Simple ~ Secure ~ Compliance

Maximize the Value of IT and address with Governance, Risk, and Compliance (GRC).

Comply with process, systems and oversight

Principle 1  Policies, standards,  processes, procedures and guidelines   

Principle 1
Risk: Avoid, Mitigate, Accept, Transfer (identify, document, and elevate visibility)

Principle 1  Security Awareness (security technologies, trends, standards and best practices)

Principle 1  Standards: 
      CFR - Code of Federal Regulations (Title 21)
      CJIS Security Policy v5.5 - Criminal Justice Information Services
      CNSSI No. 1253 - Security Categorization and Control Selection for National Security Systems; 27 March 2014
      DAAPM - Defense Security Service (DSS) Assessment and Authorization Process Manual 
      DIACAP - DoD Information Assurance Certification and Accreditation Process
      DoD 5200.01 - Information Security Program: Controlled Unclassified Information
      DoD 5200.40 - Information Technology Security Certification and Accreditation Process (DITSCAP)
      DoD Instruction 8510.01 - Risk Management Framework (RMF) for DoD IT
      DoD Manual 5200.01 - Information Security Program, Protection of Classified Information
      DoDD 8750.1Information Assurance Training, Certification, and Workforce Management (Cancelled; superseded by DoDD 8140.01)
      DoD 8750.01-M - Information Assurance (IAM)
      DoDD 8140.01 - Cyberspace Workforce Management
      DoDD 8001 - Defense Information Management (IM) Program
      DoDD 8500.01 - Cybersecurity
      DoDD 5505.13E - DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3)
      DoDD 8140.01 - Cyberspace Workforce Management
      DoDI 8500.01 - Cybersecurity
      DoDI 8500.2 - Information Assurance Implementation
      DoDI 8530.01 - Cybersecurity Activities Support to DoD Information Network Operations
      DoDI S-5240.23 - Counterintelligence (CI) Activities in Cyberspace (U)
      DoDI 5205.13 - Defence Industrial Base (DIB) Cyber Security (CS) Activities
      DoDI S-3325.10 - Human Intelligence (HUMINT) Activities in Cyberspace (U/FOUO)
      DoDI 8500.2 - Information Assurance (IA) Implementation
      FedRAMP - Federal Risk and Authorization Management Program
      FIPS - Federal Information Processing Standards
      FISMAFederal Information Security Modernization Act
      HIPAA - Health Insurance Portability and Accountability Act
      NISPOM (DoD 5220.22-M) National Industrial Security Program Operating Manual (Change 2; May 18, 2016) Changes: Summary / Redlines
      NIST - National Institute of Standards and Technology
      NIST FIPS-199 - Standards for Security Categorization of Federal Information and Information Systems
      NIST SP 800-30 - Guide for Conducting Risk Assessments
      NIST SP 800-37 Rev 1 - Guide for Applying the Risk Management Framework to Federal Information Systems
      NIST SP 800-39 - Managing Information Security Risk 
      NIST SP 800-53 - Security and Privacy Controls for Information Systems and Organizations
      NIST SP 800-53A - Assessing Security and Privacy Controls in Federal Information Systems and Organizations
      NIST SP 800-60 - Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories
      NIST SP 800-137 - Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
      NIST SP 800-145 - The NIST Definition of Cloud Computing
      NIST SP 800-171 - Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
      NIST SP 800-60 (Vol 1) - Guide for Mapping Types of Information and Information Systems to Security Categories
      PCI-DSS - Payment Card Industry Data Security Standard
      ISO 9001 - Quality Management
      ISO 19770-1:2017 - Information Technology - IT Asset Management - IT Asset Management Systems - Requirements
      ISO 27001 - Information technology - Security techniques - Information security management systems - Requirements
      ISO 27002 - Information technology — Security techniques — Code of practice for information security management 
      ISO 27018 - IT Security techniques Code of practice for protection of PII in public clouds acting as PII processors

      COBITControl Objectives for Information and Related Technologies
      ITIL - Information Technology Infrastructure Library
      NIST SP 800-37 (Rev 2) - Risk Management Framework for Information Systems and Organizations
        Risk-IT - The Risk IT Framework

      ICD-503Intelligence Community Technology System Security, Risk Management, Certification and Accreditation
      NIST 800-37 - Guide for Applying the Risk Management Framework to Federal Information Systems
      NIST 800-30 (Rev 1) - Guide for Conducting Risk Assessments
      SOC - Service Organization Control Reports

Principle 1  Certifications:
      PMP - Project Management Professional
      CISM - Certified Information Security Manager