Home/Tag: NIST 800-53

Vendor Due-Diligence: NIST 800-53 vs. NIST 800-171

Organizations may benefit from greater understanding of the difference between and appropriate use of NIST 800-53 vs. NIST 800-171, especially when it comes to understanding which framework is required by law or applicable under vendor due diligence.

Marketplace Confusion: Vendor Due-Diligence Often Drives Implementation

The proliferation of NIST 800-53 “Security and Privacy Controls for Federal […]

By |2020-01-17T21:20:37+00:00December 18th, 2017|NIST 800 Series|0 Comments

How a Better IT Risk Assessment May Change Your Thoughts on the Traditional Gap Analysis

Does your company perform a risk assessment? If you said yes, what did you mean by “risk assessment”?

I ask because often when people say “risk assessment” they are thinking “gap analysis”. As an IT auditor sometimes our instinct is to select our favorite security framework (probably ISO 27001 or NIST 800-53) and begin identifying gaps in the control environment.

Even when we have “great” audit findings, […]

By |2020-01-17T21:21:12+00:00February 22nd, 2017|Cyber Risk Management, ISO 27001 Compliance|0 Comments