Question 103
Main Page
A manager asks if NIST SP 800-30 includes control recommendations. What’s the correct response?
A. No, it only evaluates backup systems
B. Yes, it is a threat intelligence catalog
C. No, it is a guide for conducting risk assessments
D. Yes, it provides identity federation procedures
Answer: C. No, it is a guide for conducting risk assessments
NIST SP 800-30 focuses on evaluating risk—not prescribing specific controls. Controls are covered under NIST SP 800-53.
Next Question