Question 20
Main Page
Which type of risk management framework is NIST SP 800-37 considered?
A. Asset-based
B. Operational security
C. Lifecycle-based
D. Static framework
Answer: C. Lifecycle-based
NIST SP 800-37 is structured around the system development lifecycle, integrating risk and security from planning to decommissioning.