shieldCISSP Practice Domain 1 — Security and Risk Management Q41 of 120

Which framework defines a six-step Risk Management Framework: Categorize, Select, Implement, Assess, Authorize, Monitor?

A CISSP practice question covering Domain 1: Security and Risk Management. Try answering before reading the explanation below.

▶ Show options & answer

NIST SP 800-37 RMF

✓ Correct answer

ISO 27001

COBIT

ITIL

Why "NIST SP 800-37 RMF" is the right answer

NIST SP 800-37 RMF formalizes the six-step process. ISO 27001 specifies an ISMS but doesn't prescribe these exact steps. COBIT is enterprise IT governance. ITIL is IT service management.

Study videos for this topic

Want to go deeper on Domain 1? Watch the full breakdown — every video is free, no account, no upsell.

CISSP Domain 1: Ethics & the 5 Pillars (Canon Order)

Domain 1 — Security and Risk Management

CISSP Domain 1: Governance, Roles & Due Care (2026)

Domain 1 — Security and Risk Management

CISSP Domain 1: Laws, IP & GDPR (Compliance)

Domain 1 — Security and Risk Management

CISSP Domain 1: Investigation Types & Security Docs

Domain 1 — Security and Risk Management

Take the full CISSP practice test

120 questions, instant explanations, study-video links on every miss. No account.

Start full test →

Which framework defines a six-step Risk Management Framework: Categorize, Select, Implement, Assess, Authorize, Monitor?

Study videos for this topic

Other practice tests