This week the National Institute of Standards and Technology
published
a new supporting document for the Cybersecurity Framework on the CSF web page. This is a Excel
spread sheet mapping CSF Subcategories to NIST SP 800-171, Revision 1, Protecting
Controlled Unclassified Information in Nonfederal Systems and Organizations.
A disclaimer in spread sheet notes that:
“NIST SP 800-171 focuses on
protecting the confidentiality of Controlled Unclassified Information (CUI) in
nonfederal systems and organizations, and recommends specific security
requirements to achieve that objective. The requirements recommended for use in
SP 800-171 are derived from FIPS Publication 200 and the moderate security
control baseline in NIST Special Publication 800-53 and are based on the CUI
regulation (32 CFR Part 2002, Controlled Unclassified Information). The
tailoring criteria applied to the FIPS Publication 200 security requirements
and the NIST Special Publication 800-53 security controls is not an endorsement
for the elimination of those requirements and controls—rather, the tailoring
criteria focuses on the protection of CUI from unauthorized disclosure in
nonfederal systems and organizations.”
This is another effort by NIST to expand the usefulness of
the CSF.
NOTE: The disclaimer cell in the spread sheet is overly
large, making it difficult to see the mapping cells. To be able to see a
reasonable number of mapping lines, reduce the height of line 2 of the spread
sheet or even hide it.
Posts
No comments:
Post a Comment