NIST Standards Exam 2025 Questions and
Answers
FIPS 199 - ANS Standards for Security Categorization of Federal Information and Information
Systems.
Sec categorization -- first step in risk mgmt process, must be accomplished as an enterprise-
wide activity with the involvement of senior-level officials, but not limited to, CIO, ISO, AO, info
owner.
FIPS 200 - ANS Minimum Security Requirements for Federal Information and Information
Systems.
Select appropriate set of sec controls.
SP 800-18 - ANS Guide for Developing Security Plans for Federal Information Systems
*System Security Plan*
SP 800-30 - ANS Guide for Conducting Risk Assessments
SP 800-37 - ANS Guide for Applying the Risk Management Framework to Federal Information
Systems: A security Life Cycle Approach.
*RMF Roles and Process*
SP 800-39 - ANS Managing Information Security Risk: Organization, Mission, and Information
System View.
Pg. 1 Copyright © 2025 Jasonmcconell. ALL RIGHTS RESERVED.
Answers
FIPS 199 - ANS Standards for Security Categorization of Federal Information and Information
Systems.
Sec categorization -- first step in risk mgmt process, must be accomplished as an enterprise-
wide activity with the involvement of senior-level officials, but not limited to, CIO, ISO, AO, info
owner.
FIPS 200 - ANS Minimum Security Requirements for Federal Information and Information
Systems.
Select appropriate set of sec controls.
SP 800-18 - ANS Guide for Developing Security Plans for Federal Information Systems
*System Security Plan*
SP 800-30 - ANS Guide for Conducting Risk Assessments
SP 800-37 - ANS Guide for Applying the Risk Management Framework to Federal Information
Systems: A security Life Cycle Approach.
*RMF Roles and Process*
SP 800-39 - ANS Managing Information Security Risk: Organization, Mission, and Information
System View.
Pg. 1 Copyright © 2025 Jasonmcconell. ALL RIGHTS RESERVED.
