|
|
|
|
|
|
by 1MachineElf
1274 days ago
|
|
|
Based on my experience in top-down implementation of NIST cybersecurity framework, the holy grail (alongside their 800-37 RMF) is the lesser-known 800-65. Provides guidance on how to fund enterprise cybersecurity programs. The document itself is considered to be phased out, not because it is obsolete, but because government agencies were not up to the task. SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/fi... SP 800-65 Integrating IT Security into the Capital Planning and Investment Control Process https://csrc.nist.gov/publications/detail/sp/800-65/archive/... |
|
|