Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summary Table) 20140809

1,429 views

Published on

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 Summary Table

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,429
On SlideShare
0
From Embeds
0
Number of Embeds
13
Actions
Shares
0
Downloads
78
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summary Table) 20140809

  1. 1. Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4 REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4 1 1 CM - 0 8 INFORMATION SYSTEM COMPONENT INVENTORY 2 1 I A - 0 3 DEVICE IDENTIFICATION AND AUTHENTICATION 3 1 PM - 0 5 INFORMATION SYSTEM INVENTORY 4 1 CA - 0 7 CONTINUOUS MONITORING 5 1 S I - 0 4 INFORMATION SYSTEM MONITORING 6 1 SA - 0 4 ACQUISITION PROCESS 7 1 SA - 1 7 DEVELOPER SECURITY ARCHITECTURE AND DESIGN 8 2 CM - 0 2 BASELINE CONFIGURATION 9 2 CM - 0 8 INFORMATION SYSTEM COMPONENT INVENTORY 10 2 CM - 1 0 SOFTWARE USAGE RESTRICTIONS 11 2 CM - 1 1 USER-INSTALLED SOFTWARE 12 2 PM - 0 5 INFORMATION SYSTEM INVENTORY 13 2 CA - 0 7 CONTINUOUS MONITORING 14 2 SC - 1 8 MOBILE CODE 15 2 SC - 3 4 NON-MODIFIABLE EXECUTABLE PROGRAMS 16 2 S I - 0 4 INFORMATION SYSTEM MONITORING 17 2 SA - 0 4 ACQUISITION PROCESS 18 3 CM - 0 2 BASELINE CONFIGURATION 19 3 CM - 0 3 CONFIGURATION CHANGE CONTROL 20 3 CM - 0 5 ACCESS RESTRICTIONS FOR CHANGE 21 3 CM - 0 6 CONFIGURATION SETTINGS 22 3 CM - 0 7 LEAST FUNCTIONALITY 23 3 CM - 0 8 INFORMATION SYSTEM COMPONENT INVENTORY 24 3 CM - 0 9 CONFIGURATION MANAGEMENT PLAN 25 3 CM - 1 1 USER-INSTALLED SOFTWARE 26 3 MA - 0 4 NONLOCAL MAINTENANCE 27 3 RA - 0 5 VULNERABILITY SCANNING 28 3 CA - 0 7 CONTINUOUS MONITORING 29 3 SC - 1 5 COLLABORATIVE COMPUTING DEVICES 30 3 SC - 3 4 NON-MODIFIABLE EXECUTABLE PROGRAMS 31 3 S I - 0 2 FLAW REMEDIATION 32 3 S I - 0 4 INFORMATION SYSTEM MONITORING 33 3 SA - 0 4 ACQUISITION PROCESS 34 4 RA - 0 5 VULNERABILITY SCANNING 35 4 CA - 0 2 SECURITY ASSESSMENTS 36 4 CA - 0 7 CONTINUOUS MONITORING 37 4 SC - 3 4 NON-MODIFIABLE EXECUTABLE PROGRAMS 38 4 S I - 0 4 INFORMATION SYSTEM MONITORING 39 4 S I - 0 7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY The Council on Cybersecurity Page 1 of 6 The Council on CyberSecurity
  2. 2. Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4 REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4 40 5 CA - 0 7 CONTINUOUS MONITORING 41 5 SC - 3 9 PROCESS ISOLATION 42 5 SC - 4 4 DETONATION CHAMBERS 43 5 S I - 0 3 MALICIOUS CODE PROTECTION 44 5 S I - 0 4 INFORMATION SYSTEM MONITORING 45 5 S I - 0 8 SPAM PROTECTION 46 6 RA - 0 5 VULNERABILITY SCANNING 47 6 SC - 3 9 PROCESS ISOLATION 48 6 S I - 1 0 INFORMATION INPUT VALIDATION 49 6 S I - 1 1 ERROR HANDLING 50 6 S I - 1 5 INFORMATION OUTPUT FILTERING 51 6 S I - 1 6 MEMORY PROTECTION 52 6 SA - 0 3 SYSTEM DEVELOPMENT LIFE CYCLE 53 6 SA - 1 0 DEVELOPER CONFIGURATION MANAGEMENT 54 6 SA - 1 1 DEVELOPER SECURITY TESTING AND EVALUATION 55 6 SA - 1 3 TRUSTWORTHINESS 56 6 SA - 1 5 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS 57 6 SA - 1 6 DEVELOPER-PROVIDED TRAINING 58 6 SA - 1 7 DEVELOPER SECURITY ARCHITECTURE AND DESIGN 59 6 SA - 2 0 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS 60 6 SA - 2 1 DEVELOPER SCREENING 61 7 AC - 1 8 WIRELESS ACCESS 62 7 AC - 1 9 ACCESS CONTROL FOR MOBILE DEVICES 63 7 CM - 0 2 BASELINE CONFIGURATION 64 7 I A - 0 3 DEVICE IDENTIFICATION AND AUTHENTICATION 65 7 CA - 0 3 SYSTEM INTERCONNECTIONS 66 7 CA - 0 7 CONTINUOUS MONITORING 67 7 SC - 0 8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY 68 7 SC - 1 7 PUBLIC KEY INFRASTRUCTURE CERTIFICATES 69 7 SC - 4 0 WIRELESS LINK PROTECTION 70 7 S I - 0 4 INFORMATION SYSTEM MONITORING 71 8 CP - 0 9 INFORMATION SYSTEM BACKUP 72 8 CP - 1 0 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION 73 8 MP - 0 4 MEDIA STORAGE The Council on Cybersecurity Page 2 of 6 The Council on CyberSecurity
  3. 3. Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4 REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4 74 9 AT - 0 1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES 75 9 AT - 0 2 SECURITY AWARENESS TRAINING 76 9 AT - 0 3 ROLE-BASED SECURITY TRAINING 77 9 AT - 0 4 SECURITY TRAINING RECORDS 78 9 PM - 1 3 INFORMATION SECURITY WORKFORCE 79 9 PM - 1 4 TESTING, TRAINING, AND MONITORING 80 9 PM - 1 6 THREAT AWARENESS PROGRAM 81 9 SA - 1 1 DEVELOPER SECURITY TESTING AND EVALUATION 82 9 SA - 1 6 DEVELOPER-PROVIDED TRAINING 83 10 AC - 0 4 INFORMATION FLOW ENFORCEMENT 84 10 CM - 0 2 BASELINE CONFIGURATION 85 10 CM - 0 3 CONFIGURATION CHANGE CONTROL 86 10 CM - 0 5 ACCESS RESTRICTIONS FOR CHANGE 87 10 CM - 0 6 CONFIGURATION SETTINGS 88 10 CM - 0 8 INFORMATION SYSTEM COMPONENT INVENTORY 89 10 MA - 0 4 NONLOCAL MAINTENANCE 90 10 CA - 0 3 SYSTEM INTERCONNECTIONS 91 10 CA - 0 7 CONTINUOUS MONITORING 92 10 CA - 0 9 INTERNAL SYSTEM CONNECTIONS 93 10 SC - 2 4 FAIL IN KNOWN STATE 94 10 S I - 0 4 INFORMATION SYSTEM MONITORING 95 11 AC - 0 4 INFORMATION FLOW ENFORCEMENT 96 11 CM - 0 2 BASELINE CONFIGURATION 97 11 CM - 0 6 CONFIGURATION SETTINGS 98 11 CM - 0 8 INFORMATION SYSTEM COMPONENT INVENTORY 99 11 CA - 0 7 CONTINUOUS MONITORING 100 11 CA - 0 9 INTERNAL SYSTEM CONNECTIONS 101 11 SC - 2 0 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) 102 11 SC - 2 1 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) 103 11 SC - 2 2 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE 104 11 SC - 4 1 PORT AND I/O DEVICE ACCESS 105 11 S I - 0 4 INFORMATION SYSTEM MONITORING The Council on Cybersecurity Page 3 of 6 The Council on CyberSecurity
  4. 4. Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4 REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4 106 12 AC - 0 2 ACCOUNT MANAGEMENT 107 12 AC - 0 6 LEAST PRIVILEGE 108 12 AC - 1 7 REMOTE ACCESS 109 12 AC - 1 9 ACCESS CONTROL FOR MOBILE DEVICES 110 12 I A - 0 2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) 111 12 I A - 0 4 IDENTIFIER MANAGEMENT 112 12 I A - 0 5 AUTHENTICATOR MANAGEMENT 113 12 CA - 0 7 CONTINUOUS MONITORING 114 12 S I - 0 4 INFORMATION SYSTEM MONITORING 115 13 AC - 0 4 INFORMATION FLOW ENFORCEMENT 116 13 AC - 1 7 REMOTE ACCESS 117 13 AC - 2 0 USE OF EXTERNAL INFORMATION SYSTEMS 118 13 CM - 0 2 BASELINE CONFIGURATION 119 13 CA - 0 3 SYSTEM INTERCONNECTIONS 120 13 CA - 0 7 CONTINUOUS MONITORING 121 13 CA - 0 9 INTERNAL SYSTEM CONNECTIONS 122 13 SC - 0 7 BOUNDARY PROTECTION 123 13 SC - 0 8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY 124 13 S I - 0 4 INFORMATION SYSTEM MONITORING 125 13 SA - 0 9 EXTERNAL INFORMATION SYSTEM SERVICES 126 14 AC - 2 3 DATA MINING PROTECTION 127 14 AU - 0 2 AUDIT EVENTS 128 14 AU - 0 3 CONTENT OF AUDIT RECORDS 129 14 AU - 0 4 AUDIT STORAGE CAPACITY 130 14 AU - 0 5 RESPONSE TO AUDIT PROCESSING FAILURES 131 14 AU - 0 6 AUDIT REVIEW, ANALYSIS, AND REPORTING 132 14 AU - 0 7 AUDIT REDUCTION AND REPORT GENERATION 133 14 AU - 0 8 TIME STAMPS 134 14 AU - 0 9 PROTECTION OF AUDIT INFORMATION 135 14 AU - 1 0 NON-REPUDIATION 136 14 AU - 1 1 AUDIT RECORD RETENTION 137 14 AU - 1 2 AUDIT GENERATION 138 14 AU - 1 3 MONITORING FOR INFORMATION DISCLOSURE 139 14 AU - 1 4 SESSION AUDIT 140 14 I A - 1 0 ADAPTIVE IDENTIFICATION AND AUTHENTICATION 141 14 CA - 0 7 CONTINUOUS MONITORING 142 14 S I - 0 4 INFORMATION SYSTEM MONITORING The Council on Cybersecurity Page 4 of 6 The Council on CyberSecurity
