Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
69
Map the Critical Security Controls v4.1 to NIST SP 800‐53 Rev. 4 http://www.counciloncybersecurity.org CSC–01 Inventory of Authorized & Unauthorized Devices CSC–01 CA–07 Continuous Monitoring CSC–01 CM–08 Information System Component Inventory CSC–01 IA–03 Device Identification and Authentication CSC–01 SA–04 Acquisition Process CSC–01 SC–17 Public Key Infrastructure Certificates CSC–01 SI–04 Information System Monitoring CSC–01 PM–05 Information System Inventory CSC–02 Inventory of Authorized and Unauthorized Software CSC–02 CA–07 Continuous Monitoring CSC–02 CM–02 Baseline Configuration CSC–02 CM–08 Information System Component Inventory CSC–02 CM–10 Software Usage Restrictions CSC–02 CM–11 User–Installed Software CSC–02 SA–04 Acquisition Process CSC–02 SC–18 Mobile Code CSC–02 SC–34 Non–Modifiable Executable Programs CSC–02 SI–04 Information System Monitoring CSC–02 PM–05 Information System Inventory CSC–03 Secure Configurations for Mobile Devices, Workstations, Servers CSC–03 CA–07 Continuous Monitoring CSC–03 CM–02 Baseline Configuration CSC–03 CM–03 Configuration Change Control CSC–03 CM–05 Access Restrictions for Change CSC–03 CM–06 Configuration Settings CSC–03 CM–07 Least Functionality CSC–03 CM–08 Information System Component Inventory CSC–03 CM–09 Configuration Management Plan CSC–03 CM–11 User–Installed Software CSC–03 MA–04 Nonlocal Maintenance CSC–03 RA–05 Vulnerability Scanning CSC–03 SA–04 Acquisition Process CSC–03 SC–15 Collaborative Computing Devices CSC–03 SC–34 Non–Modifiable Executable Programs CSC–03 SI–02 Flaw Remediation CSC–03 SI–04 Information System Monitoring CSC–04 Continuous Vulnerability Assessment and Remediation CSC–04 CA–02 Security Assessments Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 1 of 69
-
Upload
james-de-rienzo -
Category
Technology
-
view
1.037 -
download
3
description
http://www.CouncilonCyberSecurity.org Map the Critical Security Controls (CSC) v4.1 to NIST SP 800-53 Rev.4-final (r6a)
Transcript of Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Map the Critical Security Controls v4.1 to NIST SP 800‐53 Rev. 4 http://www.counciloncybersecurity.org
CSC–01 Inventory of Authorized & Unauthorized Devices
CSC–01 CA–07 Continuous Monitoring
CSC–01 CM–08 Information System Component Inventory
CSC–01 IA–03 Device Identification and Authentication
CSC–01 SA–04 Acquisition Process
CSC–01 SC–17 Public Key Infrastructure Certificates
CSC–01 SI–04 Information System Monitoring
CSC–01 PM–05 Information System Inventory
CSC–02 Inventory of Authorized and Unauthorized Software
CSC–02 CA–07 Continuous Monitoring
CSC–02 CM–02 Baseline Configuration
CSC–02 CM–08 Information System Component Inventory
CSC–02 CM–10 Software Usage Restrictions
CSC–02 CM–11 User–Installed Software
CSC–02 SA–04 Acquisition Process
CSC–02 SC–18 Mobile Code
CSC–02 SC–34 Non–Modifiable Executable Programs
CSC–02 SI–04 Information System Monitoring
CSC–02 PM–05 Information System Inventory
CSC–03 Secure Configurations for Mobile Devices, Workstations, Servers
CSC–03 CA–07 Continuous Monitoring
CSC–03 CM–02 Baseline Configuration
CSC–03 CM–03 Configuration Change Control
CSC–03 CM–05 Access Restrictions for Change
CSC–03 CM–06 Configuration Settings
CSC–03 CM–07 Least Functionality
CSC–03 CM–08 Information System Component Inventory
CSC–03 CM–09 Configuration Management Plan
CSC–03 CM–11 User–Installed Software
CSC–03 MA–04 Nonlocal Maintenance
CSC–03 RA–05 Vulnerability Scanning
CSC–03 SA–04 Acquisition Process
CSC–03 SC–15 Collaborative Computing Devices
