As a diversion from what I planned last week, I wanted throw up the guidance I found on assessing controls. I am still searching as to whether this is the current instruction to use. I found it at:
http://csrc.nist.gov/groups/SMA/fisma/documents/Security-Controls-Assessment-Form_022807.pdf
These forms replaced NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems which I found a historical reference here:
http://infohost.nmt.edu/~sfs/Regs/sp800-26.pdf
The following is a capture of the Security Controls Assessment Form which covers SI-3(2):
No comments:
Post a Comment