In NIST SP 800-53, what best describes a control baseline and its importance?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Enhance your NSF Specialist Training skills. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

In NIST SP 800-53, what best describes a control baseline and its importance?

Explanation:
A control baseline in NIST SP 800-53 is a starting point: a predefined set of security controls chosen to match a system’s impact level (low, moderate, or high). This provides a consistent foundation for securing similar systems, making planning, implementation, and assessment repeatable across environments. The key idea is to start with controls that are appropriate to how severe a loss or breach would be, then tailor that baseline to the specific system’s needs. You can add or remove controls and apply compensating measures as needed to address particular risks, mission requirements, or operating contexts. Because of that tailoring, the baseline is not fixed or unchangeable. It covers a broad range of controls, not just physical security, reflecting the full scope of cybersecurity. While it guides federal compliance under frameworks like FISMA, it’s a framework rather than a blanket legal mandate.

A control baseline in NIST SP 800-53 is a starting point: a predefined set of security controls chosen to match a system’s impact level (low, moderate, or high). This provides a consistent foundation for securing similar systems, making planning, implementation, and assessment repeatable across environments. The key idea is to start with controls that are appropriate to how severe a loss or breach would be, then tailor that baseline to the specific system’s needs. You can add or remove controls and apply compensating measures as needed to address particular risks, mission requirements, or operating contexts. Because of that tailoring, the baseline is not fixed or unchangeable. It covers a broad range of controls, not just physical security, reflecting the full scope of cybersecurity. While it guides federal compliance under frameworks like FISMA, it’s a framework rather than a blanket legal mandate.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy