From the course: NIST 800-53r5: Introduction to Security and Privacy Controls
Join today to access over 24,900 courses taught by industry experts.
Organization defined variables
From the course: NIST 800-53r5: Introduction to Security and Privacy Controls
Organization defined variables
- So in Lesson 2.6, we're going to talk a little bit more about organization-defined variables. We looked at 'em already, but let's go in a little more depth and see how they actually come into play in a security plan. So in this lesson, you'll learn how to list some of the types of variables, discuss the reasons why we had the variables, and then interpret some of the variable definitions. So an organization-defined variable, there are multiple types. There's some technical based ones, like we saw in the AU control, where it said, "You must have these items within the audit log." There's some that are role based we'll see, there's policy based ones. Again, this is your opportunity to tailor the security controls to really fit your organization, and that's what NIST put them there for. So they don't want to say, "This control must be monitored by this specific person," that may not work in your organization. And again, you have the idea of the overlay templates. So if you have some…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
(Locked)
Module two overview1m 48s
-
(Locked)
Control families6m 48s
-
(Locked)
Anatomy of a control4m 57s
-
Control selection5m 22s
-
(Locked)
Common, system, and hybrid controls7m 26s
-
(Locked)
Organization defined variables2m 46s
-
(Locked)
System security plan5m 37s
-
(Locked)
Control assessment8m 11s
-
(Locked)
POA&M6m 48s
-
(Locked)
-
-