How do you know that a NIST control is ‘worth it’? Should you take the High baseline set of controls, or is Medium good enough?
In the previous post, we reviewed NIST 800-53 r5 control AC-10 which purports to prevent the likelihood that threats can re-use accounts maliciously while they are also in-use for normal work purposes. We will follow this by using RiskLens Cyber Risk Quantification to perform our analyses, compare their results, and draw some conclusions. Let’s jump back in using RiskLens and NIST 800-53 Revision 5 (draft).