NIST SP 800-53B, Control Baselines for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Oct, 2020). Information Governance; Concepts, Strategies, and Best Practices, 2nd Ed. by Robert F. Smallwood. Publisher: Wiley. (Dec, 2019). Federal Government statutes (e.g., FISMA 2014), regulations, and policies (e.g., Office of Management and Budget [OMB] Circular A-130) may specify whether federal agencies are required, or encouraged, to comply with NIST’s SP 800-series publications. The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics, 2nd Ed. by John Sammons. Publisher: Syngress. (Dec, 2014). Access Control and Identity Management, 3rd Ed. by Mike Chapple. Publisher: Jones and Bartlett Learning. (Sep, 2020).

Risk Management Strategy (ID.RM): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.Practical Guide to Cloud Service Agreements Version 3.0. Publisher: Cloud Standards Customer Council. (Feb, 2019). The Official ISC2 Guide to the CCSP CBK, 3rd Ed. by Leslie Fife, Aaron Kraus, Bryan Lewis. Publisher: Sybex. (Jul, 2021). Federal Register / Vol. 78, No. 17 by Office of the Federal Register. Publisher: USGOV (Jan, 2013).

NIST IR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems by Jon Boyens, Celia Paulsen, Nadya Bartol, Stephany A. Shankles, Rama Moorthy. (Oct, 2012). Data Goveranance: The Definitive Guide by Evren Eryurek, et al. Publisher: O'Reilly Media, Inc. (Mar, 2021).

Specifications

Data Governance: The Definitive Guide by Evren Eryurek, Uri Gilad, Valliappa Lakshmanan, Anita Kibunguchy-Grant, Jessi Ashdown. Publisher: O'Reilly Media, Inc. (Mar, 2021).

Access Control, Authentication, and Public Key Infrastructure by Erin Banks, Bill Ballad, Tricia Ballad. Publisher: Jones & Bartlett Learning. (Jul, 2013). Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013). Access Control, Authentication, and Public Key Infrastructure, 2nd Ed by M.Chapple. Publisher: Jones & Bartlett Learning. (Aug, 2013).NIST SP 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips, Dean Gallup, David Lynes. (May, 2010). NIST SP 800-41, Revision 1, Guidelines on Firewalls and Firewall Policy by Karen Scarfone, Paul Hoffman. (Sep, 2009). Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference by Jamie Watters, Janet Watters. Publisher: Apress. (Dec, 2013). Regardless of whether they are mandatory for federal agencies, an individual SP 800 publication may use document conventions to state any requirements, recommended options, or permissible actions within the publication (e.g., shall, should, may). For example, an SP 800 publication that uses “shall” statements indicates what is necessary to correctly implement its requirements. Such statements do not reflect whether that publication is required to be implemented by a federal statute, regulation, or policy. Look in the document’s introductory text for any such relevant statement about document terminology. Non-Federal Use

Practical Cyber Forensics: An Incident-Based Approach to Forensic Investigations, 1st Edition by Niranjan Reddy. Publisher: Apress. (Jul, 2019). NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).

Data source & citation

Disaster Recovery and Business Continuity, 3rd Ed. by B.S. Thejandra. Publisher: IT Governance Publishing. (Jan, 2014). The Official ISC2 Guide to the CISSP CBK, 5th Ed. by John Warsinske, Mark Graff, Kevin Henry, Christopher Hoover, Ben Malisow, Sean Murphy, C. Paul Oakes, George Pajari, Jeff T. Parker, David Seidl and Mike Vasquez. Publisher: Wiley. (May, 2019). NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information System and Organizations by Jon Boyens, Celia Paulsen, Rama Moorthy, Nadya Bartol. (Apr, 2015).