Part 1: Physical and Environmental Protection Policy
Locate and read the Physical and Environmental Protection Policy in the NIST Cybersecurity Framework Policy Template Guide. Research online for a real-world implementation example of the policy and compare it with the NIST policy template side by side.
Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document.
The Physical and Environmental Protection Policy is implemented for which NIST function and sub-categories? [5 points]
Answer:
Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in? [5 points]
Answer:
What is the purpose of the example policy? Which party (parties) does the policy apply to? Who is/are responsible for implementing this policy? [5 points]
Answer:
As compared to the NIST policy template, how is the example policy customized to fit the needs of the organization? Describe three occurrences of customization in detail. [15 points]
Answer:
Part 2: Secure System Development Life Cycle Standard
Locate and read the Secure System Development Life Cycle Standard in the NIST Cybersecurity Framework Policy Template Guide. Research online for a real-world implementation example of the standard/policy and compare it with the NIST policy template side by side.
Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document.
The Secure System Development Life Cycle Standard is implemented for which NIST functions and sub-categories? [5 points]
Answer:
Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in? [5 points]
Answer:
What is the purpose of the example standard/policy? Which party (parties) does the standard/policy apply to? Who is/are responsible for implementing this policy? [5 points]
Answer:
As compared to the NIST policy template, how is the example standard/policy customized to fit the needs of the organization? Describe two occurrences of the customization in detail. [10 points]
Answer:
If specified in the example standard/policy, how frequent is the policy reviewed for potential modifications? If not specified in the example standard/policy, what are your recommendations? [5 points]
Answer:
References
1.
2.
3.