Our CISSP recently left our organization on short notice and I have been assigned one of his projects; updating our System Security Plan from NIST 800-53 REV 3 to REV 5. Our regulatory agency has requested the updated document by March 1st; not being a compliance professional this project is causing me a lot of stress. Is there an easy method for identifying what controls between REV 3 and REV 5 need to be added to the System Security Plan for an organization with a medium risk designation?
Asking around it looks like our regulatory body provided the System Security Plan template with all REV 3 controls populated. Is there something similar available for REV 5?
Any direction or guidance would be greatly appreciated.
[link] [comments]