SFPC Risk Management Framework 2

Question 1

What is the primary purpose of the NIST Risk Management Framework (RMF)?

Accepted Answer

To provide a structured process for integrating security and privacy risk management into the system development lifecycle

Answer

The NIST RMF provides a comprehensive process for managing information security and privacy risk throughout the system development lifecycle, from design through decommission.

Question 2

What is 'system categorization' in the NIST RMF?

Accepted Answer

Determining the impact level of a system based on the sensitivity of the information it processes and the potential impact of a security breach

Answer

System categorization assigns an impact level (Low, Moderate, or High) based on the potential impact to the organization if the system's confidentiality, integrity, or availability were compromised.

Question 3

What is an 'authorization boundary' in the context of the NIST RMF?

Accepted Answer

The defined scope of what is included in a system for security authorization purposes

Answer

The authorization boundary defines the scope of what components and elements are included within a system and subject to the security authorization under the RMF.

Question 4

What is a 'Plan of Action and Milestones' (POA&M) in the RMF context?

Accepted Answer

A document identifying security weaknesses in a system with planned remediation actions and target completion dates

Answer

A POA&M documents identified security weaknesses, the planned actions to address them, the resources required, and target completion dates for remediation.

Question 5

What is the 'continuous monitoring' step in the NIST RMF designed to accomplish?

Accepted Answer

Maintaining ongoing awareness of the security posture of a system to support risk management decisions

Answer

Continuous monitoring maintains ongoing situational awareness of system security, enabling rapid detection of changes that may introduce new risks and supporting informed authorization decisions.

SFPC - Security Fundamentals Professional Certification Practice Test

SFPC - Security Fundamentals Professional Certification Practice Test

SFPC Risk Management Framework 2