  5. 5. Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4 REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4 143 15 AC - 0 1 ACCESS CONTROL POLICY AND PROCEDURES 144 15 AC - 0 2 ACCOUNT MANAGEMENT 145 15 AC - 0 3 ACCESS ENFORCEMENT 146 15 AC - 0 6 LEAST PRIVILEGE 147 15 AC - 2 4 ACCESS CONTROL DECISIONS 148 15 MP - 0 3 MEDIA MARKING 149 15 RA - 0 2 SECURITY CATEGORIZATION 150 15 CA - 0 7 CONTINUOUS MONITORING 151 15 SC - 1 6 TRANSMISSION OF SECURITY ATTRIBUTES 152 15 S I - 0 4 INFORMATION SYSTEM MONITORING 153 16 AC - 0 2 ACCOUNT MANAGEMENT 154 16 AC - 0 3 ACCESS ENFORCEMENT 155 16 AC - 0 7 UNSUCCESSFUL LOGON ATTEMPTS 156 16 AC - 1 1 SESSION LOCK 157 16 AC - 1 2 SESSION TERMINATION 158 16 I A - 0 5 AUTHENTICATOR MANAGEMENT 159 16 I A - 1 0 ADAPTIVE IDENTIFICATION AND AUTHENTICATION 160 16 CA - 0 7 CONTINUOUS MONITORING 161 16 SC - 1 7 PUBLIC KEY INFRASTRUCTURE CERTIFICATES 162 16 SC - 2 3 SESSION AUTHENTICITY 163 16 S I - 0 4 INFORMATION SYSTEM MONITORING 164 17 AC - 0 3 ACCESS ENFORCEMENT 165 17 AC - 0 4 INFORMATION FLOW ENFORCEMENT 166 17 AC - 2 3 DATA MINING PROTECTION 167 17 I R - 0 9 INFORMATION SPILLAGE RESPONSE 168 17 MP - 0 5 MEDIA TRANSPORT 169 17 CA - 0 7 CONTINUOUS MONITORING 170 17 CA - 0 9 INTERNAL SYSTEM CONNECTIONS 171 17 SC - 0 8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY 172 17 SC - 2 8 PROTECTION OF INFORMATION AT REST 173 17 SC - 3 1 COVERT CHANNEL ANALYSIS 174 17 SC - 4 1 PORT AND I/O DEVICE ACCESS 175 17 S I - 0 4 INFORMATION SYSTEM MONITORING 176 17 SA - 1 8 TAMPER RESISTANCE AND DETECTION The Council on Cybersecurity Page 5 of 6 The Council on CyberSecurity
  6. 6. Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4 REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4 177 18 I R - 0 1 INCIDENT RESPONSE POLICY AND PROCEDURES 178 18 I R - 0 2 INCIDENT RESPONSE TRAINING 179 18 I R - 0 3 INCIDENT RESPONSE TESTING 180 18 I R - 0 4 INCIDENT HANDLING 181 18 I R - 0 5 INCIDENT MONITORING 182 18 I R - 0 6 INCIDENT REPORTING 183 18 I R - 0 7 INCIDENT RESPONSE ASSISTANCE 184 18 I R - 0 8 INCIDENT RESPONSE PLAN 185 18 I R - 1 0 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM 186 19 AC - 0 4 INFORMATION FLOW ENFORCEMENT 187 19 CA - 0 3 SYSTEM INTERCONNECTIONS 188 19 CA - 0 9 INTERNAL SYSTEM CONNECTIONS 189 19 SC - 2 0 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) 190 19 SC - 2 1 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) 191 19 SC - 2 2 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE 192 19 SC - 3 2 INFORMATION SYSTEM PARTITIONING 193 19 SC - 3 7 OUT-OF-BAND CHANNELS 194 19 SA - 0 8 SECURITY ENGINEERING PRINCIPLES 195 20 PM - 0 6 INFORMATION SECURITY MEASURES OF PERFORMANCE 196 20 PM - 1 4 TESTING, TRAINING, AND MONITORING 197 20 PM - 1 6 THREAT AWARENESS PROGRAM 198 20 RA - 0 6 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY 199 20 CA - 0 2 SECURITY ASSESSMENTS 200 20 CA - 0 5 PLAN OF ACTION AND MILESTONES 201 20 CA - 0 6 SECURITY AUTHORIZATION 202 20 CA - 0 8 PENETRATION TESTING 203 20 S I - 0 6 SECURITY FUNCTION VERIFICATION The Council on Cybersecurity Page 6 of 6 The Council on CyberSecurity

×