As the third-party Information Technology (IT) security vendor, you are working with a new startup company that builds websites for other businesses. Another vendor has already set up a stack of servers and switches to get the company started. Virtual machines are currently running on the server stack, running Active Directory and Federation services so that the company developers can start working on their proprietary web applications.
Name
Control Function
Management at the company has requested your assistance in deciding which controls to implement to secure their systems. They do not want to install any more hardware within their network. They have contacted multiple vendors and want you to categorize them according to the National Institute of Standards and Technology (NIST) schema.
Additionally, they would like you to provide recommendations for proper control using specific scenarios in your report. The current negotiation involves multiple vendors:
• VMWare SRM (with automated disaster recovery software)
• Ready BCPS (with their disaster recovery planning software)
• OptUtils (with their IP scanner and management software)
• Tenable Nessus (With their Vulnerability Scanner)
Angry IP (with their IP and port scanner)
CyberTrainers (with a cyber awareness training package)
• pfSense (with their open-source cloud firewall)
• Fortigate (With their Next Generation Fire Wall)
• Checkpoint (with their threat prevention appliance)
• Patch My PC (with an enterprise license, enabling automated third-party patch management)


control type options are managerial, operational, and technical

options for last 2 are compensation, directive, detective, preventative, and responsive

As the thirdparty Information Technology IT security vendor you are working with a new startup company that builds websites for other businesses Another vendor class=