Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summary Table) 20140809
Upcoming SlideShare
Loading in...5
×
 

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summary Table) 20140809

on

  • 152 views

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 Summary Table

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 Summary Table

Statistics

Views

Total Views
152
Views on SlideShare
149
Embed Views
3

Actions

Likes
0
Downloads
4
Comments
0

2 Embeds 3

https://www.linkedin.com 2
https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summary Table) 20140809 Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summary Table) 20140809 Document Transcript

  • Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4 REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4 1 1 CM - 0 8 INFORMATION SYSTEM COMPONENT INVENTORY 2 1 I A - 0 3 DEVICE IDENTIFICATION AND AUTHENTICATION 3 1 PM - 0 5 INFORMATION SYSTEM INVENTORY 4 1 CA - 0 7 CONTINUOUS MONITORING 5 1 S I - 0 4 INFORMATION SYSTEM MONITORING 6 1 SA - 0 4 ACQUISITION PROCESS 7 1 SA - 1 7 DEVELOPER SECURITY ARCHITECTURE AND DESIGN 8 2 CM - 0 2 BASELINE CONFIGURATION 9 2 CM - 0 8 INFORMATION SYSTEM COMPONENT INVENTORY 10 2 CM - 1 0 SOFTWARE USAGE RESTRICTIONS 11 2 CM - 1 1 USER-INSTALLED SOFTWARE 12 2 PM - 0 5 INFORMATION SYSTEM INVENTORY 13 2 CA - 0 7 CONTINUOUS MONITORING 14 2 SC - 1 8 MOBILE CODE 15 2 SC - 3 4 NON-MODIFIABLE EXECUTABLE PROGRAMS 16 2 S I - 0 4 INFORMATION SYSTEM MONITORING 17 2 SA - 0 4 ACQUISITION PROCESS 18 3 CM - 0 2 BASELINE CONFIGURATION 19 3 CM - 0 3 CONFIGURATION CHANGE CONTROL 20 3 CM - 0 5 ACCESS RESTRICTIONS FOR CHANGE 21 3 CM - 0 6 CONFIGURATION SETTINGS 22 3 CM - 0 7 LEAST FUNCTIONALITY 23 3 CM - 0 8 INFORMATION SYSTEM COMPONENT INVENTORY 24 3 CM - 0 9 CONFIGURATION MANAGEMENT PLAN 25 3 CM - 1 1 USER-INSTALLED SOFTWARE 26 3 MA - 0 4 NONLOCAL MAINTENANCE 27 3 RA - 0 5 VULNERABILITY SCANNING 28 3 CA - 0 7 CONTINUOUS MONITORING 29 3 SC - 1 5 COLLABORATIVE COMPUTING DEVICES 30 3 SC - 3 4 NON-MODIFIABLE EXECUTABLE PROGRAMS 31 3 S I - 0 2 FLAW REMEDIATION 32 3 S I - 0 4 INFORMATION SYSTEM MONITORING 33 3 SA - 0 4 ACQUISITION PROCESS 34 4 RA - 0 5 VULNERABILITY SCANNING 35 4 CA - 0 2 SECURITY ASSESSMENTS 36 4 CA - 0 7 CONTINUOUS MONITORING 37 4 SC - 3 4 NON-MODIFIABLE EXECUTABLE PROGRAMS 38 4 S I - 0 4 INFORMATION SYSTEM MONITORING 39 4 S I - 0 7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY The Council on Cybersecurity Page 1 of 6 The Council on CyberSecurity
  • Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4 REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4 40 5 CA - 0 7 CONTINUOUS MONITORING 41 5 SC - 3 9 PROCESS ISOLATION 42 5 SC - 4 4 DETONATION CHAMBERS 43 5 S I - 0 3 MALICIOUS CODE PROTECTION 44 5 S I - 0 4 INFORMATION SYSTEM MONITORING 45 5 S I - 0 8 SPAM PROTECTION 46 6 RA - 0 5 VULNERABILITY SCANNING 47 6 SC - 3 9 PROCESS ISOLATION 48 6 S I - 1 0 INFORMATION INPUT VALIDATION 49 6 S I - 1 1 ERROR HANDLING 50 6 S I - 1 5 INFORMATION OUTPUT FILTERING 51 6 S I - 1 6 MEMORY PROTECTION 52 6 SA - 0 3 SYSTEM DEVELOPMENT LIFE CYCLE 53 6 SA - 1 0 DEVELOPER CONFIGURATION MANAGEMENT 54 6 SA - 1 1 DEVELOPER SECURITY TESTING AND EVALUATION 55 6 SA - 1 3 TRUSTWORTHINESS 56 6 SA - 1 5 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS 57 6 SA - 1 6 DEVELOPER-PROVIDED TRAINING 58 6 SA - 1 7 DEVELOPER SECURITY ARCHITECTURE AND DESIGN 59 6 SA - 2 0 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS 60 6 SA - 2 1 DEVELOPER SCREENING 61 7 AC - 1 8 WIRELESS ACCESS 62 7 AC - 1 9 ACCESS CONTROL FOR MOBILE DEVICES 63 7 CM - 0 2 BASELINE CONFIGURATION 64 7 I A - 0 3 DEVICE IDENTIFICATION AND AUTHENTICATION 65 7 CA - 0 3 SYSTEM INTERCONNECTIONS 66 7 CA - 0 7 CONTINUOUS MONITORING 67 7 SC - 0 8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY 68 7 SC - 1 7 PUBLIC KEY INFRASTRUCTURE CERTIFICATES 69 7 SC - 4 0 WIRELESS LINK PROTECTION 70 7 S I - 0 4 INFORMATION SYSTEM MONITORING 71 8 CP - 0 9 INFORMATION SYSTEM BACKUP 72 8 CP - 1 0 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION 73 8 MP - 0 4 MEDIA STORAGE The Council on Cybersecurity Page 2 of 6 The Council on CyberSecurity
  • Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4 REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4 74 9 AT - 0 1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES 75 9 AT - 0 2 SECURITY AWARENESS TRAINING 76 9 AT - 0 3 ROLE-BASED SECURITY TRAINING 77 9 AT - 0 4 SECURITY TRAINING RECORDS 78 9 PM - 1 3 INFORMATION SECURITY WORKFORCE 79 9 PM - 1 4 TESTING, TRAINING, AND MONITORING 80 9 PM - 1 6 THREAT AWARENESS PROGRAM 81 9 SA - 1 1 DEVELOPER SECURITY TESTING AND EVALUATION 82 9 SA - 1 6 DEVELOPER-PROVIDED TRAINING 83 10 AC - 0 4 INFORMATION FLOW ENFORCEMENT 84 10 CM - 0 2 BASELINE CONFIGURATION 85 10 CM - 0 3 CONFIGURATION CHANGE CONTROL 86 10 CM - 0 5 ACCESS RESTRICTIONS FOR CHANGE 87 10 CM - 0 6 CONFIGURATION SETTINGS 88 10 CM - 0 8 INFORMATION SYSTEM COMPONENT INVENTORY 89 10 MA - 0 4 NONLOCAL MAINTENANCE 90 10 CA - 0 3 SYSTEM INTERCONNECTIONS 91 10 CA - 0 7 CONTINUOUS MONITORING 92 10 CA - 0 9 INTERNAL SYSTEM CONNECTIONS 93 10 SC - 2 4 FAIL IN KNOWN STATE 94 10 S I - 0 4 INFORMATION SYSTEM MONITORING 95 11 AC - 0 4 INFORMATION FLOW ENFORCEMENT 96 11 CM - 0 2 BASELINE CONFIGURATION 97 11 CM - 0 6 CONFIGURATION SETTINGS 98 11 CM - 0 8 INFORMATION SYSTEM COMPONENT