SlideShare a Scribd company logo

(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 20140804

James W. De Rienzo
James W. De Rienzo

Map Critical Security Controls (CSC) V5 to NIST SP 800-53 Revision 4 (portrait) 20140804

Technology
1 of 5
Download to read offline
MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls 01: I 06: A 11: L 16: A 02: I 07: W 12: C 17: D 03: S 08: D 13: B 18: I 04: C 09: S 14: M 19: S 05: M 10: S 15: C 20: P 203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9 FAMILY CTRL-ID CTRL-TITLE PRI BASELINE- IMPACT ENHANCE- ID ENHANCEMENT-TITLE Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 FAMILY CTRL-ID (ENH) ACCESS CONTROL 9 ACCESS CONTROL AC-01 ACCESS CONTROL POLICY AND PROCEDURES 23 • AC-01 AC-02 ACCOUNT MANAGEMENT 49 • • • AC-02 AC-03 ACCESS ENFORCEMENT 26 • • • AC-03 AC-04 INFORMATION FLOW ENFORCEMENT 26 • • • • • AC-04 AC-05 SEPARATION OF DUTIES 20 AC-05 AC-06 LEAST PRIVILEGE 55 • • AC-06 AC-07 UNSUCCESSFUL LOGON ATTEMPTS 34 • AC-07 AC-08 SYSTEM USE NOTIFICATION 41 AC-08 AC-09 PREVIOUS LOGON (ACCESS) NOTIFICATION 40 AC-09 AC-10 CONCURRENT SESSION CONTROL 17 AC-10 AC-11 SESSION LOCK 2 • AC-11 AC-12 SESSION TERMINATION 2 • AC-12 AC-13 SUPERVISION AND REVIEW ' ACCESS CONTROL 63 AC-13 AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION 2 AC-14 AC-15 AUTOMATED MARKING 24 AC-15 AC-16 SECURITY ATTRIBUTES 58 AC-16 AC-17 REMOTE ACCESS 67 • • AC-17 AC-18 WIRELESS ACCESS 44 • AC-18 AC-19 ACCESS CONTROL FOR MOBILE DEVICES 57 • • AC-19 AC-20 USE OF EXTERNAL INFORMATION SYSTEMS 33 • AC-20 AC-21 INFORMATION SHARING 41 AC-21 AC-22 PUBLICLY ACCESSIBLE CONTENT 27 AC-22 AC-23 DATA MINING PROTECTION 29 • • AC-23 AC-24 ACCESS CONTROL DECISIONS 36 • AC-24 AC-25 REFERENCE MONITOR AC-25 AUDIT AND ACCOUNTABILITY 9 AUDIT AND ACCOUNTABILITY AU-01 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES 32 AU-01 AU-02 AUDIT EVENTS 22 • AU-02 AU-03 CONTENT OF AUDIT RECORDS 63 • AU-03 AU-04 AUDIT STORAGE CAPACITY 51 • AU-04 AU-05 RESPONSE TO AUDIT PROCESSING FAILURES 24 • AU-05 AU-06 AUDIT REVIEW, ANALYSIS, AND REPORTING 27 • AU-06 AU-07 AUDIT REDUCTION AND REPORT GENERATION 24 • AU-07 AU-08 TIME STAMPS 42 • AU-08 AU-09 PROTECTION OF AUDIT INFORMATION 35 • AU-09 AU-10 NON-REPUDIATION 42 • AU-10 AU-11 AUDIT RECORD RETENTION 2 • AU-11 AU-12 AUDIT GENERATION 62 • AU-12 AU-13 MONITORING FOR INFORMATION DISCLOSURE 2 • AU-13 AU-14 SESSION AUDIT 25 • AU-14 AU-15 ALTERNATE AUDIT CAPABILITY 46 AU-15 AU-16 CROSS-ORGANIZATIONAL AUDITING 21 AU-16 AWARENESS AND TRAINING 42 AWARENESS AND TRAINING AT-01 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES 35 • AT-01 AT-02 SECURITY AWARENESS TRAINING 2 • AT-02 AT-03 ROLE-BASED SECURITY TRAINING 35 • AT-03 AT-04 SECURITY TRAINING RECORDS 37 • AT-04 AT-05 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS AT-05 CONFIGURATION MANAGEMENT 9 CONFIGURATION MANAGEMENT CM-01 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES 25 CM-01 CM-02 BASELINE CONFIGURATION 31 • • • • • • CM-02 CM-03 CONFIGURATION CHANGE CONTROL 2 • • CM-03 CM-04 SECURITY IMPACT ANALYSIS 26 CM-04 CM-05 ACCESS RESTRICTIONS FOR CHANGE 2 • • CM-05 CM-06 CONFIGURATION SETTINGS 24 • • • CM-06 CM-07 LEAST FUNCTIONALITY 44 • CM-07 CM-08 INFORMATION SYSTEM COMPONENT INVENTORY 78 • • • • • CM-08 CM-09 CONFIGURATION MANAGEMENT PLAN 35 • CM-09 CM-10 SOFTWARE USAGE RESTRICTIONS 25 • CM-10 CM-11 USER-INSTALLED SOFTWARE 32 • • CM-11 CONTINGENCY PLANNING 39 CONTINGENCY PLANNING Count CONTROL TABLE PORTRAIT Page 1 of 5
MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls 01: I 06: A 11: L 16: A 02: I 07: W 12: C 17: D 03: S 08: D 13: B 18: I 04: C 09: S 14: M 19: S 05: M 10: S 15: C 20: P 203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9 FAMILY CTRL-ID CTRL-TITLE PRI BASELINE- IMPACT ENHANCE- ID ENHANCEMENT-TITLE Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 FAMILY CTRL-ID (ENH) Count CP-01 CONTINGENCY PLANNING POLICY AND PROCEDURES 37 CP-01 CP-02 CONTINGENCY PLAN 2 CP-02 CP-03 CONTINGENCY TRAINING 29 CP-03 CP-04 CONTINGENCY PLAN TESTING 53 CP-04 CP-05 CONTINGENCY PLAN UPDATE 48 CP-05 CP-06 ALTERNATE STORAGE SITE 32 CP-06 CP-07 ALTERNATE PROCESSING SITE 56 CP-07 CP-08 TELECOMMUNICATIONS SERVICES 25 CP-08 CP-09 INFORMATION SYSTEM BACKUP 2 • CP-09 CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION 38 • CP-10 CP-11 ALTERNATE COMMUNICATIONS PROTOCOLS 2 CP-11 CP-12 SAFE MODE 48 CP-12 CP-13 ALTERNATIVE SECURITY MECHANISMS 27 CP-13 IDENTIFICATION AND AUTHENTICATION 43 IDENTIFICATION AND AUTHENTICATION IA-01 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES 2 IA-01 IA-02 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) 50 • IA-02 IA-03 DEVICE IDENTIFICATION AND AUTHENTICATION 51 • • IA-03 IA-04 IDENTIFIER MANAGEMENT 29 • IA-04 IA-05 AUTHENTICATOR MANAGEMENT 33 • • IA-05 IA-06 AUTHENTICATOR FEEDBACK 2 IA-06 IA-07 CRYPTOGRAPHIC MODULE AUTHENTICATION 62 IA-07 IA-08 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) 34 