Which of the following NIST documents provides a guideline for identifying an information system as a National Security System?
Click on the arrows to vote for the correct answer
A. B. C. D. E.B.
The correct answer is NIST SP 800-59.
NIST SP 800-59, "Guidance for Identifying an Information System as a National Security System," provides guidelines for identifying information systems as National Security Systems (NSS) based on the criteria established by Executive Order 13231, "Critical Infrastructure Protection in the Information Age." NSS refers to any information system that is used or operated by a federal agency or a contractor on behalf of a federal agency, and is involved in national security-related missions or functions.
NIST SP 800-53, "Security and Privacy Controls for Federal Information Systems and Organizations," provides a catalog of security and privacy controls for federal information systems and organizations. It is used to implement the Federal Information Security Management Act (FISMA) and is applicable to all federal information systems, including NSS.
NIST SP 800-53A, "Assessing Security and Privacy Controls in Federal Information Systems and Organizations," provides guidelines for assessing the effectiveness of security and privacy controls in federal information systems and organizations, including NSS.
NIST SP 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems," provides guidelines for implementing the Risk Management Framework (RMF) for federal information systems, including NSS. The RMF is a structured process that provides a disciplined and structured approach to managing security and privacy risk that is consistent with the organization's overall mission and goals.
NIST SP 800-60, "Guide for Mapping Types of Information and Information Systems to Security Categories," provides guidelines for mapping information types and information systems to security categories based on the potential impact on an organization's operations, assets, or individuals. This document is also applicable to NSS.
In summary, while NIST SP 800-53, 800-53A, 800-37, and 800-60 are all applicable to National Security Systems, only NIST SP 800-59 provides specific guidance for identifying information systems as National Security Systems based on established criteria.