CAP

Official (ISC)² Guide to the CAP CBK, Second Edition by Patrick Howard.
Publisher: Auerbach Publications. (2012)

NIST SP 800-37 Rev 2, Risk Management Framework for Information
Systems and Organizations: A System Life Cycle Approach for Security and
Privacy. Joint Task Force. December 2018

NIST 800-53 Rev 4, Security and Privacy Controls for Federal Information
Systems and Organizations. Joint Task Force Transformation Initiative. April
2013

NIST SP 800-30 Rev 1, Guide for Conducting Risk Assessments. Joint Task
Force Transformation Initiative. September 2012

NIST SP 800-39, Managing Information Security Risk: Organization, Mission,
and Information System View. Joint Task Force Transformation Initiative.
March 2011

NIST FIPS-199, Federal Information Processing Standards Publication
Standards for Security Categorization of Federal Information and Information
Systems. Computer Security Division. February 2004

NIST SP 800-60 Vol 1, Rev 1, Guide for Mapping Types of Information and
Information Systems to Security Categories by Kevin Stine, Rich Kissel,
William C. Barker, Jim Fahlsing and Jessica Gulick. August 2008

NIST SP 800-137, Information Security Continuous Monitoring (ISCM) for
Federal Information Systems and Organizations by Kelley Dempsey, Nirali
Shah, Chawla Arnold, Johnson Ronald Johnston, Alicia Clay Jones, Angela
Orebaugh, Matthew Scholl, and Kevin Stine. September 2011

NIST SP 800-18 Rev 1, Guide for Developing Security Plans for Federal
Information Systems by Marianne Swanson, Joan Hash, Pauline
Bowen. February 2006

NIST SP 800-70 Rev 4, National Checklist Program for IT Products:
Guidelines for Checklist Users and Developers by Stephen Quinn, Murugiah
Souppaya, Melanie Cook, and Karen Scarfone. February 2018

NIST SP 800-115, Technical Guide to Information Security Testing and
Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, and
Angela Orebaugh. September 2008
FIPS 200, SP 800-59 and CNSSI-1253