Background: Let us imagine that you are a Cyber Security consultant working for a major international consulting company. Your specialization is information technology and cyber security policy.
Your company has been engaged by the state of Maine within the United States to provide feedback on an access control policy which they recently published. They have chosen to follow the NIST 800-53 model, but are unsure if the policy they have written addresses the control framework and is also written in a way that makes the policy usable.
Referring to the State of Maine Access Control policy, https://www.maine.gov/oit/sites/maine.gov.oit/files/inline-files/AccessControlPolicy.pdf (Links to an external site.), leverage the framework which we developed in class as well as the NIST 800-53 framework (https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/controls?version=5.1&family=AC (Links to an external site.)), and perform an analysis of this policy.