Information technology security audit guidebook for NIST SP 800-171 /
Russo, Mark A.
Information technology security audit guidebook for NIST SP 800-171 / Mark A. Russo - Second Edition. - Washington : Syber-Risk.com, c2020 - 257 pages ; 21 pages.
For NIST 800-171 Security Auditors -- Elements of good Audit practice -- Current NIST 800+171 Contract direction and development -- Why pursue an expansion of NIST-based cybersecurity standards? -- People-Process-Technology PPT Model -- More about artifacts and POAMs -- All things considered -- How to use this book -- ACCESS CONTROL -- AWARENESS & TRAINING (AT) -- AUDIT AND ACCOUNTABILITY (AU) -- CONFIGURATION MANAGEMENT (CM) -- IDENTIFICATION AND AUTHENTICATION (IA) -- INCIDENT RESPONSE (IR) -- MAINTENANCE (MA) -- MEDIA PROTECTION (MP) -- PERSONNEL SECURITY (PS) -- PHYSICAL PROTECTION (PP) -- RISK ASSESSMENT (RA) -- SECURITY ASSESSMENT (SA) -- SYSTEM AND COMMUNICATIONS PROTECTION (SC) -- SYSTEM AND INFORMATION INTEGRITY (SI) -- CONSCLUSION.
This book is designed to walk the auditor through each of the 110 controls with a thorough understanding of whether a control is met or not. There is no "partial credit." While the process is subjective, the assessor must make a reasonable determination that the system owner understands and can demonstrate his company or agency's compliance with NIST 800-171. We include a compliance checklist designed to build out a record of the audit. This has been one of our most sought books on the evolving state of NIST 800-171.
9781726674904
INFORMATION AUDITS
QA 76.9.A93 .R87 2020
Information technology security audit guidebook for NIST SP 800-171 / Mark A. Russo - Second Edition. - Washington : Syber-Risk.com, c2020 - 257 pages ; 21 pages.
For NIST 800-171 Security Auditors -- Elements of good Audit practice -- Current NIST 800+171 Contract direction and development -- Why pursue an expansion of NIST-based cybersecurity standards? -- People-Process-Technology PPT Model -- More about artifacts and POAMs -- All things considered -- How to use this book -- ACCESS CONTROL -- AWARENESS & TRAINING (AT) -- AUDIT AND ACCOUNTABILITY (AU) -- CONFIGURATION MANAGEMENT (CM) -- IDENTIFICATION AND AUTHENTICATION (IA) -- INCIDENT RESPONSE (IR) -- MAINTENANCE (MA) -- MEDIA PROTECTION (MP) -- PERSONNEL SECURITY (PS) -- PHYSICAL PROTECTION (PP) -- RISK ASSESSMENT (RA) -- SECURITY ASSESSMENT (SA) -- SYSTEM AND COMMUNICATIONS PROTECTION (SC) -- SYSTEM AND INFORMATION INTEGRITY (SI) -- CONSCLUSION.
This book is designed to walk the auditor through each of the 110 controls with a thorough understanding of whether a control is met or not. There is no "partial credit." While the process is subjective, the assessor must make a reasonable determination that the system owner understands and can demonstrate his company or agency's compliance with NIST 800-171. We include a compliance checklist designed to build out a record of the audit. This has been one of our most sought books on the evolving state of NIST 800-171.
9781726674904
INFORMATION AUDITS
QA 76.9.A93 .R87 2020