What is a control family in NIST SP 800-53, and which of the following are examples?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the RMF Steps, Tasks, and Outcomes Test. Get ready for your exam with flashcards, multiple choice questions, and in-depth explanations. Master each step and outcome with ease!

Multiple Choice

What is a control family in NIST SP 800-53, and which of the following are examples?

Explanation:
Control families in NIST SP 800-53 are groups of related controls that address a specific security domain. They organize the catalog so you can apply a complete set of protections in an area like how access is controlled, how events are logged, or how system configurations are managed. Each family contains multiple controls (and sometimes enhancements) that work together to meet that domain’s objectives. The examples listed—Access Control, Audit and Accountability, and Configuration Management—are actual control families in the standard. They represent domains focused on who can access resources, how activities are recorded and auditable, and how configurations are managed, respectively. The other options don’t fit because a control family is about grouping related controls, not a single control, not a risk assessment framework, and not a vulnerability type.

Control families in NIST SP 800-53 are groups of related controls that address a specific security domain. They organize the catalog so you can apply a complete set of protections in an area like how access is controlled, how events are logged, or how system configurations are managed. Each family contains multiple controls (and sometimes enhancements) that work together to meet that domain’s objectives. The examples listed—Access Control, Audit and Accountability, and Configuration Management—are actual control families in the standard. They represent domains focused on who can access resources, how activities are recorded and auditable, and how configurations are managed, respectively. The other options don’t fit because a control family is about grouping related controls, not a single control, not a risk assessment framework, and not a vulnerability type.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy