NIST COnfiguration

Hi All,

Does anyone have an example of items for each of these 14 areas?

http://gcn.com/articles/2014/11/21/cui-nonfederal-systems.aspx

Thanks
Jack_son_Asked:
Who is Participating?
 
btanExec ConsultantCommented:
SP800-171 is actually (to me) a reuse of the SP800-53 mostly, and mapping the reference will be relevant for the checks and use case. Also the 20 SANS Critical control which mostly maps to the priority code 1 security controls in SP800-53 is another useful guidance to leads to potential provider too and it also helps in showing high level the entities involved that should be working together to meet the business goal defined in each SAN control explanation section. Likewise the mapping is also applicable for ISO 27001, that can also be mapped to SP800-53 and vice versa. But I shall not drill into its details here but rather stating the below for references.

a) SP800-53A rev1 (it has corresponding control criteria and in the downloaded "checklist" stated review of evidence that aids as possible base controls and additional ones ) - http://csrc.nist.gov/groups/SMA/fisma/assessment-cases.html

b-1) Mapping of 20 SANS Critical control  (SP800-53 rev 3, Appendix D) - See Appendix A in
http://www.csg.ethz.ch/education/lectures/ManSec/HS2013/new_doc_2

b-2) Mapping of ISO 27001 to to SP800-53 rev 4 - See Appendix H
http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800_53_r4_appendix-h_draft_ipd.pdf
Main document SP800-53 (note latest is rev 4) -

c) 20 SANS Critical control (directory of possible technology provider) - https://www.sans.org/critical-security-controls/vendor-solutions/
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.