cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ericgeater
Community Champion

Additional "Supplemental Reference"

I'm currently looking at the items on the CGRC Supplemental Reference list provided by (ISC)², and observed that SP800-160 Vol 1 has been replaced by SP 800-160 Vol. 1 Rev. 1, "Engineering Trustworthy Secure Systems"

 

I also noticed that none of the "Supplemental Reference" items are (ISC)²'s own property, so I don't feel bad to add some things which seem conspicuously absent -- now that I've been doing a fairly deep dive into CGRC study:

 

  • NIST FIPS 200, "Minimum Security Requirements for Federal Information and Information Systems" (SELECT step)
  • SP 800-53A Rev. 5: "Assessing Security and Privacy Controls in Information Systems and Organizations" (ASSESS and MONITOR steps)
  • NIST SP 800-100, "Information Security Handbook: A Guide for Managers) (MONITOR step)

The absence of SP 800-53A from the Supplemental Reference was a surprise to see.  Any chance it was intentionally removed?

--
"A claim is as good as its veracity."
0 Replies