Which are the NIST SP 800-53 control families cited as examples under Security and Privacy Controls?

• A. Contingency Planning, Media Protection, and Identification and Authentication
• B. Access Control, Audit and Accountability, and Configuration Management
• C. Program Management, Risk Assessment, and Continuous Monitoring
• D. Physical and Environmental Protection, System and Communications Protection, and Incident Response

Answer: (B)

NIST SP 800-53 groups controls into families, and Security and Privacy Controls examples point to three key families: Access Control, Audit and Accountability, and Configuration Management. Access Control covers who can access resources and what they can do; Audit and Accountability focuses on recording events and ensuring traceability of actions; Configuration Management ensures that system configurations are controlled, tracked, and kept in a secure baseline to prevent unauthorized changes. While other control families like Contingency Planning, Media Protection, or Program Management are important parts of the overall framework, the cited examples in that context are the three mentioned above.