has anyone built a risk aggregation methodology / risk mapping matrix for NIST 800-53 controls?

old.reddit.com / @/u/BabyGator44, https://old.reddit.com/user/BabyGator44

particularly chaining vulnerabilities together that may have moderate residual risk in the POA&M but aggregated to high due to the impact would have by being able to exploit multiple from one incompliant configuration??

submitted by /u/BabyGator44
[link] [comments]

published 9 months ago


Previous

Windows Events to monitor for 800-171 or 53 r4/5 security controls
published 9 months ago

Next

Why is the risk executive role in NIST publications considered a function rather than just a role?
published 8 months ago
See all items from the same source