IA-08 IA-09 SERVICE IDENTIFICATION AND AUTHENTICATION 28 IA-09 IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATION 2 • • IA-10 IA-11 RE-AUTHENTICATION 44 IA-11 INCIDENT RESPONSE 62 INCIDENT RESPONSE IR-01 INCIDENT RESPONSE POLICY AND PROCEDURES 47 • IR-01 IR-02 INCIDENT RESPONSE TRAINING 53 • IR-02 IR-03 INCIDENT RESPONSE TESTING 44 • IR-03 IR-04 INCIDENT HANDLING 45 • IR-04 IR-05 INCIDENT MONITORING 2 • IR-05 IR-06 INCIDENT REPORTING 33 • IR-06 IR-07 INCIDENT RESPONSE ASSISTANCE 6 • IR-07 IR-08 INCIDENT RESPONSE PLAN 9 • IR-08 IR-09 INFORMATION SPILLAGE RESPONSE 31 • IR-09 IR-10 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM 2 • IR-10 MAINTENANCE 31 MAINTENANCE MA-01 SYSTEM MAINTENANCE POLICY AND PROCEDURES 32 MA-01 MA-02 CONTROLLED MAINTENANCE 49 MA-02 MA-03 MAINTENANCE TOOLS 35 MA-03 MA-04 NONLOCAL MAINTENANCE 23 • • MA-04 MA-05 MAINTENANCE PERSONNEL 27 MA-05 MA-06 TIMELY MAINTENANCE 2 MA-06 MEDIA PROTECTION 9 MEDIA PROTECTION MP-01 MEDIA PROTECTION POLICY AND PROCEDURES 27 MP-01 MP-02 MEDIA ACCESS 40 MP-02 MP-03 MEDIA MARKING 21 • MP-03 MP-04 MEDIA STORAGE 27 • MP-04 MP-05 MEDIA TRANSPORT 37 • MP-05 MP-06 MEDIA SANITIZATION 2 MP-06 MP-07 MEDIA USE 30 MP-07 MP-08 MEDIA DOWNGRADING 16 MP-08 PERSONNEL SECURITY 18 PERSONNEL SECURITY PS-01 PERSONNEL SECURITY POLICY AND PROCEDURES 14 PS-01 PS-02 POSITION RISK DESIGNATION 44 PS-02 PS-03 PERSONNEL SCREENING 2 PS-03 PS-04 PERSONNEL TERMINATION 32 PS-04 PS-05 PERSONNEL TRANSFER 25 PS-05 PS-06 ACCESS AGREEMENTS 43 PS-06 PS-07 THIRD-PARTY PERSONNEL SECURITY 2 PS-07 PS-08 PERSONNEL SANCTIONS 41 PS-08 PHYSICAL AND ENVIRONMENTAL PROTECTION 22 PHYSICAL AND ENVIRONMENTAL PROTECTION CONTROL TABLE PORTRAIT Page 2 of 5
MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls 01: I 06: A 11: L 16: A 02: I 07: W 12: C 17: D 03: S 08: D 13: B 18: I 04: C 09: S 14: M 19: S 05: M 10: S 15: C 20: P 203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9 FAMILY CTRL-ID CTRL-TITLE PRI BASELINE- IMPACT ENHANCE- ID ENHANCEMENT-TITLE Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 FAMILY CTRL-ID (ENH) Count PE-01 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES 36 PE-01 PE-02 PHYSICAL ACCESS AUTHORIZATIONS 43 PE-02 PE-03 PHYSICAL ACCESS CONTROL 64 PE-03 PE-04 ACCESS CONTROL FOR TRANSMISSION MEDIUM 40 PE-04 PE-05 ACCESS CONTROL FOR OUTPUT DEVICES 47 PE-05 PE-06 MONITORING PHYSICAL ACCESS 43 PE-06 PE-07 VISITOR CONTROL 2 PE-07 PE-08 VISITOR ACCESS RECORDS 56 PE-08 PE-09 POWER EQUIPMENT AND CABLING 2 PE-09 PE-10 EMERGENCY SHUTOFF 53 PE-10 PE-11 EMERGENCY POWER 32 PE-11 PE-12 EMERGENCY LIGHTING 22 PE-12 PE-13 FIRE PROTECTION 20 PE-13 PE-14 TEMPERATURE AND HUMIDITY CONTROLS 2 PE-14 PE-15 WATER DAMAGE PROTECTION 35 PE-15 PE-16 DELIVERY AND REMOVAL 38 PE-16 PE-17 ALTERNATE WORK SITE 47 PE-17 PE-18 LOCATION OF INFORMATION SYSTEM COMPONENTS 28 PE-18 PE-19 INFORMATION LEAKAGE 25 PE-19 PE-20 ASSET MONITORING AND TRACKING 14 PE-20 PLANNING 2 PLANNING PL-01 SECURITY PLANNING POLICY AND PROCEDURES 24 PL-01 PL-02 SYSTEM SECURITY PLAN 2 PL-02 PL-03 SYSTEM SECURITY PLAN UPDATE 44 PL-03 PL-04 RULES OF BEHAVIOR 25 PL-04 PL-05 PRIVACY IMPACT ASSESSMENT 60 PL-05 PL-06 SECURITY-RELATED ACTIVITY PLANNING 32 PL-06 PL-07 SECURITY CONCEPT OF OPERATIONS 22 PL-07 PL-08 INFORMATION SECURITY ARCHITECTURE 2 PL-08 PL-09 CENTRAL MANAGEMENT 4 PL-09 Program Management 38 Program Management PM-01 INFORMATION SECURITY PROGRAM PLAN 36 PM-01 PM-02 SENIOR INFORMATION SECURITY OFFICER 2 PM-02 PM-03 INFORMATION SECURITY RESOURCES 6 PM-03 PM-04 PLAN OF ACTION AND MILESTONES PROCESS 18 PM-04 PM-05 INFORMATION SYSTEM INVENTORY 4 • • PM-05 PM-06 INFORMATION SECURITY MEASURES OF PERFORMANCE 4 • PM-06 PM-07 ENTERPRISE ARCHITECTURE 4 PM-07 PM-08 CRITICAL INFRASTRUCTURE PLAN 4 PM-08 PM-09 RISK MANAGEMENT STRATEGY 4 PM-09 PM-10 SECURITY AUTHORIZATION PROCESS 4 PM-10 PM-11 MISSION/BUSINESS PROCESS DEFINITION 4 PM-11 PM-12 INSIDER THREAT PROGRAM 4 PM-12 PM-13 INFORMATION SECURITY WORKFORCE 4 • PM-13 PM-14 TESTING, TRAINING, AND MONITORING 4 • • PM-14 PM-15 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS 4 PM-15 PM-16 THREAT AWARENESS PROGRAM 4 • • PM-16 RISK ASSESSMENT 38 RISK ASSESSMENT RA-01 RISK ASSESSMENT POLICY AND PROCEDURES 4 RA-01 RA-02 SECURITY CATEGORIZATION 4 • RA-02 RA-03 RISK ASSESSMENT 4 RA-03 RA-04 RISK ASSESSMENT UPDATE 18 RA-04 RA-05 VULNERABILITY SCANNING 9 • • • RA-05 RA-06 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY 23 • RA-06 SECURITY ASSESSMENT AND AUTHORIZATION 55 SECURITY ASSESSMENT AND AUTHORIZATION CA-01 SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES 59 CA-01 CA-02 SECURITY ASSESSMENTS 2 • • CA-02 CA-03 SYSTEM INTERCONNECTIONS • • • • CA-03 CA-04 SECURITY CERTIFICATION 9 CA-04 CA-05 PLAN OF ACTION AND MILESTONES 4 • CA-05 CA-06 SECURITY AUTHORIZATION 65 • CA-06 CA-07 CONTINUOUS MONITORING 32 • • • • • • • • • • • • • • CA-07 CONTROL TABLE PORTRAIT Page 3 of 5
MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls 01: I 06: A 11: L 16: A 02: I 07: W 12: C 17: D 03: S 08: D 13: B 18: I 04: C 09: S 14: M 19: S 05: M 10: S 15: C 20: P 203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9 FAMILY CTRL-ID CTRL-TITLE PRI BASELINE- IMPACT ENHANCE- ID ENHANCEMENT-TITLE Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 FAMILY CTRL-ID (ENH) Count CA-08 PENETRATION TESTING 40 • CA-08 CA-09 INTERNAL SYSTEM CONNECTIONS 6 • • • • • CA-09 SYSTEM AND COMMUNICATIONS PROTECTION 9 SYSTEM AND COMMUNICATIONS PROTECTION SC-01 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES 28 SC-01 SC-02 APPLICATION PARTITIONING 34 SC-02 SC-03 SECURITY FUNCTION ISOLATION 57 SC-03 SC-04 INFORMATION IN SHARED RESOURCES 34 SC-04 SC-05 DENIAL OF SERVICE PROTECTION 37 SC-05 SC-06 RESOURCE AVAILABILITY 19 SC-06 SC-07 BOUNDARY PROTECTION 32 • SC-07 SC-08 TRANSMISSION CONFIDENTIALITY AND INTEGRITY 28 • • • SC-08 SC-09 TRANSMISSION CONFIDENTIALITY 28 SC-09 SC-10 NETWORK DISCONNECT 25 SC-10 SC-11 TRUSTED PATH 31 SC-11 SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT 61 SC-12 SC-13 CRYPTOGRAPHIC PROTECTION 35 SC-13 SC-14 PUBLIC ACCESS PROTECTIONS 69 SC-14 SC-15 COLLABORATIVE COMPUTING DEVICES 46 • SC-15 SC-16 TRANSMISSION OF SECURITY ATTRIBUTES 31 • SC-16 SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES 25 • • SC-17 SC-18 MOBILE CODE 48 • SC-18 SC-19 VOICE OVER INTERNET PROTOCOL 30 SC-19 SC-20 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) 35 • • SC-20 SC-21 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) 36 • • SC-21 SC-22 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE 2 • • SC-22 SC-23 SESSION AUTHENTICITY 38 • SC-23 SC-24 FAIL IN KNOWN STATE 24 • SC-24 SC-25 THIN NODES 2 SC-25 SC-26 HONEYPOTS 54 SC-26 SC-27 PLATFORM-INDEPENDENT APPLICATIONS 36 SC-27 SC-28 PROTECTION OF INFORMATION AT REST 9 • SC-28 SC-29 HETEROGENEITY 32 SC-29 SC-30 CONCEALMENT AND MISDIRECTION 42 SC-30 SC-31 COVERT CHANNEL ANALYSIS 2 • SC-31 SC-32 INFORMATION SYSTEM PARTITIONING 2 • SC-32 SC-33 TRANSMISSION PREPARATION INTEGRITY 6 SC-33 SC-34 NON-MODIFIABLE EXECUTABLE PROGRAMS 47 • • • SC-34 SC-35 HONEYCLIENTS 39 SC-35 SC-36 DISTRIBUTED PROCESSING AND STORAGE 52 SC-36 SC-37 OUT-OF-BAND CHANNELS 49 • SC-37 SC-38 OPERATIONS SECURITY 59 SC-38 SC-39 PROCESS ISOLATION 50 • • SC-39 SC-40 WIRELESS LINK PROTECTION 40 • SC-40 SC-41 PORT AND I/O DEVICE ACCESS 66 • • SC-41 SC-42 SENSOR CAPABILITY AND DATA 54 SC-42 SC-43 USAGE RESTRICTIONS 23 SC-43 SC-44 DETONATION CHAMBERS 17 • SC-44 SYSTEM AND INFORMATION INTEGRITY 51 SYSTEM AND INFORMATION INTEGRITY SI-01 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES 28 SI-01 SI-02 FLAW REMEDIATION 24 • SI-02 SI-03 MALICIOUS CODE PROTECTION 27 • SI-03 SI-04 INFORMATION SYSTEM MONITORING 2 • • • • • • • • • • • • • • SI-04 SI-05 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES 40 SI-05 SI-06 SECURITY FUNCTION VERIFICATION 10 • SI-06 SI-07 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY 2 • SI-07 SI-08 SPAM PROTECTION 52 • SI-08 SI-09 INFORMATION INPUT RESTRICTIONS 6 SI-09 SI-10 INFORMATION INPUT VALIDATION 4 • SI-10 SI-11 ERROR HANDLING 6 • SI-11 SI-12 INFORMATION HANDLING AND RETENTION 31 SI-12 SI-13 PREDICTABLE FAILURE PREVENTION 25 SI-13 SI-14 NON-PERSISTENCE 25 SI-14 CONTROL TABLE PORTRAIT Page 4 of 5
MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls 01: I 06: A 11: L 16: A 02: I 07: W 12: C 17: D 03: S 08: D 13: B 18: I 04: C 09: S 14: M 19: S 05: M 10: S 15: C 20: P 203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9 FAMILY CTRL-ID CTRL-TITLE PRI BASELINE- IMPACT ENHANCE- ID ENHANCEMENT-TITLE Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 FAMILY CTRL-ID (ENH) Count SI-15 INFORMATION OUTPUT FILTERING 41 • SI-15 SI-16 MEMORY PROTECTION 59 • SI-16 SI-17 FAIL-SAFE PROCEDURES 2 SI-17 SYSTEM AND SERVICES ACQUISITION 31 SYSTEM AND SERVICES ACQUISITION SA-01 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES 57 SA-01 SA-02 ALLOCATION OF RESOURCES 32 SA-02 SA-03 SYSTEM DEVELOPMENT LIFE CYCLE 23 • SA-03 SA-04 ACQUISITION PROCESS 24 • • • SA-04 SA-05 INFORMATION SYSTEM DOCUMENTATION 59 SA-05 SA-06 SOFTWARE USAGE RESTRICTIONS 32 SA-06 SA-07 USER-INSTALLED SOFTWARE 36 SA-07 SA-08 SECURITY ENGINEERING PRINCIPLES 36 • SA-08 SA-09 EXTERNAL INFORMATION SYSTEM SERVICES 2 • SA-09 SA-10 DEVELOPER CONFIGURATION MANAGEMENT 37 • SA-10 SA-11 DEVELOPER SECURITY TESTING AND EVALUATION 37 • • SA-11 SA-12 SUPPLY CHAIN PROTECTION 33 SA-12 SA-13 TRUSTWORTHINESS 45 • SA-13 SA-14 CRITICALITY ANALYSIS 27 SA-14 SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS 31 • SA-15 SA-16 DEVELOPER-PROVIDED TRAINING 33 • • SA-16 SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN 38 • • SA-17 SA-18 TAMPER RESISTANCE AND DETECTION 35 • SA-18 SA-19 COMPONENT AUTHENTICITY 54 SA-19 SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS 33 • SA-20 SA-21 DEVELOPER SCREENING 22 • SA-21 SA-22 UNSUPPORTED SYSTEM COMPONENTS 6 SA-22 CONTROL TABLE PORTRAIT Page 5 of 5

