Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

NIST COnfiguration

Posted on 2014-12-06
1
Medium Priority
?
166 Views
Last Modified: 2014-12-09
Hi All,

Does anyone have an example of items for each of these 14 areas?

http://gcn.com/articles/2014/11/21/cui-nonfederal-systems.aspx

Thanks
0
Comment
Question by:Jack_son_
1 Comment
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 40485211
SP800-171 is actually (to me) a reuse of the SP800-53 mostly, and mapping the reference will be relevant for the checks and use case. Also the 20 SANS Critical control which mostly maps to the priority code 1 security controls in SP800-53 is another useful guidance to leads to potential provider too and it also helps in showing high level the entities involved that should be working together to meet the business goal defined in each SAN control explanation section. Likewise the mapping is also applicable for ISO 27001, that can also be mapped to SP800-53 and vice versa. But I shall not drill into its details here but rather stating the below for references.

a) SP800-53A rev1 (it has corresponding control criteria and in the downloaded "checklist" stated review of evidence that aids as possible base controls and additional ones ) - http://csrc.nist.gov/groups/SMA/fisma/assessment-cases.html

b-1) Mapping of 20 SANS Critical control  (SP800-53 rev 3, Appendix D) - See Appendix A in
http://www.csg.ethz.ch/education/lectures/ManSec/HS2013/new_doc_2

b-2) Mapping of ISO 27001 to to SP800-53 rev 4 - See Appendix H
http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800_53_r4_appendix-h_draft_ipd.pdf
Main document SP800-53 (note latest is rev 4) -

c) 20 SANS Critical control (directory of possible technology provider) - https://www.sans.org/critical-security-controls/vendor-solutions/
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question