INVENTORY 99 11 CA - 0 7 CONTINUOUS MONITORING 100 11 CA - 0 9 INTERNAL SYSTEM CONNECTIONS 101 11 SC - 2 0 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) 102 11 SC - 2 1 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) 103 11 SC - 2 2 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE 104 11 SC - 4 1 PORT AND I/O DEVICE ACCESS 105 11 S I - 0 4 INFORMATION SYSTEM MONITORING The Council on Cybersecurity Page 3 of 6 The Council on CyberSecurity
  • Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4 REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4 106 12 AC - 0 2 ACCOUNT MANAGEMENT 107 12 AC - 0 6 LEAST PRIVILEGE 108 12 AC - 1 7 REMOTE ACCESS 109 12 AC - 1 9 ACCESS CONTROL FOR MOBILE DEVICES 110 12 I A - 0 2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) 111 12 I A - 0 4 IDENTIFIER MANAGEMENT 112 12 I A - 0 5 AUTHENTICATOR MANAGEMENT 113 12 CA - 0 7 CONTINUOUS MONITORING 114 12 S I - 0 4 INFORMATION SYSTEM MONITORING 115 13 AC - 0 4 INFORMATION FLOW ENFORCEMENT 116 13 AC - 1 7 REMOTE ACCESS 117 13 AC - 2 0 USE OF EXTERNAL INFORMATION SYSTEMS 118 13 CM - 0 2 BASELINE CONFIGURATION 119 13 CA - 0 3 SYSTEM INTERCONNECTIONS 120 13 CA - 0 7 CONTINUOUS MONITORING 121 13 CA - 0 9 INTERNAL SYSTEM CONNECTIONS 122 13 SC - 0 7 BOUNDARY PROTECTION 123 13 SC - 0 8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY 124 13 S I - 0 4 INFORMATION SYSTEM MONITORING 125 13 SA - 0 9 EXTERNAL INFORMATION SYSTEM SERVICES 126 14 AC - 2 3 DATA MINING PROTECTION 127 14 AU - 0 2 AUDIT EVENTS 128 14 AU - 0 3 CONTENT OF AUDIT RECORDS 129 14 AU - 0 4 AUDIT STORAGE CAPACITY 130 14 AU - 0 5 RESPONSE TO AUDIT PROCESSING FAILURES 131 14 AU - 0 6 AUDIT REVIEW, ANALYSIS, AND REPORTING 132 14 AU - 0 7 AUDIT REDUCTION AND REPORT GENERATION 133 14 AU - 0 8 TIME STAMPS 134 14 AU - 0 9 PROTECTION OF AUDIT INFORMATION 135 14 AU - 1 0 NON-REPUDIATION 136 14 AU - 1 1 AUDIT RECORD RETENTION 137 14 AU - 1 2 AUDIT GENERATION 138 14 AU - 1 3 MONITORING FOR INFORMATION DISCLOSURE 139 14 AU - 1 4 SESSION AUDIT 140 14 I A - 1 0 ADAPTIVE IDENTIFICATION AND AUTHENTICATION 141 14 CA - 0 7 CONTINUOUS MONITORING 142 14 S I - 0 4 INFORMATION SYSTEM MONITORING The Council on Cybersecurity Page 4 of 6 The Council on CyberSecurity
  • Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4 REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4 143 15 AC - 0 1 ACCESS CONTROL POLICY AND PROCEDURES 144 15 AC - 0 2 ACCOUNT MANAGEMENT 145 15 AC - 0 3 ACCESS ENFORCEMENT 146 15 AC - 0 6 LEAST PRIVILEGE 147 15 AC - 2 4 ACCESS CONTROL DECISIONS 148 15 MP - 0 3 MEDIA MARKING 149 15 RA - 0 2 SECURITY CATEGORIZATION 150 15 CA - 0 7 CONTINUOUS MONITORING 151 15 SC - 1 6 