Jeanette Jordan — GRC Portfolio
Federal Cybersecurity Leader | NIST RMF | Microsoft 365 & Azure Security Compliance
Welcome to my Governance, Risk, and Compliance (GRC) portfolio.
This collection demonstrates policy authorship, documentation, and control implementation aligned to FedRAMP Moderate, NIST SP 800‑53 Rev. 5, and DoD cybersecurity standards.
🆕 Latest Additions (October 2025)
- 🛡️ Incident Response Plan (IR‑4, IR‑6, IR‑8) — Added structured lifecycle and 1‑hour reporting template.
- 📈 Continuous Monitoring Policy (CA‑7, RA‑5) — Introduced POA&M workflow and metrics dashboard examples.
- 🗂️ Data Classification Policy — Added matrix with CUI, PII, and internal data handling standards.
- 🧱 Vulnerability Management SOP (RA‑5, SI‑2) — Integrated ACAS/Defender workflow and validation checklists.
- 🤖 AI Governance Policies — Introduced NIST AI RMF‑aligned Use Policy, Model Governance SOP, and AI Risk Register.
📊 Risk Register
A structured register detailing risk ID, likelihood, impact, and mitigation aligned with NIST SP 800‑30.
➡️ View Risk Register
🧩 Vendor Security Questionnaire
Supplier security due diligence form aligned with NIST SP 800‑53 SR controls and FedRAMP SA‑9.
➡️ View Questionnaire
🧱 Security Policies (FedRAMP Moderate)
Includes Password, Access Management, and Acceptable Use policies demonstrating compliance with IA‑5, AC‑2, and PL‑4 control families.
➡️ View Security Policies
🛡️ Incident Response
Comprehensive plan defining detection, containment, eradication, and recovery phases per NIST SP 800‑61r2.
➡️ View Incident Response Plan
📈 Continuous Monitoring
Defines monitoring cadence, POA&M maintenance, and reporting metrics consistent with NIST SP 800‑137 and FedRAMP Continuous Monitoring Strategy.
➡️ View Continuous Monitoring Policy
🗂️ Data Classification
Data labeling and handling matrix for CUI, PII, and internal data based on NIST SP 800‑171 and DoDI 5200.48.
➡️ View Data Classification Policy
🧱 Vulnerability Management
Seven‑step SOP for scanning, patching, validation, and POA&M updates aligned with NIST SP 800‑40r4.
➡️ View Vulnerability Management SOP
🤖 AI Compliance
AI Use Policy, Model Governance SOP, and AI Risk Register mapped to NIST AI RMF v1.0, ISO/IEC 42001, and EO 14110.
➡️ View AI Compliance Documentation
👤 About Jeanette Jordan
Information Systems Security Professional, APJ Enterprise LLC
Expertise: Microsoft 365 / Entra ID Security, FedRAMP & DoD Compliance, IAM, and AI Governance.
📧 JeanetteD_Jordan@outlook.com
🔗 GitHub | LinkedIn
This portfolio demonstrates practical GRC authorship, control mapping, and emerging AI compliance readiness for federal environments.