Question: NIST issued a revision to SP 800-37 in December 2018. It provides a disciplined, structured, and flexible process for managing security and privacy risk. Which type of document is SP 800-37?
- a risk management framework
- a guide to risk assessments
- a guideline for vulnerability testing
- a step-by-step guide for performing business impact analyses
Answer: The correct answer of the above question is Option A:a risk management framework