TRANSMISSION OF SECURITY ATTRIBUTES 152 15 S I - 0 4 INFORMATION SYSTEM MONITORING 153 16 AC - 0 2 ACCOUNT MANAGEMENT 154 16 AC - 0 3 ACCESS ENFORCEMENT 155 16 AC - 0 7 UNSUCCESSFUL LOGON ATTEMPTS 156 16 AC - 1 1 SESSION LOCK 157 16 AC - 1 2 SESSION TERMINATION 158 16 I A - 0 5 AUTHENTICATOR MANAGEMENT 159 16 I A - 1 0 ADAPTIVE IDENTIFICATION AND AUTHENTICATION 160 16 CA - 0 7 CONTINUOUS MONITORING 161 16 SC - 1 7 PUBLIC KEY INFRASTRUCTURE CERTIFICATES 162 16 SC - 2 3 SESSION AUTHENTICITY 163 16 S I - 0 4 INFORMATION SYSTEM MONITORING 164 17 AC - 0 3 ACCESS ENFORCEMENT 165 17 AC - 0 4 INFORMATION FLOW ENFORCEMENT 166 17 AC - 2 3 DATA MINING PROTECTION 167 17 I R - 0 9 INFORMATION SPILLAGE RESPONSE 168 17 MP - 0 5 MEDIA TRANSPORT 169 17 CA - 0 7 CONTINUOUS MONITORING 170 17 CA - 0 9 INTERNAL SYSTEM CONNECTIONS 171 17 SC - 0 8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY 172 17 SC - 2 8 PROTECTION OF INFORMATION AT REST 173 17 SC - 3 1 COVERT CHANNEL ANALYSIS 174 17 SC - 4 1 PORT AND I/O DEVICE ACCESS 175 17 S I - 0 4 INFORMATION SYSTEM MONITORING 176 17 SA - 1 8 TAMPER RESISTANCE AND DETECTION The Council on Cybersecurity Page 5 of 6 The Council on CyberSecurity
  • Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4 REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4 177 18 I R - 0 1 INCIDENT RESPONSE POLICY AND PROCEDURES 178 18 I R - 0 2 INCIDENT RESPONSE TRAINING 179 18 I R - 0 3 INCIDENT RESPONSE TESTING 180 18 I R - 0 4 INCIDENT HANDLING 181 18 I R - 0 5 INCIDENT MONITORING 182 18 I R - 0 6 INCIDENT REPORTING 183 18 I R - 0 7 INCIDENT RESPONSE ASSISTANCE 184 18 I R - 0 8 INCIDENT RESPONSE PLAN 185 18 I R - 1 0 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM 186 19 AC - 0 4 INFORMATION FLOW ENFORCEMENT 187 19 CA - 0 3 SYSTEM INTERCONNECTIONS 188 19 CA - 0 9 INTERNAL SYSTEM CONNECTIONS 189 19 SC - 2 0 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) 190 19 SC - 2 1 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) 191 19 SC - 2 2 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE 192 19 SC - 3 2 INFORMATION SYSTEM PARTITIONING 193 19 SC - 3 7 OUT-OF-BAND CHANNELS 194 19 SA - 0 8 SECURITY ENGINEERING PRINCIPLES 195 20 PM - 0 6 INFORMATION SECURITY MEASURES OF PERFORMANCE 196 20 PM - 1 4 TESTING, TRAINING, AND MONITORING 197 20 PM - 1 6 THREAT AWARENESS PROGRAM 198 20 RA - 0 6 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY 199 20 CA - 0 2 SECURITY ASSESSMENTS 200 20 CA - 0 5 PLAN OF ACTION AND MILESTONES 201 20 CA - 0 6 SECURITY AUTHORIZATION 202 20 CA - 0 8 PENETRATION TESTING 203 20 S I - 0 6 SECURITY FUNCTION VERIFICATION The Council on Cybersecurity Page 6 of 6 The Council on CyberSecurity