cybersecurity

4970 readers

21 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

Security Control Frameworks (self.cybersecurity)

submitted 2 years ago by MSgtRedFox to c/cybersecurity

2 comments fedilink hide all child comments

cross-posted from: https://infosec.pub/post/6671372

I'm not a vendor, I'm just curious what experience people have with implementing security control frameworks?

DOD uses DISA STIGs. Else uses CIS benchmarks, or self developed based of NIST CSF?

To what degree is your organization using any of these?

Are they enforced? Monitored?

Using any vendor solutions that don't suck?

Does anyone care except you (hopefully 😉)

you are viewing a single comment's thread
view the rest of the comments

[–] MSgtRedFox 2 points 2 years ago

Agreed. There is SCAP, but it only covers some, and it's STIG/federal based.