Based on the scenario above, determine whether the following controls are internal or inherited.
|
Control Name |
Control |
Assessment Objective |
Internal / Inherited |
|
Use of External Information Systems |
AC-21(1).1 |
Determine if the information system employs automated mechanisms to enable authorized users to make information-sharing decisions based on access authorizations of sharing partners and access restrictions on information to be shared. |
|
|
Content of Audit Records |
AU-3(2).1 |
Determine if: the organization defines the information system components for which the content of audit records generated is centrally managed; and the organization centrally manages the content of audit records generated by organization-defined information system components. |
|
|
Information Systems Connections |
CA-3.1 |
Determine if the organization identifies connections to external information systems (i.e., information systems outside of the authorization boundary); the organization authorizes connections from the information system to external information systems through the use of Interconnection Security Agreements; the organization documents, for each connection, the interface characteristics, security requirements, and the nature of the information communicated; and the organization monitors the information system connections on an ongoing basis to verify enforcement of security requirements. |
|
|
Incident Monitoring |
IR-5(1) |
Determine if the organization employs automated mechanisms to assist in the tracking of security incidents; the organization employs automated mechanisms to assist in the collection of security incident information; and the organization employs automated mechanisms to assist in the analysis of security incident information. |
The audit and auditor are also auditable and considered a control within the NIST framework. Referring to the NIST SP-53 and 53A, Audit and Accountability Policy and Procedures, explain what the assessment objective is based on the control number it’s associated to:
|
Control Number: |
Description: |
When an auditor develops an audit plan, the size or scope of the audit must be defined so that redundant audits are avoided and that time can be applied to those controls within the domains that are needed. In the chart below, list the seven domains that are auditable:
|
1. |
|
2. |
|
3. |
|
4. |
|
5. |
|
6. |
|
7. |
Looking for solution of this Assignment?
WHY CHOOSE US?
We deliver quality original papers |
Our experts write quality original papers using academic databases.We dont use AI in our work. We refund your money if AI is detected |
Free revisions |
We offer our clients multiple free revisions just to ensure you get what you want. |
Discounted prices |
All our prices are discounted which makes it affordable to you. Use code FIRST15 to get your discount |
100% originality |
We deliver papers that are written from scratch to deliver 100% originality. Our papers are free from plagiarism and NO similarity.We have ZERO TOLERANCE TO USE OF AI |
On-time delivery |
We will deliver your paper on time even on short notice or short deadline, overnight essay or even an urgent essay |