Recommended

Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4
James W. De Rienzo
 
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
James W. De Rienzo
 
NIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database AnalysisNIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database Analysis
James W. De Rienzo
 
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
James W. De Rienzo
 
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
James W. De Rienzo
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
 
Tala Tek NIST_rev4-final
Tala Tek NIST_rev4-finalTala Tek NIST_rev4-final
Tala Tek NIST_rev4-final
Baan
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
Mowaten Masry
 

Recommended

Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4
James W. De Rienzo
 
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
James W. De Rienzo
 
NIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database AnalysisNIST NVD REV 4 Security Controls Online Database Analysis
NIST NVD REV 4 Security Controls Online Database Analysis
James W. De Rienzo
 
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
James W. De Rienzo
 
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
James W. De Rienzo
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
 
Tala Tek NIST_rev4-final
Tala Tek NIST_rev4-finalTala Tek NIST_rev4-final
Tala Tek NIST_rev4-final
Baan
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
Mowaten Masry
 
Edwards Signaling E-FSA64RD Installation Manual
Edwards Signaling E-FSA64RD Installation ManualEdwards Signaling E-FSA64RD Installation Manual
Edwards Signaling E-FSA64RD Installation Manual
JMAC Supply
 
When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?
ISA Interchange
 
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling IndustryFunctional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling Industry
Lloyd's Register Energy
 
SIL in de praktjk (functional Safety)
SIL in de praktjk (functional Safety)SIL in de praktjk (functional Safety)
SIL in de praktjk (functional Safety)
ie-net ingenieursvereniging vzw
 
Scada Security & Penetration Testing
Scada Security & Penetration TestingScada Security & Penetration Testing
Scada Security & Penetration Testing
Ahmed Sherif
 
Sil presentation
Sil presentationSil presentation
Sil presentation
Valeriano Barrilà
 
SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA Presentation
Eric Favetta
 
Risk Presentation (2)
Risk Presentation (2)Risk Presentation (2)
Risk Presentation (2)
Kathy_67
 
55419663 burner-management-system
55419663 burner-management-system55419663 burner-management-system
55419663 burner-management-system
Mowaten Masry
 
DefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_LarsenDefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_Larsen
Marina Krotofil
 
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S..."Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
Marina Krotofil
 
SCADA Security
SCADA SecuritySCADA Security
SCADA Security
amiable_indian
 
71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation
Mowaten Masry
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
Yehia Mamdouh
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanisms
Aleksandr Timorin
 
MKAD_black_V2
MKAD_black_V2MKAD_black_V2
MKAD_black_V2
Marina Krotofil
 
Industrial Sales Presentation
Industrial Sales PresentationIndustrial Sales Presentation
Industrial Sales Presentation
ExpertsLogicTechnolo
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
Filip Maertens
 
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
Emerson Exchange
 
BlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINALBlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINAL
Marina Krotofil
 
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
James W. De Rienzo
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
James W. De Rienzo
 

More Related Content

What's hot

SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA Presentation
Eric Favetta
 
Risk Presentation (2)
Risk Presentation (2)Risk Presentation (2)
Risk Presentation (2)
Kathy_67
 
55419663 burner-management-system
55419663 burner-management-system55419663 burner-management-system
55419663 burner-management-system
Mowaten Masry
 
DefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_LarsenDefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_Larsen
Marina Krotofil
 
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S..."Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
Marina Krotofil
 
71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation
Mowaten Masry
 
BlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINALBlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINAL
Marina Krotofil
 

What's hot (20)

Edwards Signaling E-FSA64RD Installation Manual
Edwards Signaling E-FSA64RD Installation ManualEdwards Signaling E-FSA64RD Installation Manual
Edwards Signaling E-FSA64RD Installation Manual
 
When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?
 
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling IndustryFunctional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling Industry
 
SIL in de praktjk (functional Safety)
SIL in de praktjk (functional Safety)SIL in de praktjk (functional Safety)
SIL in de praktjk (functional Safety)
 
Scada Security & Penetration Testing
Scada Security & Penetration TestingScada Security & Penetration Testing
Scada Security & Penetration Testing
 
Sil presentation
Sil presentationSil presentation
Sil presentation
 
SCADA Presentation
SCADA PresentationSCADA Presentation
SCADA Presentation
 
Risk Presentation (2)
Risk Presentation (2)Risk Presentation (2)
Risk Presentation (2)
 
55419663 burner-management-system
55419663 burner-management-system55419663 burner-management-system
55419663 burner-management-system
 
DefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_LarsenDefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_Larsen
 
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S..."Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
 
SCADA Security
SCADA SecuritySCADA Security
SCADA Security
 
71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanisms
 
MKAD_black_V2
MKAD_black_V2MKAD_black_V2
MKAD_black_V2
 
Industrial Sales Presentation
Industrial Sales PresentationIndustrial Sales Presentation
Industrial Sales Presentation
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
 
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
 
BlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINALBlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINAL
 

