The Security Auditor's Guidebook for NIST 800-171 2nd Edition: A Comprehensive Approach to Cybersecurity Validation & Verification - Mark A. Russo Cissp-Issap - Bog

THE COMPLETE NIST 800-171 SECURITY AUDITOR'S GUIDE 2ND EDITION. This book is an update that includes changes from NIST 800-171A, "Assessing Security Requirements for Controlled Unclassified Information." It is written in anticipation of expansion of NIST 800-171 federal-wide. It is specifically designed to guide federal and contracted support personnel in efficiently and effectively validating and verifying that businesses meet emerging federal cybersecurity contract requirements. While NIST 800-series describe "what" to do, this series is designed to help security professionals on "how" to properly inspect the 110 NIST 800-171 security controls. Also, it is written based upon NIST and federal government best-practices to ensure companies, their prime and subcontractors, have properly secured their Information Technology (IT) environments connected to federal agencies' vast arrays of IT networks; NIST 800-171 is more specifically about protecting Controlled Unclassified Information (CUI) from loss, damage or compromise. The expanded requirement is designed to create a more secure US and international IT environment responsive and proactive to both internal and external cyber-threats.