Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summary Table) 20140809

Map the Council on CyberSecurity's Critical Security Controls (CSC) v5.0 to NIST SP 800‐53 Revision 4
REC# CSC# CTRL-ID NIST SP 800-53 REVISION 4
1 1 CM - 0 8 INFORMATION SYSTEM COMPONENT INVENTORY
2 1 I A - 0 3 DEVICE IDENTIFICATION AND AUTHENTICATION
3 1 PM - 0 5 INFORMATION SYSTEM INVENTORY
4 1 CA - 0 7 CONTINUOUS MONITORING
5 1 S I - 0 4 INFORMATION SYSTEM MONITORING
6 1 SA - 0 4 ACQUISITION PROCESS
7 1 SA - 1 7 DEVELOPER SECURITY ARCHITECTURE AND DESIGN
8 2 CM - 0 2 BASELINE CONFIGURATION
10 2 CM - 1 0 SOFTWARE USAGE RESTRICTIONS
11 2 CM - 1 1 USER-INSTALLED SOFTWARE
12 2 PM - 0 5 INFORMATION SYSTEM INVENTORY
14 2 SC - 1 8 MOBILE CODE
15 2 SC - 3 4 NON-MODIFIABLE EXECUTABLE PROGRAMS
19 3 CM - 0 3 CONFIGURATION CHANGE CONTROL
20 3 CM - 0 5 ACCESS RESTRICTIONS FOR CHANGE
21 3 CM - 0 6 CONFIGURATION SETTINGS
22 3 CM - 0 7 LEAST FUNCTIONALITY
24 3 CM - 0 9 CONFIGURATION MANAGEMENT PLAN
25 3 CM - 1 1 USER-INSTALLED SOFTWARE
26 3 MA - 0 4 NONLOCAL MAINTENANCE
27 3 RA - 0 5 VULNERABILITY SCANNING
29 3 SC - 1 5 COLLABORATIVE COMPUTING DEVICES
31 3 S I - 0 2 FLAW REMEDIATION
35 4 CA - 0 2 SECURITY ASSESSMENTS
39 4 S I - 0 7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY
The Council on Cybersecurity Page 1 of 6 The Council on CyberSecurity

41 5 SC - 3 9 PROCESS ISOLATION
42 5 SC - 4 4 DETONATION CHAMBERS
43 5 S I - 0 3 MALICIOUS CODE PROTECTION
45 5 S I - 0 8 SPAM PROTECTION
47 6 SC - 3 9 PROCESS ISOLATION
48 6 S I - 1 0 INFORMATION INPUT VALIDATION
49 6 S I - 1 1 ERROR HANDLING
50 6 S I - 1 5 INFORMATION OUTPUT FILTERING
51 6 S I - 1 6 MEMORY PROTECTION
52 6 SA - 0 3 SYSTEM DEVELOPMENT LIFE CYCLE
53 6 SA - 1 0 DEVELOPER CONFIGURATION MANAGEMENT
54 6 SA - 1 1 DEVELOPER SECURITY TESTING AND EVALUATION
55 6 SA - 1 3 TRUSTWORTHINESS
56 6 SA - 1 5 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS
57 6 SA - 1 6 DEVELOPER-PROVIDED TRAINING
58 6 SA - 1 7 DEVELOPER SECURITY ARCHITECTURE AND DESIGN
59 6 SA - 2 0 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS
60 6 SA - 2 1 DEVELOPER SCREENING
61 7 AC - 1 8 WIRELESS ACCESS
62 7 AC - 1 9 ACCESS CONTROL FOR MOBILE DEVICES
64 7 I A - 0 3 DEVICE IDENTIFICATION AND AUTHENTICATION
65 7 CA - 0 3 SYSTEM INTERCONNECTIONS
67 7 SC - 0 8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY
68 7 SC - 1 7 PUBLIC KEY INFRASTRUCTURE CERTIFICATES
69 7 SC - 4 0 WIRELESS LINK PROTECTION
71 8 CP - 0 9 INFORMATION SYSTEM BACKUP
72 8 CP - 1 0 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION
73 8 MP - 0 4 MEDIA STORAGE

74 9 AT - 0 1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES
75 9 AT - 0 2 SECURITY AWARENESS TRAINING
76 9 AT - 0 3 ROLE-BASED SECURITY TRAINING
77 9 AT - 0 4 SECURITY TRAINING RECORDS
78 9 PM - 1 3 INFORMATION SECURITY WORKFORCE
79 9 PM - 1 4 TESTING, TRAINING, AND MONITORING
80 9 PM - 1 6 THREAT AWARENESS PROGRAM
81 9 SA - 1 1 DEVELOPER SECURITY TESTING AND EVALUATION
82 9 SA - 1 6 DEVELOPER-PROVIDED TRAINING
83 10 AC - 0 4 INFORMATION FLOW ENFORCEMENT
85 10 CM - 0 3 CONFIGURATION CHANGE CONTROL
86 10 CM - 0 5 ACCESS RESTRICTIONS FOR CHANGE
89 10 MA - 0 4 NONLOCAL MAINTENANCE
92 10 CA - 0 9 INTERNAL SYSTEM CONNECTIONS
93 10 SC - 2 4 FAIL IN KNOWN STATE
101 11 SC - 2 0 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE)
102 11 SC - 2 1 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER)
103 11 SC - 2 2 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE
104 11 SC - 4 1 PORT AND I/O DEVICE ACCESS

