Wk 2 - NIST RMF Step 2: Select Security Controls [due Mon]

Assignment Content

As the team leader for Phoenix Security Services SureMarket account, you continue your SOX assessment of compliance using the NIST RMF as described in NIST SP 800-37:

Step 1: Categorize Information Systems

Step 2: Select Security Controls

Step 3: Implement Security Controls

Step 4: Assess Security Controls

Step 5: Authorize Information System

Step 6: Monitor Security Controls

Review each security family you identified in Step 1. Use NIST SP 800-53a to determine the specific security controls for each as it applies to the SureMarket Sarbanes-Oxley Act (SOX) assessment.

Your next task is to complete Step 2 of the NIST RMF process by continuing to document information needed for your presentation to the SureMarket leadership in Part B of the Week 4 assignment.

To prepare your documentation, create a 5- to 6-page table in Microsoft Word mapping each security family to the specific security controls contained with NIST SP 800-53a. Each security family will have more than one security control. Organize your information in a table with the following columns:

Security Family Area

Specific Security Controls Within Each Family Area

Description of Each Security Control

Note: You will use this weeks assignment to help you complete your Week 3 assignment.

Submit your assignment.

Resources

Center for Writing Excellence

Reference and Citation Generator

Grammar and Writing Guides