NIST Risk and Vulnerability Management

Lots of activity at work around NIST Cybersecurity Framework and related NIST publications.  Working an Incident Response Plan to 800-61, Configuration Management Policy, Security Awareness and Employee Training Policy, and paving the way for Risk Management and Vulnerabilty Management policies all mapped back to NIST.  Still need asset/inventory list so we can complete the long-term goal of a holistic vulnerability and risk management framework.