Yes. Below are the rest of the specifics:
1. Read NIST Special Publication 800-53A Rev 1, June 2012, Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans.
2. Review the sample System Security Plan template provided by your instructor.
3. Select one management, one technical, and one operational control that applies to your selected organization (i.e., Risk Assessment - RA).
4. Describe each control. Include why these controls (and family controls) are required.
5. For each management, technical, and operational control, select three to five family controls (Vulnerability Scanning – RA-5).
6. Describe each family control, state the implementation status as it relates to your selected organization's security program, and describe how your selected organization implements the control.
7. Write your sample cyber security profile. At a minimum, the profile should include:
a. An introduction that includes the purpose of your paper and introduces security profiles as they relate to your selected organization
b. An analysis section that includes items 3, 4, 5, and 6 above
c. A conclusion that summarizes what you wrote