Security Controls Evaluation, Testing, and Assessment Handbook

I found that his additional insight provided useful information relative to understanding the intent of the 600 + RMF controls. I've spent numerous years attempting to interpret the DISA and NIST documents. This book provided additional information that can be used to ensure proper compliance while assessing RMF controls.

This book is pure garbage and the author and publisher should be ashamed for charging money for this item. Essentially, the author just summarizes and recaps information currently available in the FREE NIST volumes. Yes, copies everything and changes a word here and there...tables, graphics, etc. Even the sample assessment formats come from the official documents online. Everything that is currently available for FREE. There is ZERO need to purchase this book. Want a cross-walk table between NIST 800-53a and ISO, just download the FREE NIST 800-53a volume, the table is there word for word, you do not need it from this book. Want to know how to evaluate security controls just go to the FREE NIST volume. I am so upset at the lack of honesty here, but kudos to the author for being creative and using FREE material to sucker people in (I feel for it). So bottom line, AVOID THIS BOOK. Download NIST 800-53a, 800-171, 800-30, 800-39, etc. from the web. EVERYTHING in this book is available online. No need to pay for it.