medium
Single Answer
0The following graphic shows the NIST risk management framework with a step missing. What is the missing step?
Answer Options
A
Assess security controls
B
Determine control gaps
C
Remediate control gaps
D
Evaluate user activity
Correct Answer: A
Explanation
The missing step of the NIST risk management framework is assessing security controls. This is an important component of the process. The organization has already prepared, categorized the system, selected appropriate controls, and implemented those controls. Before authorizing the use of the system, they must assess the effectiveness of those controls to ensure that they meet security requirements.