Worksheet 1: Intro to the NIST SP 800-53A

Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance. Auditing in IT is the monitoring and validation of safeguards that are put in place to protect information. These safeguards are categorized as controls. Controls are sets or groups of safeguards that relate to different areas within IT systems such as the implementation of security features in hardware and software, administrative processes such as written administrative polices and user agreements. Controls are categorized into families which define the type of control to be complied to and classes. Classes include management, operational and technical. ASSESSMENTS WITHIN THE SYSTEM DEVELOPMENT LIFE CYCLE Security assessments can be effectively carried out at various stages in the system development life cycle to increase the grounds for confidence that the security controls employed within or inherited by an information system are effective in their application. Assessment activities in the initial system development life cycle phases include, for example, design and code reviews, application scanning, and regression testing. Security weaknesses and deficiencies identified early in the system development life cycle can be resolved more quickly and in a much more cost-effective manner before proceeding to subsequent phases in the life cycle. The objective is to identify the information security architecture and security controls up front and to ensure that the system design and testing validate the implementation of these controls. The assessment procedures described in Appendix F of the NIST SP 800-53A can support these types of technical assessments carried out during the initial stages of the system development life cycle. Security assessments are also routinely conducted by information system owners, common control providers, information system security officers, independent assessors, auditors, and Inspectors General during the operations and maintenance phase of the life cycle to ensure that security controls are effective and continue to be effective in the operational environment where the system is deployed. For example, organizations assess all security controls employed within and inherited by the information system during the initial security authorization. Subsequent to the initial authorization, the organization assesses the security controls (including management, operational, and technical controls) on an ongoing basis. The frequency of such monitoring is based on the continuous monitoring strategy developed by the information system owner or common control provider and approved by the authorizing official. As previously stated, organizations develop controls based on laws, regulations, best practices and industry standards. These controls are audited periodically to validate that processes are in place and working. This responsibility is that of the Auditor also referred to as the Security Control Assessor, who will independently validate these controls to ensure compliance and report the findings to higher authority. The National Institute of Standards and Technology (NIST) has developed a series of specialized publications that layout the framework for the implementation, operation and management of information Technology. Controls can be found within the NIST Special Publication 800-53A which you can find in the Student Center under Additional Resources. Refer to the Assessment Procedures in NIST Special Publication 800-53A and complete the following; Complete the table below by determining the 18 Families and their corresponding Classes of controls as described in the NIST Special Publication 800-53 A: Family Class

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
The price is based on these factors:
Academic level
Number of pages
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more