| 000 | 01899nam a2200229Ia 4500 | ||
|---|---|---|---|
| 003 | NULRC | ||
| 005 | 20250520103003.0 | ||
| 008 | 250520s9999 xx 000 0 und d | ||
| 020 | _a9781726674904 | ||
| 040 | _cNULRC | ||
| 050 | _aQA 76.9.A93 .R87 2020 | ||
| 100 |
_aRusso, Mark A. _eauthor |
||
| 245 | 0 |
_aInformation technology security audit guidebook for NIST SP 800-171 / _cMark A. Russo |
|
| 250 | _aSecond Edition. | ||
| 260 |
_aWashington : _bSyber-Risk.com, _cc2020 |
||
| 300 |
_a257 pages ; _c21 pages. |
||
| 365 | _bUSD31.5 | ||
| 505 | _aFor NIST 800-171 Security Auditors -- Elements of good Audit practice -- Current NIST 800+171 Contract direction and development -- Why pursue an expansion of NIST-based cybersecurity standards? -- People-Process-Technology PPT Model -- More about artifacts and POAMs -- All things considered -- How to use this book -- ACCESS CONTROL -- AWARENESS & TRAINING (AT) -- AUDIT AND ACCOUNTABILITY (AU) -- CONFIGURATION MANAGEMENT (CM) -- IDENTIFICATION AND AUTHENTICATION (IA) -- INCIDENT RESPONSE (IR) -- MAINTENANCE (MA) -- MEDIA PROTECTION (MP) -- PERSONNEL SECURITY (PS) -- PHYSICAL PROTECTION (PP) -- RISK ASSESSMENT (RA) -- SECURITY ASSESSMENT (SA) -- SYSTEM AND COMMUNICATIONS PROTECTION (SC) -- SYSTEM AND INFORMATION INTEGRITY (SI) -- CONSCLUSION. | ||
| 520 | _aThis book is designed to walk the auditor through each of the 110 controls with a thorough understanding of whether a control is met or not. There is no "partial credit." While the process is subjective, the assessor must make a reasonable determination that the system owner understands and can demonstrate his company or agency's compliance with NIST 800-171. We include a compliance checklist designed to build out a record of the audit. This has been one of our most sought books on the evolving state of NIST 800-171. | ||
| 650 | _aINFORMATION AUDITS | ||
| 942 |
_2lcc _cBK |
||
| 999 |
_c20658 _d20658 |
||