106 12 AC - 0 2 ACCOUNT MANAGEMENT
107 12 AC - 0 6 LEAST PRIVILEGE
108 12 AC - 1 7 REMOTE ACCESS
109 12 AC - 1 9 ACCESS CONTROL FOR MOBILE DEVICES
110 12 I A - 0 2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS)
111 12 I A - 0 4 IDENTIFIER MANAGEMENT
112 12 I A - 0 5 AUTHENTICATOR MANAGEMENT
116 13 AC - 1 7 REMOTE ACCESS
117 13 AC - 2 0 USE OF EXTERNAL INFORMATION SYSTEMS
122 13 SC - 0 7 BOUNDARY PROTECTION
125 13 SA - 0 9 EXTERNAL INFORMATION SYSTEM SERVICES
126 14 AC - 2 3 DATA MINING PROTECTION
127 14 AU - 0 2 AUDIT EVENTS
128 14 AU - 0 3 CONTENT OF AUDIT RECORDS
129 14 AU - 0 4 AUDIT STORAGE CAPACITY
130 14 AU - 0 5 RESPONSE TO AUDIT PROCESSING FAILURES
131 14 AU - 0 6 AUDIT REVIEW, ANALYSIS, AND REPORTING
132 14 AU - 0 7 AUDIT REDUCTION AND REPORT GENERATION
133 14 AU - 0 8 TIME STAMPS
134 14 AU - 0 9 PROTECTION OF AUDIT INFORMATION
135 14 AU - 1 0 NON-REPUDIATION
136 14 AU - 1 1 AUDIT RECORD RETENTION
137 14 AU - 1 2 AUDIT GENERATION
138 14 AU - 1 3 MONITORING FOR INFORMATION DISCLOSURE
139 14 AU - 1 4 SESSION AUDIT
140 14 I A - 1 0 ADAPTIVE IDENTIFICATION AND AUTHENTICATION

143 15 AC - 0 1 ACCESS CONTROL POLICY AND PROCEDURES
145 15 AC - 0 3 ACCESS ENFORCEMENT
146 15 AC - 0 6 LEAST PRIVILEGE
147 15 AC - 2 4 ACCESS CONTROL DECISIONS
148 15 MP - 0 3 MEDIA MARKING
149 15 RA - 0 2 SECURITY CATEGORIZATION
151 15 SC - 1 6 TRANSMISSION OF SECURITY ATTRIBUTES
155 16 AC - 0 7 UNSUCCESSFUL LOGON ATTEMPTS
156 16 AC - 1 1 SESSION LOCK
157 16 AC - 1 2 SESSION TERMINATION
158 16 I A - 0 5 AUTHENTICATOR MANAGEMENT
159 16 I A - 1 0 ADAPTIVE IDENTIFICATION AND AUTHENTICATION
161 16 SC - 1 7 PUBLIC KEY INFRASTRUCTURE CERTIFICATES
162 16 SC - 2 3 SESSION AUTHENTICITY
166 17 AC - 2 3 DATA MINING PROTECTION
167 17 I R - 0 9 INFORMATION SPILLAGE RESPONSE
168 17 MP - 0 5 MEDIA TRANSPORT
172 17 SC - 2 8 PROTECTION OF INFORMATION AT REST
173 17 SC - 3 1 COVERT CHANNEL ANALYSIS
174 17 SC - 4 1 PORT AND I/O DEVICE ACCESS
176 17 SA - 1 8 TAMPER RESISTANCE AND DETECTION

177 18 I R - 0 1 INCIDENT RESPONSE POLICY AND PROCEDURES
178 18 I R - 0 2 INCIDENT RESPONSE TRAINING
179 18 I R - 0 3 INCIDENT RESPONSE TESTING
180 18 I R - 0 4 INCIDENT HANDLING
181 18 I R - 0 5 INCIDENT MONITORING
182 18 I R - 0 6 INCIDENT REPORTING
183 18 I R - 0 7 INCIDENT RESPONSE ASSISTANCE
184 18 I R - 0 8 INCIDENT RESPONSE PLAN
185 18 I R - 1 0 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM
189 19 SC - 2 0 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE)
190 19 SC - 2 1 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER)
191 19 SC - 2 2 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE
192 19 SC - 3 2 INFORMATION SYSTEM PARTITIONING
193 19 SC - 3 7 OUT-OF-BAND CHANNELS
194 19 SA - 0 8 SECURITY ENGINEERING PRINCIPLES
195 20 PM - 0 6 INFORMATION SECURITY MEASURES OF PERFORMANCE
196 20 PM - 1 4 TESTING, TRAINING, AND MONITORING
197 20 PM - 1 6 THREAT AWARENESS PROGRAM
198 20 RA - 0 6 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY
199 20 CA - 0 2 SECURITY ASSESSMENTS
200 20 CA - 0 5 PLAN OF ACTION AND MILESTONES
201 20 CA - 0 6 SECURITY AUTHORIZATION
202 20 CA - 0 8 PENETRATION TESTING
203 20 S I - 0 6 SECURITY FUNCTION VERIFICATION

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summary Table) 20140809

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (19)

Ähnlich wie Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summary Table) 20140809

Ähnlich wie Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summary Table) 20140809 (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summary Table) 20140809