Which of the following NIST documents describes that minimizing negative impact on an organization and a need for sound basis in decision making are the fundamental reasons organizations implement a risk management process for their IT systems 

Answer options:

A. NIST SP 800-37
B. NIST SP 800-30
C. NIST SP 800-53
D. NIST SP 800-60

B