The purpose of this assignment is twofold.
First, I want you to get familiar with reading official documents related to information security. Security professionals need to be able to read documents like the NIST Security Publications to understand best practices. They also provide weight to recommendations when talking with executives about security decision making.
Second, I want you to be able to teach yourself new things. You may read about things in NIST 800-53 that you don’t already know about. Take time to do some research and learn more. Google is your friend.
I chose the family Identification and Authentication (starts on page F-90), and the controls IA-1, IA-3, and IA-5.
Identification and Authentication policy and procedures refers to an organization’s need to have specified policies related to these two important concepts. The policy needs to address who should be authenticated, and what types of activities require authentication. The policy can also outline how authentication will work across organizations, for example, how contractors can obtain authentication credentials for their work on internal systems. A good authentication policy will define the scope of the policy, too.
One good component of an authentication policy is the Acceptable Use policy. Requiring that all users accept some terms and conditions before accessing a network can be set as a prerequisite (Jackson Hole, n.d.).
The IA-1 requirement also specifies that the organization should review and update the policies and procedures on a regular basis. Such reviews could be a part of the policy itself, and should be carried out regularly to ensure that they are (a) being followed, and (b) serving the needs of the business.
Do you need high quality Custom Essay Writing Services?