(ISC)2 Certified in Cybersecurity Practice Exam

What is the standard for information security management that includes controls for managing records?

• A. NIST SP 800-53
• B. NIST SP 800-88
• C. ISO/IEC 19770-2
• D. CIS Controls

The correct answer is: NIST SP 800-53

The standard that aligns with information security management and specifies controls for managing records is NIST SP 800-53. This publication is part of the NIST Special Publication series and provides a comprehensive framework for selecting and specifying security controls for information systems. It addresses a wide range of security and privacy issues, including the management of records pertaining to security incidents and audit trails. The significance of NIST SP 800-53 lies in its structured approach to risk management and control selection, ensuring that organizations can effectively safeguard their information assets, comply with federal regulations, and bolster their overall information security posture. By including various administrative, technical, and physical controls, it enables organizations to craft a tailored approach to information security that encompasses records management. Other options, while relevant in the context of information security, serve different purposes. For instance, NIST SP 800-88 focuses specifically on media sanitization and the proper disposal of information stored on electronic media. ISO/IEC 19770-2 is related to software asset management and not primarily focused on information security. The CIS Controls are a set of best practices for securing IT systems but do not specifically emphasize records management as comprehensively as NIST SP 800-53. This contextual understanding underscores why NIST