Control Tailoring for brand new system ATO

old.reddit.com / @/u/Unlucky_Beautiful_55, https://old.reddit.com/user/Unlucky_Beautiful_55

The selection of security controls based on using the FIPS Publication 199 categorization for this system and NIST SP 800-53 Revision 5, the FISMA Moderate baseline of controls.

The system security categorization impact level is determined to be overall moderate. Therefore, the following entire moderate baseline controls are selected as the minimum security requirements to the control baseline. This is under NIST SP 800-53 Revision 5 Moderate Baseline 287 Controls, NIST SP 800-53 Revision 5 Privacy Baseline 96 of 96 Controls. The system processes and stores privacy-related data. Therefore, the entire NIST SP 800-53 Revision 5 Privacy Baseline controls are selected to the system's control baseline. Additional Security Controls.

It might be good to note that there are about 15 components under this system.

Can I get guidance on how to tailor the controls?

submitted by /u/Unlucky_Beautiful_55
[link] [comments]

published about 9 hours ago


Previous

Enterprise Compliance Manager?
published about 17 hours ago

Next

SOC2 to NIST 800-53 Rev 4 and Rev 5
published about 6 hours ago
See all items from the same source