Cloud Risks & Risks Management
matador
NISTCybersecurityFramework.pdf
2/2/22, 5:30 PM NIST Cybersecurity Framework
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/nist-cybersecurity-framework.html?ou=622270 1/3
Learning Topic
NIST Cybersecurity Framework Executive Order 13636, issued in February 2013, established a requirement for the
development of a voluntary risk-based cybersecurity framework. The resultant framework
includes industry standards and best practices to help organizations manage cybersecurity
risks.
The framework was created under the leadership of the National Institute of Standards
and Technology (NIST), which facilitated collaboration between government and the
private sector to develop a baseline to address and manage cybersecurity risk in a cost-
effective way based on business needs without placing additional regulatory requirements
on businesses. The framework is in use today, providing a starting point for entities to
implement cybersecurity measures for their organizations.
There are several different types of combinations of authentication. Higher levels of
security are generally associated with more levels of authentication (multifactor). For
example, two-factor authentication might include a token and a password. Kerberos is a
protocol for authentication that is made up of two components: a ticket (distributed by a
service) for user authentication and a key that is developed from the user's password.
Another authentication scheme is the Challenge-Handshake Authentication Protocol
(CHAP), which uses a representation (hash) of the user's password to authenticate.
Focus your study on the first 17 pages of the following resource.
NIST Cybersecurity Framework
(https://leocontent.umgc.edu/content/dam/course-
content/tgs/cca/cca-
610/document/PolicyCreationNISTFramework.pdf?ou=622270)
Resources
2/2/22, 5:30 PM NIST Cybersecurity Framework
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/nist-cybersecurity-framework.html?ou=622270 2/3
Choose the best answer to each question:
Question 1
The NIST framework was established under which of the following
orders?
FISMA
PDD-23
EO 13636
NIST 800-53
Question 2
Which of the following best describes the NIST framework?
It is a mandatory risk-based framework—a set of industry standards
and best practices meant to help manage cybersecurity risks.
It is a voluntary risk-based framework—a set of industry standards
and best practices to meant to help manage cybersecurity risks.
It is a voluntary asset-based framework—a set of industry standards
and best practices meant to help identify cybersecurity assets at
risk.
It is a mandatory risk-based framework—a set of government-wide
standards and best practices meant to help manage cybersecurity
risks.
Question 3
Which of the following is true of the NIST framework?
Check Your Knowledge
2/2/22, 5:30 PM NIST Cybersecurity Framework
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/nist-cybersecurity-framework.html?ou=622270 3/3
The framework is not a one-size-fits-all approach to managing
cybersecurity risk for critical infrastructure.
The framework does not address critical infrastructure.
The framework is required only for organizations that do business
with the US government.
The framework is required only for organizations that do business
abroad.
© 2022 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.
