COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Security Controls Evaluation, Testing, and Assessment Handbook - 2nd Edition - ISBN: 9780128184271, 9780128206249

Security Controls Evaluation, Testing, and Assessment Handbook

2nd Edition

Author: Leighton Johnson
Paperback ISBN: 9780128184271
eBook ISBN: 9780128206249
Imprint: Academic Press
Published Date: 21st November 2019
Page Count: 788
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Security Controls Evaluation, Testing, and Assessment Handbook, Second Edition, provides a current and well-developed approach to evaluate and test IT security controls to prove they are functioning correctly. This handbook discusses the world of threats and potential breach actions surrounding all industries and systems. Sections cover how to take FISMA, NIST Guidance, and DOD actions, while also providing a detailed, hands-on guide to performing assessment events for information security professionals in US federal agencies. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements and evaluation efforts.

Key Features

  • Provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts
  • Shows readers how to implement proper evaluation, testing, assessment procedures and methodologies, with step-by-step walkthroughs of all key concepts
  • Presents assessment techniques for each type of control, provides evidence of assessment, and includes proper reporting techniques


Digital forensic professionals and analysts, information security professionals, researchers, and practitioners.

Table of Contents

1. Introduction to Assessments
2. Risk and Security
3. Statutory & Regulatory GRC
4. Federal RMF Requirements
5. Risk Management Framework – SP 800-37, rev.1
6. Roles and Responsibilities
7. Assessment Process
8. Assessment Methods
9. Assessment Techniques for each kind of control
10. System and Network Assessments
11. Security Components Fundamentals
12. Cybersecurity Controls
13. CUI Controls
14. Evidence of Assessment
15. Reporting
16. Conclusion

A. Templates for RMF documents and artifacts commonly required or requested
B. Templates for RMF Policies and Procedures by Control Family
C. Assessment and Testing Tools


No. of pages:
© Academic Press 2020
21st November 2019
Academic Press
Paperback ISBN:
eBook ISBN:

About the Author

Leighton Johnson

Leighton Johnson, the CTO of ISFMT (Information Security Forensics Management Team), a provider of cybersecurity & forensics consulting and certification training, has presented computer security, cyber security and forensics lectures, conference presentations, training events and seminars all across the United States, Asia and Europe. He has over 40 years’ experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, incident response & forensics investigations, software system development life cycle focused on testing of systems, systems engineering and integration activities, database administration and cyber defense activities.

Affiliations and Expertise

CTO and Senior Security Engineer for Information Security and Forensics Management Team (ISFMT)

Ratings and Reviews