PART 1 NIST SP 800-53 defines 18 Control families. All controls are important but depending on your environment or situation, some are more important than others. From your experience, what are the three most important control families. Discuss. Here is a link to the special publication: (Links to an external site.)

control families.png HInt: go to page 35 to find a clickable hyperlinked table.

PART 2 Assume your organization has several database servers.

Answer the following question(s):

  1. What are three controls (different families) that would protect the servers? ( does not have to be the same family you chose in Part 1)
  2. Which control would most effectively reduce the risk of data loss? Why? (Here I am looking for a specific base control under one of the control families you identified in step 1- you may provide more than one).