CSC–03 SC–34 Non–Modifiable Executable Programs
CSC–03 SI–02 Flaw Remediation
CSC–03 SI–04 Information System Monitoring
CSC–04 Continuous Vulnerability Assessment and Remediation
CSC–04 CA–02 Security Assessments
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 1 of 69
Map the Critical Security Controls v4.1 to NIST SP 800‐53 Rev. 4 http://www.counciloncybersecurity.org
CSC–04 CA–07 Continuous Monitoring
CSC–04 RA–05 Vulnerability Scanning
CSC–04 SC–34 Non–Modifiable Executable Programs
CSC–04 SI–04 Information System Monitoring
CSC–04 SI–07 Software, Firmware, and Information Integrity
CSC–05 Malware Defenses
CSC–05 CA–07 Continuous Monitoring
CSC–05 SC–39 Process Isolation
CSC–05 SC–44 Detonation Chambers
CSC–05 SI–03 Malicious Code Protection
CSC–05 SI–04 Information System Monitoring
CSC–05 SI–08 Spam Protection
CSC–06 Application Software Security
CSC–06 RA–05 Vulnerability Scanning
CSC–06 SA–03 System Development Life Cycle
CSC–06 SA–10 Developer Configuration Management
CSC–06 SA–11 Developer Security Testing and Evaluation
CSC–06 SA–13 Trustworthiness
CSC–06 SA–15 Development Process, Standards, and Tools
CSC–06 SA–16 Developer–Provided Training
CSC–06 SA–17 Developer Security Architecture and Design
CSC–06 SA–20 Customized Development of Critical Components
CSC–06 SA–21 Developer Screening
CSC–06 SC–39 Process Isolation
CSC–06 SI–10 Information Input Validation
CSC–06 SI–11 Error Handling
CSC–06 SI–15 Information Output Filtering
CSC–06 SI–16 Memory Protection
CSC–07 Wireless Device Control
CSC–07 AC–18 Wireless Access
CSC–07 AC–19 Access Control for Mobile Devices
CSC–07 CA–03 System Interconnections
CSC–07 CA–07 Continuous Monitoring
CSC–07 CM–02 Baseline Configuration
CSC–07 IA–03 Device Identification and Authentication
CSC–07 SC–08 Transmission Confidentiality and Integrity
CSC–07 SC–17 Public Key Infrastructure Certificates
CSC–07 SC–40 Wireless Link Protection
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 2 of 69
Map the Critical Security Controls v4.1 to NIST SP 800‐53 Rev. 4 http://www.counciloncybersecurity.org
CSC–07 SI–04 Information System Monitoring
CSC–08 Data Recovery Capability
CSC–08 CP–09 Information System Backup
CSC–08 CP–10 Information System Recovery and Reconstitution
CSC–08 MP–04 Media Storage
CSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps
CSC–09 AT–01 Security Awareness and Training Policy and Procedures
CSC–09 AT–02 Security Awareness Training
CSC–09 AT–03 Role–Based Security Training
CSC–09 AT–04 Security Training Records
CSC–09 SA–11 Developer Security Testing and Evaluation
CSC–09 SA–16 Developer–Provided Training
CSC–09 PM–13 Information Security Workforce
CSC–09 PM–14 Testing, Training, & Monitoring
CSC–09 PM–16 Threat Awareness Program
CSC–10 Secure Configurations for Network Infrastructure & Security Devices
CSC–10 AC–04 Information Flow Enforcement
CSC–10 CA–03 System Interconnections
CSC–10 CA–07 Continuous Monitoring
CSC–10 CA–09 Internal System Connections
CSC–10 CM–02 Baseline Configuration
CSC–10 CM–03 Configuration Change Control
CSC–10 CM–05 Access Restrictions for Change
CSC–10 CM–06 Configuration Settings
CSC–10 CM–08 Information System Component Inventory
CSC–10 MA–04 Nonlocal Maintenance
CSC–10 SC–24 Fail in Known State
CSC–10 SI–04 Information System Monitoring
CSC–11 Ports, Protocols, and Services Management
CSC–11 AC–04 Information Flow Enforcement
CSC–11 CA–07 Continuous Monitoring
CSC–11 CA–09 Internal System Connections
CSC–11 CM–02 Baseline Configuration
CSC–11 CM–06 Configuration Settings
CSC–11 CM–08 Information System Component Inventory
