Certified Information Systems Security Professional (CISSP) — Question 232

An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard?

Answer options

• A. It should be expressed as general requirements.
• B. It should be expressed as technical requirements.
• C. It should be expressed in business terminology.
• D. It should be expressed in legal terminology.

Correct answer: B

Explanation

The correct answer is B because a baseline cybersecurity standard must include specific technical requirements that detail the security measures and controls to be implemented. Options A, C, and D are incorrect as they suggest a level of vagueness or inappropriateness for a technical standard that should be precise and actionable.