Saturday, December 2, 2017

NIST Mapping Framework Core to NIST SP 800-171

This week the National Institute of Standards and Technology published a new supporting document for the Cybersecurity Framework on the CSF web page. This is a Excel spread sheet mapping CSF Subcategories to NIST SP 800-171, Revision 1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.

A disclaimer in spread sheet notes that:

“NIST SP 800-171 focuses on protecting the confidentiality of Controlled Unclassified Information (CUI) in nonfederal systems and organizations, and recommends specific security requirements to achieve that objective. The requirements recommended for use in SP 800-171 are derived from FIPS Publication 200 and the moderate security control baseline in NIST Special Publication 800-53 and are based on the CUI regulation (32 CFR Part 2002, Controlled Unclassified Information). The tailoring criteria applied to the FIPS Publication 200 security requirements and the NIST Special Publication 800-53 security controls is not an endorsement for the elimination of those requirements and controls—rather, the tailoring criteria focuses on the protection of CUI from unauthorized disclosure in nonfederal systems and organizations.”

This is another effort by NIST to expand the usefulness of the CSF.

NOTE: The disclaimer cell in the spread sheet is overly large, making it difficult to see the mapping cells. To be able to see a reasonable number of mapping lines, reduce the height of line 2 of the spread sheet or even hide it.

No comments:

/* Use this with templates/template-twocol.html */