Assignment:
To meet the requirements for lab 10 you were to perform: evaluate the policy document against the summarized NIST best practices, identify by number which, if any, of the eight best practices the policy satisfies, and for each practice that you identify, provide a reference to the statement in the policy that aligns with that best practice; suggest how you would revise the policy to directly align with the standards and provide specific statements that you would add/modify in the policy; describe whether the policy document is best titled as a policy or whether it would be better described using another element of the policy framework. Describe the process that the Center uses to ensure that its standards represent the consensus of the cybersecurity community; identify the section of the recommendations that achieves this goal; for each of the five best practices in the previous step, classify the practice as: satisfied (indicate recommendation number that achieves the best practice), violated (indicate recommendation number that violates the best practice) or not addressed.
Unfortunately it looks like you were off target for this assignment; you needed to:
1. Identify by number the best practices (given in the lab) that are satisfied by the policy.
2. Provide specific statements on how you would revise the policy; you needed to align your statements with the best practices.
3. Describe whether the policy document is best titled as a policy or whether it would be better described using another element of the policy framework; this "policy" is better described as a standard.
4. Describe the process that the Center uses to ensure its standards represent the consensus of the cybersecurity community; see the Consensus Guidance portion of the document.
5. Identify the section of the recommendations that achieves the goal.
Attachment:- Applying the Security Policy Framework to an Access Control Environment.rar