Activity to baseline, tailor, and scope security controls tikes place dring which National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) step?
Correct Answer: D
The activity to baseline, tailor, and scope security controls takes place during the select security controls step of the NIST RMF. The NIST RMF is a framework that provides a structured and flexible process for managing the security and risk of information systems. The NIST RMF consists of six steps: categorize IS, select security controls, implement security controls, assess security controls, authorize IS, and monitor security controls. The select security controls step is the step where the appropriate security controls are identified and applied to the information system, based on the security categorization, the risk assessment, and the organizational policies. The select security controls step involves activities such as baselining, tailoring, and scoping the security controls. Baselining is the process of selecting the minimum set of security controls based on the security categorization. Tailoring is the process of modifying or supplementing the security control baseline to address specific conditions or situations. Scoping is the process of applying the security controls to the specific components or boundaries of the information system. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1: Security and Risk Management, page 83; Official (ISC)2 Guide to the CISSP CBK, Fifth Edition, Chapter 1: Security and Risk Management, page 75.