?
Solved

NIST COnfiguration

Posted on 2014-12-06
1
Medium Priority
?
168 Views
Last Modified: 2014-12-09
Hi All,

Does anyone have an example of items for each of these 14 areas?

http://gcn.com/articles/2014/11/21/cui-nonfederal-systems.aspx

Thanks
0
Comment
Question by:Jack_son_
1 Comment
 
LVL 66

Accepted Solution

by:
btan earned 2000 total points
ID: 40485211
SP800-171 is actually (to me) a reuse of the SP800-53 mostly, and mapping the reference will be relevant for the checks and use case. Also the 20 SANS Critical control which mostly maps to the priority code 1 security controls in SP800-53 is another useful guidance to leads to potential provider too and it also helps in showing high level the entities involved that should be working together to meet the business goal defined in each SAN control explanation section. Likewise the mapping is also applicable for ISO 27001, that can also be mapped to SP800-53 and vice versa. But I shall not drill into its details here but rather stating the below for references.

a) SP800-53A rev1 (it has corresponding control criteria and in the downloaded "checklist" stated review of evidence that aids as possible base controls and additional ones ) - http://csrc.nist.gov/groups/SMA/fisma/assessment-cases.html

b-1) Mapping of 20 SANS Critical control  (SP800-53 rev 3, Appendix D) - See Appendix A in
http://www.csg.ethz.ch/education/lectures/ManSec/HS2013/new_doc_2

b-2) Mapping of ISO 27001 to to SP800-53 rev 4 - See Appendix H
http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800_53_r4_appendix-h_draft_ipd.pdf
Main document SP800-53 (note latest is rev 4) -

c) 20 SANS Critical control (directory of possible technology provider) - https://www.sans.org/critical-security-controls/vendor-solutions/
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ITIL has an elaborate incident management framework. This article serves as a starter for those who'd like to know more or need to suss out the baseline elements in a typical incident response execution plan on the "need to have" and the "good to ha…
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Get the source code for a fully functional Access application shell with several popular security features that Access VBA application developers desire, but find difficult or impossible to figure out how to code. You get the source code for managi…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question