44 Chapter 2 ■ Asset Security (Domain 2)
- NIST SP 800-60 provides a process shown in the following diagram to assess information
systems. What process does this diagram show?
Process InputsProcess OutputsProcessIdentify Information
SystemsIdentify
Information
Types(^1) Select
Provisional
Impact Levels
2 Review
Provisional
Impact
Levels
3
Adjust/
Finalize
Information
Impact Levels
Assign
System
Security
Category
Security
Categorization
FIPS 200 / SP 800-53
Security Control
Selection
4
Source: NIST SP 800-60.
A. Selecting a standard and implementing it
B. Categorizing and selecting controls
C. Baselining and selecting controls
D. Categorizing and sanitizing
The following diagram shows a typical workstation and server and their connections to
each other and the internet. For questions 75–77, please refer to this diagram.
Server
Internet
FE
A
BD
C
User workstation