Viewers also liked

NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
James W. De Rienzo
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
James W. De Rienzo
 

Viewers also liked (19)

NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
 
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
 
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
 
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwdJob aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
 
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
 
Information Security Fundamentals
Information Security FundamentalsInformation Security Fundamentals
Information Security Fundamentals
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
 
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
 
CNDSP Assessment Template
CNDSP Assessment TemplateCNDSP Assessment Template
CNDSP Assessment Template
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
 
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security ControlsEbook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
 
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual FrameworkInformation Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual Framework
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk Assessment
 

Similar to (1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 20140804

The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
EnergySec
 
2015 IES LESSONS LEARNED PRESENTATION 2015-10-10
2015 IES LESSONS LEARNED PRESENTATION 2015-10-102015 IES LESSONS LEARNED PRESENTATION 2015-10-10
2015 IES LESSONS LEARNED PRESENTATION 2015-10-10
Carl S. Johnson II - ACE
 
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxProject #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
stilliegeorgiana
 

Similar to (1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 20140804 (20)

The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
SOS Training Brochure
SOS Training BrochureSOS Training Brochure
SOS Training Brochure
 
2015 IES LESSONS LEARNED PRESENTATION 2015-10-10
2015 IES LESSONS LEARNED PRESENTATION 2015-10-102015 IES LESSONS LEARNED PRESENTATION 2015-10-10
2015 IES LESSONS LEARNED PRESENTATION 2015-10-10
 
QAdvis - software risk management based on IEC/ISO 62304
QAdvis - software risk management based on IEC/ISO 62304QAdvis - software risk management based on IEC/ISO 62304
QAdvis - software risk management based on IEC/ISO 62304
 
Newea 2014 - Strengthening Treatment Facility Chemical Process Safety
Newea 2014 - Strengthening Treatment Facility Chemical Process SafetyNewea 2014 - Strengthening Treatment Facility Chemical Process Safety
Newea 2014 - Strengthening Treatment Facility Chemical Process Safety
 
An Overview on Pipeline Safety from the Railroad Commission of Texas – A Look...
An Overview on Pipeline Safety from the Railroad Commission of Texas – A Look...An Overview on Pipeline Safety from the Railroad Commission of Texas – A Look...
An Overview on Pipeline Safety from the Railroad Commission of Texas – A Look...
 
Guide to Safety at Sports Grounds - From Pro Life Guards
Guide to Safety at Sports Grounds - From Pro Life GuardsGuide to Safety at Sports Grounds - From Pro Life Guards
Guide to Safety at Sports Grounds - From Pro Life Guards
 
Process Validation Master Planning DMAIC Fusion
Process Validation Master Planning DMAIC FusionProcess Validation Master Planning DMAIC Fusion
Process Validation Master Planning DMAIC Fusion
 
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docxProject #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
 
Safety life cycle seminar IEC61511
Safety life cycle seminar IEC61511Safety life cycle seminar IEC61511
Safety life cycle seminar IEC61511
 
2017-18 PetroSkills Facilities Catalog
2017-18 PetroSkills Facilities Catalog2017-18 PetroSkills Facilities Catalog
2017-18 PetroSkills Facilities Catalog
 
City Facilities Risk Assessment
City Facilities Risk AssessmentCity Facilities Risk Assessment
City Facilities Risk Assessment
 
Lp2007 216
Lp2007 216Lp2007 216
Lp2007 216
 
MOOves
MOOvesMOOves
MOOves
 
2018 PetroSkills Facilities Training Guide
2018 PetroSkills Facilities Training Guide2018 PetroSkills Facilities Training Guide
2018 PetroSkills Facilities Training Guide
 
Eptisa Transportation infrastructures: Structural Health Monitoring
Eptisa Transportation infrastructures: Structural Health MonitoringEptisa Transportation infrastructures: Structural Health Monitoring
Eptisa Transportation infrastructures: Structural Health Monitoring
 
CIP-014-1: Next Steps from an Auditor’s Perspective
CIP-014-1: Next Steps from an Auditor’s PerspectiveCIP-014-1: Next Steps from an Auditor’s Perspective
CIP-014-1: Next Steps from an Auditor’s Perspective
 
PE230516_Flowserve_WC_presentation_FINAL.pdf
PE230516_Flowserve_WC_presentation_FINAL.pdfPE230516_Flowserve_WC_presentation_FINAL.pdf
PE230516_Flowserve_WC_presentation_FINAL.pdf
 
Raytheon University Programs Open Job List- December 2017
Raytheon University Programs Open Job List- December 2017 Raytheon University Programs Open Job List- December 2017
Raytheon University Programs Open Job List- December 2017
 
NCC-IMS-FM-10-01 - QHSE Risk & Oppurtunities Assessment Register Is7.0.docx
NCC-IMS-FM-10-01 - QHSE Risk & Oppurtunities Assessment Register Is7.0.docxNCC-IMS-FM-10-01 - QHSE Risk & Oppurtunities Assessment Register Is7.0.docx
NCC-IMS-FM-10-01 - QHSE Risk & Oppurtunities Assessment Register Is7.0.docx
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 20140804

