Security Controls Evaluation, Testing, and Assessment Handbook

Security Controls Evaluation, Testing, and Assessment Handbook, Second Edition, provides a current and well-developed approach to evaluate and test IT security controls to prove they are functioning correctly. This handbook discusses the world of threats and potential breach actions surrounding all industries and systems. Sections cover how to take FISMA, NIST Guidance, and DOD actions, while also providing a detailed, hands-on guide to performing assessment events for information security professionals in US federal agencies. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements and evaluation efforts.

Provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts Shows readers how to implement proper evaluation, testing, assessment procedures and methodologies, with step-by-step walkthroughs of all key conceptsPresents assessment techniques for each type of control, provides evidence of assessment, and includes proper reporting techniques

1. Introduction to Assessments 2. Risk and Security 3. Statutory & Regulatory GRC 4. Federal RMF Requirements 5. Risk Management Framework – SP 800-37, rev.1 6. Roles and Responsibilities 7. Assessment Process 8. Assessment Methods 9. Assessment Techniques for each kind of control 10. System and Network Assessments 11. Security Components Fundamentals 12. Cybersecurity Controls 13. CUI Controls 14. Evidence of Assessment 15. Reporting 16. Conclusion

Appendix A. Templates for RMF documents and artifacts commonly required or requested B. Templates for RMF Policies and Procedures by Control Family C. Assessment and Testing Tools