All Episodes
Displaying 81 - 100 of 147 in total
Episode 81 — Personnel Security — Part Three: Evidence, sanctions, and pitfalls
Evidence for personnel security validates that screening, agreements, and access management are conducted according to policy. For exam purposes, candidates should rec...
Episode 82 — Personally Identifiable Information Processing and Transparency — Part One: Purpose, scope, and responsibilities
Personally identifiable information, or PII, requires special protection because it links data to individuals, creating privacy and reputational risks if mishandled. U...
Episode 83 — Personally Identifiable Information Processing and Transparency — Part Two: Processing, minimization, and consent patterns
Processing personally identifiable information responsibly means handling data only for legitimate, documented purposes. For exam readiness, candidates should know tha...
Episode 84 — Personally Identifiable Information Processing and Transparency — Part Three: Evidence, notices, and pitfalls
Evidence for PII processing controls demonstrates that privacy obligations are implemented and verifiable. For the exam, candidates should know that strong evidence in...
Episode 85 — Spotlight: Account Management (AC-2)
Account Management, designated as control AC dash two in NIST 800-53, governs the creation, use, modification, and termination of system accounts. For exam readiness, ...
Episode 86 — Spotlight: Access Enforcement (AC-3)
Access Enforcement (AC-3) defines how authorized permissions are technically applied once accounts are approved. For exam purposes, this control ensures that access de...
Episode 87 — Spotlight: Separation of Duties (AC-5)
Separation of Duties (AC-5) prevents fraud, error, and unauthorized activity by dividing critical functions among different individuals or roles. On the exam, candidat...
Episode 88 — Spotlight: Least Privilege (AC-6)
Least Privilege (AC-6) enforces that users and processes operate with the minimum access necessary to perform assigned duties. For exam preparation, candidates must kn...
Episode 89 — Spotlight: Identification and Authentication (Organizational Users) (IA-2)
Identification and Authentication (IA-2) establishes the foundation of trust by ensuring that only verified users gain access to organizational systems. For exam purpo...
Episode 90 — Spotlight: Authenticator Management (IA-5)
Authenticator Management (IA-5) ensures that credentials—passwords, tokens, keys, or certificates—are created, stored, distributed, and revoked securely. For the exam,...
Episode 91 — Spotlight: Non-Organizational User Authentication (IA-8)
Non-Organizational User Authentication (IA-8) ensures that external users—such as partners, contractors, and customers—are verified before accessing organizational sys...
Episode 92 — Spotlight: Identifier Management (IA-4)
Identifier Management (IA-4) establishes rules for creating, assigning, and maintaining unique identifiers for all users, devices, and processes that interact with org...
Episode 93 — Spotlight: Event Logging (AU-2)
Event Logging (AU-2) defines which system activities must be recorded to support accountability, detection, and analysis. For exam readiness, candidates should know th...
Episode 94 — Spotlight: Audit Record Review, Analysis, and Reporting (AU-6)
Audit Record Review, Analysis, and Reporting (AU-6) focuses on how organizations interpret and act upon the logs collected under AU-2. For exam purposes, candidates mu...
Episode 95 — Spotlight: Protection of Audit Information (AU-9)
Protection of Audit Information (AU-9) ensures that collected logs and audit data remain complete, accurate, and tamper-resistant. For exam readiness, candidates shoul...
Episode 96 — Spotlight: Audit Record Retention (AU-11)
Audit Record Retention (AU-11) specifies how long organizations must keep audit logs and related records so they remain available for investigations, compliance review...
Episode 97 — Spotlight: Baseline Configuration (CM-2)
Baseline Configuration (CM-2) establishes the approved, secure starting point for systems and components, defining the specific settings, versions, and controls that m...
Episode 98 — Spotlight: Configuration Change Control (CM-3)
Configuration Change Control (CM-3) governs how proposed modifications to systems and baselines are evaluated, approved, implemented, and recorded. For exam readiness,...
Episode 100 — Spotlight: Least Functionality (CM-7)
Least Functionality (CM-7) requires systems to provide only the capabilities essential to mission needs, removing or disabling unnecessary services, features, roles, a...
Episode 101 — Spotlight: Incident Handling (IR-4)
Incident Handling (IR-4) defines how organizations detect, analyze, contain, eradicate, and recover from security incidents in a structured and repeatable manner. For ...