Security Control Selection Phase 2
- Now that we have finished classifying the system, the next step is to selected NIST recommended security controls that apply to the system’s classification (High, Moderate or Low).
- NIST Publication
- SANS Top20 critical Security Control-SANS controls are mapped to NIST controls http://www.sans.org/critical–security–controls
- The security controls selected is termed System Security Control Baseline. This is usual in a form of a spread sheet.
- The security controls (e.g., AC-2) prescribe specific security-related activities or actions to be carried out by organizations or by information systems.
- The security control enhancements (e.g., AC-2 (7)) provides statements of security capability to: (i) add functionality/specificity to a control; and/or (ii) increase the strength of a control.
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!