Solved

NIST COnfiguration

Posted on 2014-12-06
1
142 Views
Last Modified: 2014-12-09
Hi All,

Does anyone have an example of items for each of these 14 areas?

http://gcn.com/articles/2014/11/21/cui-nonfederal-systems.aspx

Thanks
0
Comment
Question by:Jack_son_
1 Comment
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40485211
SP800-171 is actually (to me) a reuse of the SP800-53 mostly, and mapping the reference will be relevant for the checks and use case. Also the 20 SANS Critical control which mostly maps to the priority code 1 security controls in SP800-53 is another useful guidance to leads to potential provider too and it also helps in showing high level the entities involved that should be working together to meet the business goal defined in each SAN control explanation section. Likewise the mapping is also applicable for ISO 27001, that can also be mapped to SP800-53 and vice versa. But I shall not drill into its details here but rather stating the below for references.

a) SP800-53A rev1 (it has corresponding control criteria and in the downloaded "checklist" stated review of evidence that aids as possible base controls and additional ones ) - http://csrc.nist.gov/groups/SMA/fisma/assessment-cases.html

b-1) Mapping of 20 SANS Critical control  (SP800-53 rev 3, Appendix D) - See Appendix A in
http://www.csg.ethz.ch/education/lectures/ManSec/HS2013/new_doc_2

b-2) Mapping of ISO 27001 to to SP800-53 rev 4 - See Appendix H
http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800_53_r4_appendix-h_draft_ipd.pdf
Main document SP800-53 (note latest is rev 4) -

c) 20 SANS Critical control (directory of possible technology provider) - https://www.sans.org/critical-security-controls/vendor-solutions/
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The 21st century solution to antiquated pagers.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question