NIST 800-171 Information Technology Security Guidebook : Second Edition
THE SECOND EDITION NIST 800-171 IT SECURITY AUDIT GUIDEBOOKThis update includes new information on federal government direction and challenges for 2019 and beyond. In particular, expect to see the government start prosecuting those contractors who demonstrably have failed to apply NIST 800-171 and protecting CUI/CDI data. This will be a year that will see more action to hold companies working with the government fully accountable. Don't be caught short. This book is designed to help you, the auditor, third-party assessor, consultant, etc., successfully work through the NIST security controls.This book is designed to walk the auditor through each of the 110 controls with a thorough understanding of whether a control is met or not. There is no "partial credit." While the process is subjective, the assessor must make a reasonable determination that the system owner understands and can demonstrate his company or agency's compliance with NIST 800-171. We include a compliance checklist designed to build out a record of the audit. This has been one of our most sought books on the evolving state of NIST 800-171.From the best-selling Cybersecurity author, Mr. Mark A. Russo, holds multiple cybersecurity certifications from several international bodies to include the International Information System Security Certification Consortium, (ISC2), the premier certification body for cybersecurity, and the International Council of Electronic Commerce Consultants (EC Council). Mr. Russo has extensive experience applying cybersecurity and threat intelligence expertise for over 20 years as a retired intelligence officer from the United States Army. His books are published in multiple languages to include Spanish, German, and French. He is considered the foremost authority on Cybersecurity Threat Intelligence (CTI) and THP. He is the former Chief Information Security Officer (CISO) at the Department of Education where he was responsible for clearing an over 5-year backlog in security findings by the Inspector General's Office and the House Oversight Committee.