ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your agency is building a new analytics workload in AWS and must comply with NIST SP 800-37 Rev. 2. The team has finished categorizing the information system and documented its security impact levels. Before provisioning any AWS resources, they need to decide which AWS native security services and NIST SP 800-53 control baselines will satisfy the required protections. According to the NIST Risk Management Framework, which step comes next?
Assess the implemented controls to verify they are operating as intended and identify residual risks.
Continuously monitor the controls in production and provide status reports to the Authorizing Official.
Select the appropriate security controls and map them to AWS services, documenting the control baseline in the system security plan.
Implement the selected controls by configuring AWS services and deploying required technical safeguards.
Under NIST SP 800-37 Rev. 2, the step that follows Categorize is Select. During the Select step, the organization chooses an appropriate baseline of NIST SP 800-53 controls, tailors them to the system's impact levels, and identifies supporting mechanisms-such as AWS security services-that will implement those controls. Implement occurs later, when the chosen controls are put in place. Assess follows implementation and evaluates control effectiveness, while Monitor is an ongoing activity after authorization to ensure controls continue to operate as intended. Selecting controls must therefore precede implementation, assessment, and continuous monitoring.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is NIST SP 800-37 Rev. 2 and how does it relate to the Risk Management Framework?
Open an interactive chat with Bash
What are NIST SP 800-53 control baselines, and how are they tailored?
Open an interactive chat with Bash
Which AWS native services are commonly used to implement NIST SP 800-53 controls?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .