Bøger af Mark A. Russo Cissp-Issap

THE COMPLETE NIST 800-171 SECURITY AUDITOR'S GUIDE 2ND EDITION. This book is an update that includes changes from NIST 800-171A, "Assessing Security Requirements for Controlled Unclassified Information." It is written in anticipation of expansion of NIST 800-171 federal-wide. It is specifically designed to guide federal and contracted support personnel in efficiently and effectively validating and verifying that businesses meet emerging federal cybersecurity contract requirements. While NIST 800-series describe "what" to do, this series is designed to help security professionals on "how" to properly inspect the 110 NIST 800-171 security controls. Also, it is written based upon NIST and federal government best-practices to ensure companies, their prime and subcontractors, have properly secured their Information Technology (IT) environments connected to federal agencies' vast arrays of IT networks; NIST 800-171 is more specifically about protecting Controlled Unclassified Information (CUI) from loss, damage or compromise. The expanded requirement is designed to create a more secure US and international IT environment responsive and proactive to both internal and external cyber-threats.

A WELL-WRITTEN POAM IS KEY TO SUCCESS IN ANSWERING NIST 800-171 REQUIREMENTSThis is an ongoing series of supplements we are issuing regarding the changes in federal cybersecurity contracting requirements. It is designed to align with our groundbreaking cybersecurity book: Understanding Your Responsibilities in Meeting DOD NIST 800-171. Our desire is to provide complete how-to guidance and instruction to effectively and quickly address your businesses' need to secure your Information Technology (IT) environments to effectively compete in the federal contract space. This is designed to be a template, but much like "Understanding," is designed to capture critical elements of cybersecurity best practices and information that you can implement immediately. A POAM provides a disciplined and structured method to reduce, manage, mitigate, and ultimately, address an active POAM finding/vulnerability. POAM's provide findings, recommendations, and actions that will correct the deficiency or vulnerability; it is not just identifying the risk or threat but having a "plan" that reduces the danger to subjective determination, by the System Owner (business) that the control is met. A POAM is a Living-Document; you cannot just do it once and put it "on a shelf." Active Management of Security Controls is intended to protect your vital and sensitive data from loss, compromise or destruction. "Making the cryptic more comfortable(TM)."