From the course: Implementing the NIST Risk Management Framework
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
How to analyze NIST RMF assessment results
From the course: Implementing the NIST Risk Management Framework
How to analyze NIST RMF assessment results
- [Instructor] As a security assessor you have three high level tasks. Identify any compliance control gaps, classify security and privacy risks, and document your analysis in a final assessment report. For documenting my analysis when performing a security and privacy assessment I use a spreadsheet based on the NIST Cybersecurity Framework. Starting with the Identify function and Asset Management category I dive into each of the controls. You see the controls within Asset Management listed under Cybersecurity Framework Control. I will ask my client how they meet each of these control categories. The Priority field sets the importance for the organization. It's based on a scale of one to 10, with 10 being the highest priority. You can also see how these controls relate to the Center for Internet Security Top 20 controls as well as the NIST 800-53 policy family. For example, when I'm assessing a company I'll…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.