Security Control Selection Phase 2 Q1-2023

  • Now that we have finished classifying the system, the next step is to selected NIST recommended security controls that apply to the system’s classification (HighModerate or Low).
  • NIST Publication
  • SANS Top20 critical Security Control-SANS controls are mapped to NIST controls http://www.sans.org/criticalsecuritycontrols
  • The security controls selected is termed System Security Control Baseline. This is usual in a form of a spread sheet.
  • The security controls (e.g., AC-2) prescribe specific security-related activities or actions to be carried out by organizations or by information systems.
  • The security control enhancements (e.g., AC-2 (7)) provides statements of security capability to: (i) add functionality/specificity to a control; and/or (ii) increase the strength of a control. 
error: Content is protected !!