NIST Publications and Outcomes

Assignment Content
1.
Part 1 
The National Institute of Standards and Technology (NIST) publishes Special Publications (SP) to help government agencies and private companies develop and support security programs. The SP 800 subseries (https://csrc.nist.gov/publications/sp800) deals specifically with computer security. SPs are considered guidelines for nongovernment entities whereas both NIST Federal Information Processing Standards (FIPS) documents and the SPs are required standards for government agencies. 
 
Prepare a 1- to 2-page table in Microsoft® Word or a Microsoft® Excel® table in which you outline how a CISO would use the NIST publications to develop security policies.
 
Include the following column headings: 
o SP number 
o SP name  
o SP purpose
 
Include the following row headings: 
o SP 800-30 
o SP 800-34 
• SP 800-37 
• SP 800-39 
• SP 800-53 
 
Part 2  
You were recently hired as CISO for a healthcare company that qualifies as a “Covered Entity” under HIPAA, which means it must comply with the standards of the HIPAA Security Rule. 
 
Using the table you created in Part 1, write a 2- to 3-page informal comparison outlining the overarching components and outcomes of your NIST-based structure as compared to a structure operating in the global marketplace. Logically explain how NIST compliance influences information security governance and is part of formulating the organization’s desired outcomes. 
 
Cite all sources using APA guidelines. 
 
Submit your assignment, including the 1- to 2-page table and the 2- to 3-page comparison.