  • 1. MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls 01: I 06: A 11: L 16: A 02: I 07: W 12: C 17: D 03: S 08: D 13: B 18: I 04: C 09: S 14: M 19: S 05: M 10: S 15: C 20: P 203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9 FAMILY CTRL-ID CTRL-TITLE PRI BASELINE- IMPACT ENHANCE- ID ENHANCEMENT-TITLE Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 FAMILY CTRL-ID (ENH) ACCESS CONTROL 9 ACCESS CONTROL AC-01 ACCESS CONTROL POLICY AND PROCEDURES 23 • AC-01 AC-02 ACCOUNT MANAGEMENT 49 • • • AC-02 AC-03 ACCESS ENFORCEMENT 26 • • • AC-03 AC-04 INFORMATION FLOW ENFORCEMENT 26 • • • • • AC-04 AC-05 SEPARATION OF DUTIES 20 AC-05 AC-06 LEAST PRIVILEGE 55 • • AC-06 AC-07 UNSUCCESSFUL LOGON ATTEMPTS 34 • AC-07 AC-08 SYSTEM USE NOTIFICATION 41 AC-08 AC-09 PREVIOUS LOGON (ACCESS) NOTIFICATION 40 AC-09 AC-10 CONCURRENT SESSION CONTROL 17 AC-10 AC-11 SESSION LOCK 2 • AC-11 AC-12 SESSION TERMINATION 2 • AC-12 AC-13 SUPERVISION AND REVIEW ' ACCESS CONTROL 63 AC-13 AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION 2 AC-14 AC-15 AUTOMATED MARKING 24 AC-15 AC-16 SECURITY ATTRIBUTES 58 AC-16 AC-17 REMOTE ACCESS 67 • • AC-17 AC-18 WIRELESS ACCESS 44 • AC-18 AC-19 ACCESS CONTROL FOR MOBILE DEVICES 57 • • AC-19 AC-20 USE OF EXTERNAL INFORMATION SYSTEMS 33 • AC-20 AC-21 INFORMATION SHARING 41 AC-21 AC-22 PUBLICLY ACCESSIBLE CONTENT 27 AC-22 AC-23 DATA MINING PROTECTION 29 • • AC-23 AC-24 ACCESS CONTROL DECISIONS 36 • AC-24 AC-25 REFERENCE MONITOR AC-25 AUDIT AND ACCOUNTABILITY 9 AUDIT AND ACCOUNTABILITY AU-01 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES 32 AU-01 AU-02 AUDIT EVENTS 22 • AU-02 AU-03 CONTENT OF AUDIT RECORDS 63 • AU-03 AU-04 AUDIT STORAGE CAPACITY 51 • AU-04 AU-05 RESPONSE TO AUDIT PROCESSING FAILURES 24 • AU-05 AU-06 AUDIT REVIEW, ANALYSIS, AND REPORTING 27 • AU-06 AU-07 AUDIT REDUCTION AND REPORT GENERATION 24 • AU-07 AU-08 TIME STAMPS 42 • AU-08 AU-09 PROTECTION OF AUDIT INFORMATION 35 • AU-09 AU-10 NON-REPUDIATION 42 • AU-10 AU-11 AUDIT RECORD RETENTION 2 • AU-11 AU-12 AUDIT GENERATION 62 • AU-12 AU-13 MONITORING FOR INFORMATION DISCLOSURE 2 • AU-13 AU-14 SESSION AUDIT 25 • AU-14 AU-15 ALTERNATE AUDIT CAPABILITY 46 AU-15 AU-16 CROSS-ORGANIZATIONAL AUDITING 21 AU-16 AWARENESS AND TRAINING 42 AWARENESS AND TRAINING AT-01 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES 35 • AT-01 AT-02 SECURITY AWARENESS TRAINING 2 • AT-02 AT-03 ROLE-BASED SECURITY TRAINING 35 • AT-03 AT-04 SECURITY TRAINING RECORDS 37 • AT-04 AT-05 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS AT-05 CONFIGURATION MANAGEMENT 9 CONFIGURATION MANAGEMENT CM-01 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES 25 CM-01 CM-02 BASELINE CONFIGURATION 31 • • • • • • CM-02 CM-03 CONFIGURATION CHANGE CONTROL 2 • • CM-03 CM-04 SECURITY IMPACT ANALYSIS 26 CM-04 CM-05 ACCESS RESTRICTIONS FOR CHANGE 2 • • CM-05 CM-06 CONFIGURATION SETTINGS 24 • • • CM-06 CM-07 LEAST FUNCTIONALITY 44 • CM-07 CM-08 INFORMATION SYSTEM COMPONENT INVENTORY 78 • • • • • CM-08 CM-09 CONFIGURATION MANAGEMENT PLAN 35 • CM-09 CM-10 SOFTWARE USAGE RESTRICTIONS 25 • CM-10 CM-11 USER-INSTALLED SOFTWARE 32 • • CM-11 CONTINGENCY PLANNING 39 CONTINGENCY PLANNING Count CONTROL TABLE PORTRAIT Page 1 of 5
  • 2. MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls 01: I 06: A 11: L 16: A 02: I 07: W 12: C 17: D 03: S 08: D 13: B 18: I 04: C 09: S 14: M 19: S 05: M 10: S 15: C 20: P 203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9 FAMILY CTRL-ID CTRL-TITLE PRI BASELINE- IMPACT ENHANCE- ID ENHANCEMENT-TITLE Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 FAMILY CTRL-ID (ENH) Count CP-01 CONTINGENCY PLANNING POLICY AND PROCEDURES 37 CP-01 CP-02 CONTINGENCY PLAN 2 CP-02 CP-03 CONTINGENCY TRAINING 29 CP-03 CP-04 CONTINGENCY PLAN TESTING 53 CP-04 CP-05 CONTINGENCY PLAN UPDATE 48 CP-05 CP-06 ALTERNATE STORAGE SITE 32 CP-06 CP-07 ALTERNATE PROCESSING SITE 56 CP-07 CP-08 TELECOMMUNICATIONS SERVICES 25 CP-08 CP-09 INFORMATION SYSTEM BACKUP 2 • CP-09 CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION 38 • CP-10 CP-11 ALTERNATE COMMUNICATIONS PROTOCOLS 2 CP-11 CP-12 SAFE MODE 48 CP-12 CP-13 ALTERNATIVE SECURITY MECHANISMS 27 CP-13 IDENTIFICATION AND AUTHENTICATION 43 IDENTIFICATION AND AUTHENTICATION IA-01 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES 2 IA-01 IA-02 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) 50 • IA-02 IA-03 DEVICE IDENTIFICATION AND AUTHENTICATION 51 • • IA-03 IA-04 IDENTIFIER MANAGEMENT 29 • IA-04 IA-05 AUTHENTICATOR MANAGEMENT 33 • • IA-05 IA-06 AUTHENTICATOR FEEDBACK 2 IA-06 IA-07 CRYPTOGRAPHIC MODULE AUTHENTICATION 62 IA-07 IA-08 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) 34 IA-08 IA-09 SERVICE IDENTIFICATION AND AUTHENTICATION 28 IA-09 IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATION 2 • • IA-10 IA-11 RE-AUTHENTICATION 44 IA-11 INCIDENT RESPONSE 