The correct answer is To ensure the controls are applicable and effective for the specific system and its risk profile.

Baseline controls in NIST SP 800-53 are starting points and they must be tailored so they match the system categorization, environment, and the specific threats the system faces. Tailoring makes controls relevant and effective by selecting only those controls that apply, defining control enhancements and parameters that fit the system, and scoping controls so they address actual risk rather than theoretical or irrelevant requirements.

Tailoring is a risk driven activity. It links the control set to the system impact levels and mission needs so that residual risk is managed to acceptable levels. Proper tailoring produces a set of controls that are implementable, testable, and traceable back to the system risk profile.

To reduce the costs of implementing and maintaining security controls is not the primary reason. Cost may be a consideration when choosing among control alternatives but tailoring exists to ensure controls are appropriate and effective for the system and its risks rather than primarily to save money.

To ensure the same controls are enforced across every system in the enterprise is incorrect because tailoring often produces differences between systems. The goal is appropriate security for each system and its environment. Uniformity is not the objective when systems have different functions, threats, or impact levels.

To allow reuse of inherited organization level controls so individual systems do not replicate controls is also not the primary reason. Inheritance and reuse are useful practices and they are part of the tailoring and scoping process, but the main purpose of tailoring remains ensuring controls are applicable and effective for the specific system and its risk profile.

Full AWS Practitioner Certification Question