CSC–11 SC–20 Secure Name /Address Resolution Service (Authoritative Source)
CSC–11 SC–21 Secure Name /Address Resolution Service (Recursive or Caching Resolver)
CSC–11 SC–22 Architecture and Provisioning for Name/Address Resolution Service
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 3 of 69
Map the Critical Security Controls v4.1 to NIST SP 800‐53 Rev. 4 http://www.counciloncybersecurity.org
CSC–11 SC–41 Port and I/O Device Access
CSC–11 SI–04 Information System Monitoring
CSC–12 Controlled Use of Administrative Privileges
CSC–12 AC–02 Account Management
CSC–12 AC–06 Least Privilege
CSC–12 AC–17 Remote Access
CSC–12 AC–19 Access Control for Mobile Devices
CSC–12 CA–07 Continuous Monitoring
CSC–12 IA–02 Identification and Authentication (Organizational Users)
CSC–12 IA–04 Identifier Management
CSC–12 IA–05 Authenticator Management
CSC–12 SI–04 Information System Monitoring
CSC–13 Boundary Defense
CSC–13 AC–04 Information Flow Enforcement
CSC–13 AC–17 Remote Access
CSC–13 AC–20 Use of External Information Systems
CSC–13 CA–03 System Interconnections
CSC–13 CA–07 Continuous Monitoring
CSC–13 CA–09 Internal System Connections
CSC–13 CM–02 Baseline Configuration
CSC–13 SA–09 External Information System Services
CSC–13 SC–07 Boundary Protection
CSC–13 SC–08 Transmission Confidentiality and Integrity
CSC–13 SI–04 Information System Monitoring
CSC–14 Maintenance, Monitoring and Analysis of Audit Logs
CSC–14 AC–23 Data Mining Protection
CSC–14 AU–02 Audit Events
CSC–14 AU–03 Content of Audit Records
CSC–14 AU–04 Audit Storage Capacity
CSC–14 AU–05 Response to Audit Processing Failures
CSC–14 AU–06 Audit Review, Analysis, and Reporting
CSC–14 AU–07 Audit Reduction and Report Generation
CSC–14 AU–08 Time Stamps
CSC–14 AU–09 Protection of Audit Information
CSC–14 AU–10 Non–repudiation
CSC–14 AU–11 Audit Record Retention
CSC–14 AU–12 Audit Generation
CSC–14 AU–13 Monitoring for Information Disclosure
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 4 of 69
Map the Critical Security Controls v4.1 to NIST SP 800‐53 Rev. 4 http://www.counciloncybersecurity.org
CSC–14 AU–14 Session Audit
CSC–14 CA–07 Continuous Monitoring
CSC–14 IA–10 Adaptive Identification and Authentication
CSC–14 SI–04 Information System Monitoring
CSC–15 Controlled Access Based on the Need to Know
CSC–15 AC–01 Access Control Policy and Procedures
CSC–15 AC–02 Account Management
CSC–15 AC–03 Access Enforcement
CSC–15 AC–06 Least Privilege
CSC–15 AC–24 Access Control Decisions
CSC–15 CA–07 Continuous Monitoring
CSC–15 MP–03 Media Marking
CSC–15 RA–02 Security Categorization
CSC–15 SC–16 Transmission of Security Attributes
CSC–15 SI–04 Information System Monitoring
CSC–16 Account Monitoring and Control
CSC–16 AC–02 Account Management
CSC–16 AC–03 Access Enforcement
CSC–16 AC–07 Unsuccessful Logon Attempts
CSC–16 AC–11 Session Lock
CSC–16 AC–12 Session Termination
CSC–16 CA–07 Continuous Monitoring
CSC–16 IA–05 Authenticator Management
CSC–16 IA–10 Adaptive Identification and Authentication
CSC–16 SC–17 Public Key Infrastructure Certificates
CSC–16 SC–23 Session Authenticity
CSC–16 SI–04 Information System Monitoring
CSC–17 Data Loss Prevention
CSC–17 AC–03 Access Enforcement
CSC–17 AC–04 Information Flow Enforcement
CSC–17 AC–23 Data Mining Protection
CSC–17 CA–07 Continuous Monitoring
CSC–17 CA–09 Internal System Connections
CSC–17 IR–09 Information Spillage Response
CSC–17 MP–05 Media Transport
CSC–17 SA–18 Tamper Resistance and Detection
CSC–17 SC–08 Transmission Confidentiality and Integrity
CSC–17 SC–28 Protection of Information at Rest