62 INCIDENT RESPONSE IR-01 INCIDENT RESPONSE POLICY AND PROCEDURES 47 • IR-01 IR-02 INCIDENT RESPONSE TRAINING 53 • IR-02 IR-03 INCIDENT RESPONSE TESTING 44 • IR-03 IR-04 INCIDENT HANDLING 45 • IR-04 IR-05 INCIDENT MONITORING 2 • IR-05 IR-06 INCIDENT REPORTING 33 • IR-06 IR-07 INCIDENT RESPONSE ASSISTANCE 6 • IR-07 IR-08 INCIDENT RESPONSE PLAN 9 • IR-08 IR-09 INFORMATION SPILLAGE RESPONSE 31 • IR-09 IR-10 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM 2 • IR-10 MAINTENANCE 31 MAINTENANCE MA-01 SYSTEM MAINTENANCE POLICY AND PROCEDURES 32 MA-01 MA-02 CONTROLLED MAINTENANCE 49 MA-02 MA-03 MAINTENANCE TOOLS 35 MA-03 MA-04 NONLOCAL MAINTENANCE 23 • • MA-04 MA-05 MAINTENANCE PERSONNEL 27 MA-05 MA-06 TIMELY MAINTENANCE 2 MA-06 MEDIA PROTECTION 9 MEDIA PROTECTION MP-01 MEDIA PROTECTION POLICY AND PROCEDURES 27 MP-01 MP-02 MEDIA ACCESS 40 MP-02 MP-03 MEDIA MARKING 21 • MP-03 MP-04 MEDIA STORAGE 27 • MP-04 MP-05 MEDIA TRANSPORT 37 • MP-05 MP-06 MEDIA SANITIZATION 2 MP-06 MP-07 MEDIA USE 30 MP-07 MP-08 MEDIA DOWNGRADING 16 MP-08 PERSONNEL SECURITY 18 PERSONNEL SECURITY PS-01 PERSONNEL SECURITY POLICY AND PROCEDURES 14 PS-01 PS-02 POSITION RISK DESIGNATION 44 PS-02 PS-03 PERSONNEL SCREENING 2 PS-03 PS-04 PERSONNEL TERMINATION 32 PS-04 PS-05 PERSONNEL TRANSFER 25 PS-05 PS-06 ACCESS AGREEMENTS 43 PS-06 PS-07 THIRD-PARTY PERSONNEL SECURITY 2 PS-07 PS-08 PERSONNEL SANCTIONS 41 PS-08 PHYSICAL AND ENVIRONMENTAL PROTECTION 22 PHYSICAL AND ENVIRONMENTAL PROTECTION CONTROL TABLE PORTRAIT Page 2 of 5
  • 3. MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls 01: I 06: A 11: L 16: A 02: I 07: W 12: C 17: D 03: S 08: D 13: B 18: I 04: C 09: S 14: M 19: S 05: M 10: S 15: C 20: P 203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9 FAMILY CTRL-ID CTRL-TITLE PRI BASELINE- IMPACT ENHANCE- ID ENHANCEMENT-TITLE Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 FAMILY CTRL-ID (ENH) Count PE-01 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES 36 PE-01 PE-02 PHYSICAL ACCESS AUTHORIZATIONS 43 PE-02 PE-03 PHYSICAL ACCESS CONTROL 64 PE-03 PE-04 ACCESS CONTROL FOR TRANSMISSION MEDIUM 40 PE-04 PE-05 ACCESS CONTROL FOR OUTPUT DEVICES 47 PE-05 PE-06 MONITORING PHYSICAL ACCESS 43 PE-06 PE-07 VISITOR CONTROL 2 PE-07 PE-08 VISITOR ACCESS RECORDS 56 PE-08 PE-09 POWER EQUIPMENT AND CABLING 2 PE-09 PE-10 EMERGENCY SHUTOFF 53 PE-10 PE-11 EMERGENCY POWER 32 PE-11 PE-12 EMERGENCY LIGHTING 22 PE-12 PE-13 FIRE PROTECTION 20 PE-13 PE-14 TEMPERATURE AND HUMIDITY CONTROLS 2 PE-14 PE-15 WATER DAMAGE PROTECTION 35 PE-15 PE-16 DELIVERY AND REMOVAL 38 PE-16 PE-17 ALTERNATE WORK SITE 47 PE-17 PE-18 LOCATION OF INFORMATION SYSTEM COMPONENTS 28 PE-18 PE-19 INFORMATION LEAKAGE 25 PE-19 PE-20 ASSET MONITORING AND TRACKING 14 PE-20 PLANNING 2 PLANNING PL-01 SECURITY PLANNING POLICY AND PROCEDURES 24 PL-01 PL-02 SYSTEM SECURITY PLAN 2 PL-02 PL-03 SYSTEM SECURITY PLAN UPDATE 44 PL-03 PL-04 RULES OF BEHAVIOR 25 PL-04 PL-05 PRIVACY IMPACT ASSESSMENT 60 PL-05 PL-06 SECURITY-RELATED ACTIVITY PLANNING 32 PL-06 PL-07 SECURITY CONCEPT OF OPERATIONS 22 PL-07 PL-08 INFORMATION SECURITY ARCHITECTURE 2 PL-08 PL-09 CENTRAL MANAGEMENT 4 PL-09 Program Management 38 Program Management PM-01 INFORMATION SECURITY PROGRAM PLAN 36 PM-01 PM-02 SENIOR INFORMATION SECURITY OFFICER 2 PM-02 PM-03 INFORMATION SECURITY RESOURCES 6 PM-03 PM-04 PLAN OF ACTION AND MILESTONES PROCESS 18 PM-04 PM-05 INFORMATION SYSTEM INVENTORY 4 • • PM-05 PM-06 INFORMATION SECURITY MEASURES OF PERFORMANCE 4 • PM-06 PM-07 ENTERPRISE ARCHITECTURE 4 PM-07 PM-08 CRITICAL INFRASTRUCTURE PLAN 4 PM-08 PM-09 RISK MANAGEMENT STRATEGY 4 PM-09 PM-10 SECURITY AUTHORIZATION PROCESS 4 PM-10 PM-11 MISSION/BUSINESS PROCESS DEFINITION 4 PM-11 PM-12 INSIDER THREAT PROGRAM 4 PM-12 PM-13 INFORMATION SECURITY WORKFORCE 4 • PM-13 PM-14 TESTING, TRAINING, AND MONITORING 4 • • PM-14 PM-15 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS 4 PM-15 PM-16 THREAT AWARENESS PROGRAM 4 • • PM-16 RISK ASSESSMENT 38 RISK ASSESSMENT RA-01 RISK ASSESSMENT POLICY AND PROCEDURES 4 RA-01 RA-02 SECURITY CATEGORIZATION 4 • RA-02 RA-03 RISK ASSESSMENT 4 RA-03 RA-04 RISK ASSESSMENT UPDATE 18 RA-04 RA-05 VULNERABILITY SCANNING 9 • • • RA-05 RA-06 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY 23 • RA-06 SECURITY ASSESSMENT AND AUTHORIZATION 55 SECURITY ASSESSMENT AND AUTHORIZATION CA-01 SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES 59 CA-01 CA-02 SECURITY ASSESSMENTS 2 • • CA-02 CA-03 SYSTEM INTERCONNECTIONS • • • • CA-03 CA-04 SECURITY CERTIFICATION 9 CA-04 CA-05 PLAN OF ACTION AND MILESTONES 4 • CA-05 CA-06 SECURITY AUTHORIZATION 65 • CA-06 CA-07 CONTINUOUS MONITORING 32 • • • • • • • • • • • • • • CA-07 CONTROL TABLE PORTRAIT Page 3 of 5
