I pretty much follow the NIST Risk Management Framework, which references all NIST docs. Off the top of my head I can't think of any exceptions. There are minor tweaks, which you can do if they are documented. Call me crazy!
Full disclosure: I might switch to CoBIT some day! ;) On Fri, Oct 30, 2009 at 11:19 AM, Michael Dickey <[email protected]>wrote: > I don't want to usurp Tim's post, but with the mention of NIST, it brings > up a question I've always had. > > Does anyone truly adhere to and build systems based off NIST docs? I'm not > talking "inspired by" builds that take a handful of the settings and use > them, but actually building to the specs such that you can say your build > guide is NIST? This is a bit of a sanity check for me, as I'm skeptical. > > Don't get me wrong, I'm not dissing NIST! They make for great reading! > (Usually.) > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
