ISC2 Governance, Risk and Compliance (CGRC) Practice Question

During the Prepare step of the NIST Risk Management Framework, a federal system owner must complete a formal risk assessment that identifies threats, vulnerabilities, likelihood, and potential impact. Which NIST Special Publication provides the primary methodology and guidance for performing this type of risk assessment?

NIST SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations
NIST SP 800-30 Revision 1, Guide for Conducting Risk Assessments
NIST SP 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organizations
NIST SP 800-60 Volume 1, Guide for Mapping Information Types to Security Categories

Report Issue

Answer Description

NIST Special Publication 800-30 Revision 1, "Guide for Conducting Risk Assessments," is the authoritative NIST document that explains how to plan, execute, and maintain security and privacy risk assessments. While SP 800-37 outlines the overall RMF process, SP 800-53 lists security controls, and SP 800-60 maps information types to impact levels, only SP 800-30 focuses specifically on the methodology for identifying threats, vulnerabilities, likelihood, and impact-activities central to the risk assessment task in the Prepare step of the RMF.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.

What is the difference between NIST SP 800-30 and NIST SP 800-37?

Open an interactive chat with Bash

How is NIST SP 800-30 applicable to federal system owners?

Open an interactive chat with Bash

What are the key elements of a risk assessment outlined in NIST SP 800-30?

Open an interactive chat with Bash

What are the key components of a risk assessment as described in NIST SP 800-30 Revision 1?

Open an interactive chat with Bash

How does NIST SP 800-30 differ from other NIST Special Publications like SP 800-37 or SP 800-53?

Open an interactive chat with Bash

Why is performing a risk assessment crucial during the Prepare step of the Risk Management Framework (RMF)?

Open an interactive chat with Bash

ISC2 Governance, Risk and Compliance (CGRC)

Security and Privacy Governance, Risk Management, and Compliance Program

Your Score:

Settings & Objectives

Security and Privacy Governance, Risk Management, and Compliance Program

Scope of the System

Selection and Approval of Framework, Security, and Privacy Controls

Implementation of Security and Privacy Controls

Assessment/Audit of Security and Privacy Controls

System Compliance

Compliance Maintenance

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot

AI Bot