During which of the following NIST risk management framework steps would an information system security engineer identify inherited security controls and tailor those controls to the system?
A. Categorize
B. Select
C. Implement
D. Access
CS0-002: CompTIA CySA+ ExamFULL Printable PDF and Software. VALID exam to help you PASS. |
B. Select
NIST RMF Step 2: Select
Purpose:
• Select security controls
starting with the appropriate
baseline using categorization
output from Step 1
• Apply tailoring guidance as
needed based on risk
assessment
A
https://www.nist.gov/system/files/documents/2018/03/28/vickie_nist_risk_management_framework_overview-hpc.pdf