https://community.isc2.org/t5/CGRC-Study-Group/Additional-quot-Supplemental-Reference-quot/m-p/59314#M56 <P>I'm currently looking at the items on the CGRC Supplemental Reference list provided by <SPAN>(ISC)²</SPAN>, and observed that&nbsp;<EM>SP800-160 Vol 1</EM> has been replaced by <EM>SP 800-160 Vol. 1 Rev. 1</EM>, "Engineering Trustworthy Secure Systems"</P><P>&nbsp;</P><P>I also noticed that none of the "Supplemental Reference" items are <SPAN>(ISC)²</SPAN>'s own property, so I don't feel bad to add some things which seem conspicuously absent -- now that I've been doing a fairly deep dive into CGRC study:</P><P>&nbsp;</P><UL><LI>NIST FIPS 200, "Minimum Security Requirements for Federal Information and Information Systems" (SELECT step)</LI><LI>SP 800-53A Rev. 5: "Assessing Security and Privacy Controls in Information Systems and Organizations" (ASSESS and MONITOR steps)</LI><LI>NIST SP 800-100, "Information Security Handbook: A Guide for Managers) (MONITOR step)</LI></UL><P>The absence of SP 800-53A from the Supplemental Reference was a surprise to see.&nbsp; Any chance it was intentionally removed?</P> Fri, 19 May 2023 18:54:15 GMT ericgeater 2023-05-19T18:54:15Z https://community.isc2.org/t5/CGRC-Study-Group/Additional-quot-Supplemental-Reference-quot/m-p/59314#M56 <P>I'm currently looking at the items on the CGRC Supplemental Reference list provided by <SPAN>(ISC)²</SPAN>, and observed that&nbsp;<EM>SP800-160 Vol 1</EM> has been replaced by <EM>SP 800-160 Vol. 1 Rev. 1</EM>, "Engineering Trustworthy Secure Systems"</P><P>&nbsp;</P><P>I also noticed that none of the "Supplemental Reference" items are <SPAN>(ISC)²</SPAN>'s own property, so I don't feel bad to add some things which seem conspicuously absent -- now that I've been doing a fairly deep dive into CGRC study:</P><P>&nbsp;</P><UL><LI>NIST FIPS 200, "Minimum Security Requirements for Federal Information and Information Systems" (SELECT step)</LI><LI>SP 800-53A Rev. 5: "Assessing Security and Privacy Controls in Information Systems and Organizations" (ASSESS and MONITOR steps)</LI><LI>NIST SP 800-100, "Information Security Handbook: A Guide for Managers) (MONITOR step)</LI></UL><P>The absence of SP 800-53A from the Supplemental Reference was a surprise to see.&nbsp; Any chance it was intentionally removed?</P> Fri, 19 May 2023 18:54:15 GMT https://community.isc2.org/t5/CGRC-Study-Group/Additional-quot-Supplemental-Reference-quot/m-p/59314#M56 ericgeater 2023-05-19T18:54:15Z