  • 4. MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls 01: I 06: A 11: L 16: A 02: I 07: W 12: C 17: D 03: S 08: D 13: B 18: I 04: C 09: S 14: M 19: S 05: M 10: S 15: C 20: P 203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9 FAMILY CTRL-ID CTRL-TITLE PRI BASELINE- IMPACT ENHANCE- ID ENHANCEMENT-TITLE Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 FAMILY CTRL-ID (ENH) Count CA-08 PENETRATION TESTING 40 • CA-08 CA-09 INTERNAL SYSTEM CONNECTIONS 6 • • • • • CA-09 SYSTEM AND COMMUNICATIONS PROTECTION 9 SYSTEM AND COMMUNICATIONS PROTECTION SC-01 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES 28 SC-01 SC-02 APPLICATION PARTITIONING 34 SC-02 SC-03 SECURITY FUNCTION ISOLATION 57 SC-03 SC-04 INFORMATION IN SHARED RESOURCES 34 SC-04 SC-05 DENIAL OF SERVICE PROTECTION 37 SC-05 SC-06 RESOURCE AVAILABILITY 19 SC-06 SC-07 BOUNDARY PROTECTION 32 • SC-07 SC-08 TRANSMISSION CONFIDENTIALITY AND INTEGRITY 28 • • • SC-08 SC-09 TRANSMISSION CONFIDENTIALITY 28 SC-09 SC-10 NETWORK DISCONNECT 25 SC-10 SC-11 TRUSTED PATH 31 SC-11 SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT 61 SC-12 SC-13 CRYPTOGRAPHIC PROTECTION 35 SC-13 SC-14 PUBLIC ACCESS PROTECTIONS 69 SC-14 SC-15 COLLABORATIVE COMPUTING DEVICES 46 • SC-15 SC-16 TRANSMISSION OF SECURITY ATTRIBUTES 31 • SC-16 SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES 25 • • SC-17 SC-18 MOBILE CODE 48 • SC-18 SC-19 VOICE OVER INTERNET PROTOCOL 30 SC-19 SC-20 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) 35 • • SC-20 SC-21 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) 36 • • SC-21 SC-22 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE 2 • • SC-22 SC-23 SESSION AUTHENTICITY 38 • SC-23 SC-24 FAIL IN KNOWN STATE 24 • SC-24 SC-25 THIN NODES 2 SC-25 SC-26 HONEYPOTS 54 SC-26 SC-27 PLATFORM-INDEPENDENT APPLICATIONS 36 SC-27 SC-28 PROTECTION OF INFORMATION AT REST 9 • SC-28 SC-29 HETEROGENEITY 32 SC-29 SC-30 CONCEALMENT AND MISDIRECTION 42 SC-30 SC-31 COVERT CHANNEL ANALYSIS 2 • SC-31 SC-32 INFORMATION SYSTEM PARTITIONING 2 • SC-32 SC-33 TRANSMISSION PREPARATION INTEGRITY 6 SC-33 SC-34 NON-MODIFIABLE EXECUTABLE PROGRAMS 47 • • • SC-34 SC-35 HONEYCLIENTS 39 SC-35 SC-36 DISTRIBUTED PROCESSING AND STORAGE 52 SC-36 SC-37 OUT-OF-BAND CHANNELS 49 • SC-37 SC-38 OPERATIONS SECURITY 59 SC-38 SC-39 PROCESS ISOLATION 50 • • SC-39 SC-40 WIRELESS LINK PROTECTION 40 • SC-40 SC-41 PORT AND I/O DEVICE ACCESS 66 • • SC-41 SC-42 SENSOR CAPABILITY AND DATA 54 SC-42 SC-43 USAGE RESTRICTIONS 23 SC-43 SC-44 DETONATION CHAMBERS 17 • SC-44 SYSTEM AND INFORMATION INTEGRITY 51 SYSTEM AND INFORMATION INTEGRITY SI-01 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES 28 SI-01 SI-02 FLAW REMEDIATION 24 • SI-02 SI-03 MALICIOUS CODE PROTECTION 27 • SI-03 SI-04 INFORMATION SYSTEM MONITORING 2 • • • • • • • • • • • • • • SI-04 SI-05 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES 40 SI-05 SI-06 SECURITY FUNCTION VERIFICATION 10 • SI-06 SI-07 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY 2 • SI-07 SI-08 SPAM PROTECTION 52 • SI-08 SI-09 INFORMATION INPUT RESTRICTIONS 6 SI-09 SI-10 INFORMATION INPUT VALIDATION 4 • SI-10 SI-11 ERROR HANDLING 6 • SI-11 SI-12 INFORMATION HANDLING AND RETENTION 31 SI-12 SI-13 PREDICTABLE FAILURE PREVENTION 25 SI-13 SI-14 NON-PERSISTENCE 25 SI-14 CONTROL TABLE PORTRAIT Page 4 of 5
  • 5. MAP CSC 5.0 to NIST SP 800‐53 Revision 4 Security Controls 01: I 06: A 11: L 16: A 02: I 07: W 12: C 17: D 03: S 08: D 13: B 18: I 04: C 09: S 14: M 19: S 05: M 10: S 15: C 20: P 203 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9 FAMILY CTRL-ID CTRL-TITLE PRI BASELINE- IMPACT ENHANCE- ID ENHANCEMENT-TITLE Len 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 FAMILY CTRL-ID (ENH) Count SI-15 INFORMATION OUTPUT FILTERING 41 • SI-15 SI-16 MEMORY PROTECTION 59 • SI-16 SI-17 FAIL-SAFE PROCEDURES 2 SI-17 SYSTEM AND SERVICES ACQUISITION 31 SYSTEM AND SERVICES ACQUISITION SA-01 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES 57 SA-01 SA-02 ALLOCATION OF RESOURCES 32 SA-02 SA-03 SYSTEM DEVELOPMENT LIFE CYCLE 23 • SA-03 SA-04 ACQUISITION PROCESS 24 • • • SA-04 SA-05 INFORMATION SYSTEM DOCUMENTATION 59 SA-05 SA-06 SOFTWARE USAGE RESTRICTIONS 32 SA-06 SA-07 USER-INSTALLED SOFTWARE 36 SA-07 SA-08 SECURITY ENGINEERING PRINCIPLES 36 • SA-08 SA-09 EXTERNAL INFORMATION SYSTEM SERVICES 2 • SA-09 SA-10 DEVELOPER CONFIGURATION MANAGEMENT 37 • SA-10 SA-11 DEVELOPER SECURITY TESTING AND EVALUATION 37 • • SA-11 SA-12 SUPPLY CHAIN PROTECTION 33 SA-12 SA-13 TRUSTWORTHINESS 45 • SA-13 SA-14 CRITICALITY ANALYSIS 27 SA-14 SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS 31 • SA-15 SA-16 DEVELOPER-PROVIDED TRAINING 33 • • SA-16 SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN 38 • • SA-17 SA-18 TAMPER RESISTANCE AND DETECTION 35 • SA-18 SA-19 COMPONENT AUTHENTICITY 54 SA-19 SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS 33 • SA-20 SA-21 DEVELOPER SCREENING 22 • SA-21 SA-22 UNSUPPORTED SYSTEM COMPONENTS 6 SA-22 CONTROL TABLE PORTRAIT Page 5 of 5