Certified Administrative Professional (CAP) Practice Exam 2026 – Your All-in-One Guide to Exam Mastery!

The selected option is C, which refers to NIST Special Publication 800-37. This publication is pivotal in providing a structured framework for risk management in information security, specifically through the Risk Management Framework (RMF) for Information Systems and Organizations.

NIST SP 800-37 outlines a comprehensive approach to managing security risks by integrating security into the system development life cycle. It emphasizes the importance of categorizing information systems, selecting appropriate security controls, implementing those controls, assessing their effectiveness, authorizing the system to operate, and continuously monitoring security controls. This lifecycle approach allows organizations to not only address security considerations more holistically but also to adapt to changes in the risk landscape over time.

While other publications, such as SP 800-53, provide a catalog of security controls, or SP 800-30, which focuses on risk assessment processes, SP 800-37 stands out as it encapsulates the entire risk management process, providing essential guidance that helps organizations effectively manage and mitigate information security risks.