity, which serves as critical guidelines for organizations planning their security strategies.

The other publications, while relevant to risk management and compliance, serve different purposes. NIST SP 800-37 focuses on the Risk Management Framework, guiding organizations in conducting risk assessments and integrating risk management into their information systems lifecycle. NIST SP 800-26 provides a self-assessment guide for information technology systems but does not directly prescribe security controls. Lastly, NIST SP 800-60 addresses the mapping of information types to security categories but does not serve as a guideline for implementing security controls, making it less relevant in this context.

Get further explanation with Examzify DeepDiveBeta

NIST SP 800-37

NIST SP 800-26

NIST SP 800-60

Next

Report this question

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy