your boss believes that your company must follow NIST guideliness for disaster recovery planning and wants you to develop the company's plans bases on those guidelines. which statement might you use to respond to your boss?

Transcribed Image Text:

### Understanding NIST Publications NIST publications provide critical guidelines and frameworks that are essential for various sectors, including government agencies and the private sector. This educational resource helps clarify their applicability and relevance for different types of organizations. --- ### Question: Are NIST publications mandatory for your organization? #### Possible Answers: - **A.** - **Statement:** "NIST publications are specifically for government agencies and their contractors, and most of what they say is just not applicable to the private sector." - **Explanation:** This statement suggests a limited applicability of NIST publications, focusing only on government and its contractors. - **B.** - **Statement:** "As a government contractor, we actually have to follow ISO and ITIL, not NIST." - **Explanation:** This response indicates a belief that other standards like ISO (International Organization for Standardization) and ITIL (Information Technology Infrastructure Library) are more relevant to government contractors than NIST. - **C.** - **Statement:** "Although we are not a government contractor, NIST frameworks and guidelines are mandatory for all US businesses, and so this is correct." - **Explanation:** This option asserts that NIST guidelines are obligatory for all US businesses, regardless of their contractor status with the government. - **D.** - **Statement:** "NIST publications are mandatory only for government agencies or companies on government contracts, and since we are neither of those, we don't have to follow them. But they have some great ideas we should see about putting to use, tailored to our risk management plans." - **Explanation:** This answer acknowledges the mandatory nature of NIST for government-related entities but also suggests adopting NIST guidelines voluntarily for better risk management, even if not required. --- Understanding these perspectives can guide your decision on whether and how to implement NIST guidelines in your organizational framework. Evaluate which statement aligns with your organization's policies and type of work.