Which of the following is not true?A. An organization may express its cybersecurity state through a Current Profile to report re
sults or to compare with acquisition requirements.B. Only critical infrastructure agencies may establish a Target Profile that can be used among their constituents as an initial baseline Profile to build their tailored Target Profiles.C. An organization may utilize a Target Profile to express cybersecurity risk management requirements to an external service provider (for example, a cloud provider to which it is exporting data).D. A critical infrastructure owner/operator, having identified an external partner on whom that infrastructure depends, may use a Target Profile to convey required categories and subcategories.
Answer: B. Only critical infrastructure agencies may establish a Target Profile that can be used among their constituents as an initial baseline Profile to build their tailored Target Profiles.
Explanation:
Of the options given in the question, the option that is false is option B "requirements.B. Only critical infrastructure agencies may establish a Target Profile that can be used among their constituents as an initial baseline Profile to build their tailored Target Profiles".
This is not true as the establishment of a target profile is not meant for the critical infrastructure agencies alone. Other infrastructural agencies or companies can also establish the target profile.
The commutative property states that the numbers on which we operate can be moved or swapped from their position without making any difference to the answer.
