Security and Privacy Controls for Federal Information Systems and Organizations is a wellknown NIST publication consisting of a catalog of security and
privacy controls used to assist US federal government agencies in meeting the requirements of FISMA and serves as a best practice framework for other, nonfederal entities.
NIST controls are organized into 18 different control families, and as the new CCISO you will need to explain at least 9 of these to the CEO and CTO on their meaning, and
examples of their implementation in a 12–15page slide presentation in MS PowerPoint. On the last technical slide, a summary of the NIST Risk Management Framework