What does a CSF Informative Reference within the CSF Core provide?
A . A high-level strategic view of the life cycle of an organization’s management of cybersecurity risk
B . A group of cybersecurity outcomes tied to programmatic needs and particular activities
C . Specific sections of standards, guidelines, and practices that illustrate a method to achieve an associated outcome
Answer: C
Explanation:
A CSF Informative Reference within the CSF Core provides a citation to a related activity from another standard or guideline that can help an organization achieve the outcome described in a CSF Subcategory12. For example, the Informative Reference for ID.AM-1 (Physical devices and systems within the organization are inventoried) is COBIT 5 APO01.01, which states "Maintain an inventory of IT assets"3.
Reference: 1: Informative
Reference: What are they, and how are they used? | NIST 2: Everything to Know About NIST CSF Informative Reference | Axio 3: NIST Cybersecurity Framework v1.1 – CSF Tools – Identity Digital
Latest NIST-COBIT-2019 Dumps Valid Version with 50 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund