https://community.isc2.org/t5/Governance-Risk-Compliance/Recommendation-for-NIST-auditor/m-p/55108#M761 <P>I trust you will post more like that later on. Appreciative for sharing such mind blowing information.</P> Sat, 12 Nov 2022 10:30:53 GMT Kingsdajo 2022-11-12T10:30:53Z https://community.isc2.org/t5/Governance-Risk-Compliance/Recommendation-for-NIST-auditor/m-p/53302#M740 <P>We have a software product that is subject to a 'hybrid' NIST audit, and the quotes we are getting do not seem to fit the scope of work. Our responsibility is only 63 controls, but (in some cases) the quotes we are getting would appear to include hundreds of hours. They are truly all over the place.</P><P>&nbsp;</P><P>Looking for a recommendation for a reasonable audit group that might give this better consideration. Perhaps, the groups we are contacting just have more work than they need...&nbsp;</P><P>&nbsp;</P><P>Thanks!&nbsp;</P> Mon, 09 Oct 2023 10:18:35 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Recommendation-for-NIST-auditor/m-p/53302#M740 Pedro 2023-10-09T10:18:35Z https://community.isc2.org/t5/Governance-Risk-Compliance/Recommendation-for-NIST-auditor/m-p/53305#M741 <P>Are we talking about NIST 800-53? Are there any requirements regarding the auditor from the customer?</P><P>&nbsp;</P><P>Feel free to DM me. I can put you in touch with my US-based colleagues who regularly work on this type of projects.</P> Tue, 13 Sep 2022 15:21:30 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Recommendation-for-NIST-auditor/m-p/53305#M741 wimremes 2022-09-13T15:21:30Z https://community.isc2.org/t5/Governance-Risk-Compliance/Recommendation-for-NIST-auditor/m-p/55108#M761 <P>I trust you will post more like that later on. Appreciative for sharing such mind blowing information.</P> Sat, 12 Nov 2022 10:30:53 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Recommendation-for-NIST-auditor/m-p/55108#M761 Kingsdajo 2022-11-12T10:30:53Z