Writing a Cybersecurity Accreditation Package A 21st Century NIST-Based and CMMC Roadmap |
|
Author:
| RUSSO CISSP-ISSAP, Mark A. |
ISBN: | 979-8-6151-8397-3 |
Publication Date: | Feb 2020 |
Publisher: | Independently Published
|
Book Format: | Paperback |
List Price: | USD $31.99 |
Book Description:
|
IF YOU ARE WRITING AN ACCREDITATION PACKAGE FOR NIST 800-171 OR CMMC, THIS BOOK IS DESIGNED FOR THE COMPANY LEADERSHIP AND ITS IT STAFF TO BE SUCCESSFUL... IT WILL SAVE YOU TIME AND HEADACHES...THIS IS A HOW-TO, NOT A "50,000 FOOT VIEW" BOOK! Introducing the Security Authorization Development Package Model (SADP-M). I hope this helps you create a fully auditable and complete package under the base NIST 800-171 and the Cybersecurity Maturity Model...
More Description IF YOU ARE WRITING AN ACCREDITATION PACKAGE FOR NIST 800-171 OR CMMC, THIS BOOK IS DESIGNED FOR THE COMPANY LEADERSHIP AND ITS IT STAFF TO BE SUCCESSFUL...
IT WILL SAVE YOU TIME AND HEADACHES...THIS IS A HOW-TO, NOT A "50,000 FOOT VIEW" BOOK!
Introducing the Security Authorization Development Package Model (SADP-M). I hope this helps you create a fully auditable and complete package under the base NIST 800-171 and the Cybersecurity Maturity Model Certification (CMMC) process emerging from the Department of Defense (DOD). I have added CMMC control traceability for Levels 1 through 3 in this version. This model introduces the Global Cybersecurity Policy (G-CSP). It forms the starting point for required accreditation documentation under NIST 800-171, applicable to CMMC. This is a defined process to help create auditable packages for accreditation. The assigned IT professional or ISSO will subsequently populate and provide answers for the auditor in the G-CSP. After this work is completed, the ISSO will begin to "strip out" the other documents, including the SSP, CSP, POAM, etc. One of the most common requests I receive from my readers is help in creating an effective Cybersecurity Policy (CSP). I initially was focused on the two major technical parts of the NIST 800-171 accreditation package, the System Security Plan (SSP) and Plans of Action and Milestones (POAM). I consider the CSP more a Human Resources effort that focuses on the people side of the People-Process-Technology Triad, but no less critical. Fortunately, I have recently been able to dedicate the time to develop what I describe as an onion approach to create a CSP. I describe a GLOBAL CSP as a base document that the cybersecurity professional can strip out the SSP, the final CSP, and several other vital cybersecurity documents needed to manage any IT system.