From the course: Implementing the NIST Risk Management Framework
Join today to access over 25,300 courses taught by industry experts.
Security control baselines
From the course: Implementing the NIST Risk Management Framework
Security control baselines
I'll now show you an example process for selecting and tailoring baseline controls using NIST SP 800-53, Rev five and 800-53B Rev five. Control baselines are predefined sets of controls specifically assembled to address the protection needs of a group, organization or community of interest. To help explain control baselines in real life, let me use an example. An organization providing human resources functions whose employees regularly handle personally identifiable information, or PII, through a cloud service provider website would use NIST SP 53 Moderate Impact Baseline. This is based on a risk assessment of the impacts to confidentiality, integrity, and availability of their systems, data and personnel. We could then tailor the controls to only those affecting our operations and systems. In our example, we would exclude physical security controls. Since those are provided by the cloud service provider. And this will result in a moderate impact level that you will use for your…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.