NIST 800-171 & CMMC Documentation Terminology

NIST 800-171 & CMMC Documentation Terminology

Aug 09, 2023

Complying with NIST SP 800-171 & CMMC can be hard enough without arguing over terminology. Terminology pertaining to cybersecurity documentation is often abused, so a simplified concept of the hierarchical nature of cybersecurity documentation is needed to demonstrate the unique nature of these components, as well as the dependencies that exist. 

ComplianceForge created a reference model that is designed to encourage clear communication by defining cybersecurity documentation components and how those are linked. This model is based on industry-recognized terminology from NIST, ISO, ISACA and AICPA to addresses the inter-connectivity of policies, control objectives, standards, guidelines, controls, assessment objectives, risks, threats, procedures & metrics. This also addresses what SSPs, POA&Ms and secure configurations are and how those integrate into an organization's existing cybersecurity documentation. 

Download link: https://content.complianceforge.com/NIST-800-171-C...