Skip to main content

Archives of the Tag CONTROLS

October 12, 2020

Security Control Spotlight: AC-20 (Use of External Information Systems)

By Ernest Smith, CISSP, PMP Requirement (simplified): Do you have contracts and or service level agreements with the owners of any system outside of your authorization boundary that are processing, storing, and transmitting your information? Breakdown: What is an “external information system”? Employee personally owned devices (I said it!) Systems…

Continue Reading
Post Categories: Risk Management Framework Tags:  CONTROLS NIST SP 800-53 RMF
September 4, 2017

Security Control Spotlight— “Naming” of Controls, Enhancements and CCIs

Security Control Spotlight— “Naming” of Controls, Enhancements and CCIs By Kathryn M. Daily, CISSP After assisting numerous customers with their RMF efforts, we have seen several instances of confusion arise concerning the “naming” or “numbering” of Security Controls, Control Enhancements, and Control Correlation Identifiers (CCIs). We hope this short tutorial will…

Continue Reading
Post Categories: Risk Management Framework Tags:  CCIS CONTROLS ENHANCEMENTS RMF
Close Menu