Resources for interpretations of how NIST 800-171 Rev. 2 controls can be implemented?

old.reddit.com / @/u/CyberSecureGreg, https://old.reddit.com/user/CyberSecureGreg

I know that there are many ways controls can be implemented. I'm curious if there are any resources out there that list the control and objectives with potential ways each objective could possibly be implemented. I understand that there's no resource/website that can take into account each and every variable a system may have and that assessing the compliance with the controls requires significant critical thinking. I'm just looking for interpretations of the controls and how, generally, people assess compliance with the controls. It'd be great if there was a resource that included links to what industry leaders/professionals are saying about potential implementations. Some controls are pretty direct, and some are open to some significant interpretation.

I already have the CMMC Assessment Guide for level 2 (https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf). I often find even the CMMC guidance thin and not entirely relevant for many modern small and medium businesses. Any guidance is appreciated.

Edit: I do see the megathread listed under this subreddit and I'll spend some significant time there later. I'm seeing if there is anything out there that's a little more robust.

submitted by /u/CyberSecureGreg
[link] [comments]

published 8 months ago




See all items from the same source