Certified Administrative Professional (CAP) Practice Exam

The correct answer is the document that specifically addresses guidelines for developing a Configuration Management (CM) program. SP 800-137, known as "Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations," provides a framework for establishing and maintaining a robust CM program, which is vital for ensuring the security and integrity of information systems.

This document emphasizes the importance of continuous monitoring as part of an organization's information security program, which includes configuring systems in a way that allows for ongoing assessment of their security posture. Effective configuration management directly impacts risk management by helping to identify vulnerable configurations, misconfigurations, and unauthorized changes to systems.

The other documents mentioned have their specific focuses: SP 800-53 provides a catalog of security and privacy controls, NIST 800-39 addresses the management of information security risk, and CM 800-30 concerns the process for conducting risk assessments. While all these documents are essential in the realm of information security, SP 800-137 is specifically tailored to developing and maintaining a continuous monitoring strategy that aligns with a comprehensive CM program.