Certified Administrative Professional (CAP) Practice Exam

The correct answer is NIST SP 800-53 because it provides a catalog of security and privacy controls for federal information systems and organizations. This document is designed to assist organizations in meeting the requirements of federal regulations and provides a comprehensive set of recommended controls that cover key areas such as access control, incident response, and system integrity, among others.

NIST SP 800-37, while important, is focused primarily on the Risk Management Framework (RMF) for information systems and the process of integrating security, privacy, and risk management activities into the system development life cycle.

NIST SP 800-171 is targeted towards non-federal organizations and provides security requirements protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations, which is a more specialized focus.

FIPS 200 is related to minimum security requirements for federal information and information systems but does not provide the detailed controls as NIST SP 800-53 does.

Thus, NIST SP 800-53 is the document that specifically outlines the security controls necessary for securing information systems comprehensively.