NIST SP 800-171 revision 3 and SP 800-171A revision have been officially released. Although revision 3 won’t be required for defense contractors for some time, it pays to see exactly what the future holds. On the surface revision 3 has fewer requirements than revision 2. However, under the hood of 171Ar3 there is actually a 32% increase in the number of verification questions that need to be answered. Overall, 171r3 is progress in the right direction even if it comes with a few warts.
Episode Links:
SP 800-171r3: csrc.nist.gov/pubs/sp/800/171...
SP 800-171Ar3: csrc.nist.gov/pubs/sp/800/171...
(0:00) - (2:37): Intro
(2:38) - (10:16): 171r3 only has 97 requirements?
(10:17) - (15:09): Meanwhile, 171Ar3 in 32% larger
(15:10) - (20:39): Organizationally Defined Parameters
(20:40) - (27:31): “New” control families
(27:32) - (34:24): No more NFO controls
(34:26) - (42:51): ORC controls
(42:52) - (47:31): When is 171r3 required?
(47:32) - (49:31): Wrap up
Негізгі бет Ғылым және технология 7 Things to Know About SP 800-171 revision 3
Пікірлер