NIST COnfiguration

Hi All,

Does anyone have an example of items for each of these 14 areas?

http://gcn.com/articles/2014/11/21/cui-nonfederal-systems.aspx

Thanks
Jack_son_Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
SP800-171 is actually (to me) a reuse of the SP800-53 mostly, and mapping the reference will be relevant for the checks and use case. Also the 20 SANS Critical control which mostly maps to the priority code 1 security controls in SP800-53 is another useful guidance to leads to potential provider too and it also helps in showing high level the entities involved that should be working together to meet the business goal defined in each SAN control explanation section. Likewise the mapping is also applicable for ISO 27001, that can also be mapped to SP800-53 and vice versa. But I shall not drill into its details here but rather stating the below for references.

a) SP800-53A rev1 (it has corresponding control criteria and in the downloaded "checklist" stated review of evidence that aids as possible base controls and additional ones ) - http://csrc.nist.gov/groups/SMA/fisma/assessment-cases.html

b-1) Mapping of 20 SANS Critical control  (SP800-53 rev 3, Appendix D) - See Appendix A in
http://www.csg.ethz.ch/education/lectures/ManSec/HS2013/new_doc_2

b-2) Mapping of ISO 27001 to to SP800-53 rev 4 - See Appendix H
http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800_53_r4_appendix-h_draft_ipd.pdf
Main document SP800-53 (note latest is rev 4) -

c) 20 SANS Critical control (directory of possible technology provider) - https://www.sans.org/critical-security-controls/vendor-solutions/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.