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 5 of 69
Map the Critical Security Controls v4.1 to NIST SP 800‐53 Rev. 4 http://www.counciloncybersecurity.org
CSC–17 SC–31 Covert Channel Analysis
CSC–17 SC–41 Port and I/O Device Access
CSC–17 SI–04 Information System Monitoring
CSC–18 Incident Response and Management
CSC–18 IR–01 Incident Response Policy and Procedures
CSC–18 IR–02 Incident Response Training
CSC–18 IR–03 Incident Response Testing
CSC–18 IR–04 Incident Handling
CSC–18 IR–05 Incident Monitoring
CSC–18 IR–06 Incident Reporting
CSC–18 IR–07 Incident Response Assistance
CSC–18 IR–08 Incident Response Plan
CSC–18 IR–10 Integrated Information Security Analysis Team
CSC–19 Secure Network Engineering
CSC–19 AC–04 Information Flow Enforcement
CSC–19 CA–03 System Interconnections
CSC–19 CA–09 Internal System Connections
CSC–19 SA–08 Security Engineering Principles
CSC–19 SC–20 Secure Name /Address Resolution Service (Authoritative Source)
CSC–19 SC–21 Secure Name /Address Resolution Service (Recursive or Caching Resolver)
CSC–19 SC–22 Architecture and Provisioning for Name/Address Resolution Service
CSC–19 SC–32 Information System Partitioning
CSC–19 SC–37 Out–of–Band Channels
CSC–20 Penetration Tests and Red Team Exercises
CSC–20 PM–16 Threat Awareness Program
CSC–20 CA–02 Security Assessments
CSC–20 CA–05 Plan of Action and Milestones
CSC–20 CA–06 Security Authorization
CSC–20 CA–08 Penetration Testing
CSC–20 RA–06 Technical Surveillance Countermeasures Survey
CSC–20 SI–06 Security Function Verification
CSC–20 PM–06 Information Security Measures of Performance
CSC–20 PM–14 Testing, Training, & Monitoring
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 6 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORTCSC
CNT: 7 CSC–01 Inventory of Authorized & Unauthorized Devices 11 CSC–11 Ports, Protocols, and Services Management CSC 01 CSC 06 CSC 11 CSC
203 10 CSC–02 Inventory of Authorized and Unauthorized Software 9 CSC–12 Controlled Use of Administrative Privileges CSC–01 X CSC–06 X CSC–11 X CSC–16
16 CSC–03 Secure Configurations for Mobile Devices, Workstations, Servers 11 CSC–13 Boundary Defense CSC 02 CSC 07 CSC 12 CSC
6 CSC–04 Continuous Vulnerability Assessment and Remediation 17 CSC–14 Maintenance, Monitoring & Analysis of Audit Logs CSC–02 X CSC–07 X CSC–12 X CSC–17
6 CSC–05 Malware Defenses 10 CSC–15 Controlled Access Based on the Need to Know CSC 03 CSC 08 CSC 13 CSC
15 CSC–06 Application Software Security 11 CSC–16 Account Monitoring and Control CSC–03 X CSC–08 X CSC–13 X CSC–18
10 CSC–07 Wireless Device Control 13 CSC–17 Data Loss Prevention CSC 04 CSC 09 CSC 14 CSC
3 CSC–08 Data Recovery Capability 9 CSC–18 Incident Response and Management CSC–04 X CSC–09 X CSC–14 X CSC–19
9 CSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps 9 CSC–19 Secure Network Engineering CSC 05 CSC 10 CSC 15 CSC
12 CSC–10 Secure Configurations for Network Infrastructure & Security Devices 9 CSC–20 Penetration Tests and Red Team Exercises CSC–05 X CSC–10 X CSC–15 X CSC–20
# Bl CSC ID–CN NIST_SP_800-53_REV_4_CONTROL_NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
1 CSC–01 CA–07 Continuous Monitoring P3 X S S S S S S S S S S S S S 14
2 CSC–01 CM–08 Information System Component Inventory P1 X S S S S 5
3 CSC–01 IA–03 Device Identification and Authentication P1 X S 2
4 CSC–01 SA–04 Acquisition Process P1 X S S 3
5 CSC–01 SC–17 Public Key Infrastructure Certificates P1 X S S 3
6 CSC–01 SI–04 Information System Monitoring P1 X S S S S S S S S S S S S S 14
7 CSC–01 PM–05 Information System Inventory P1 X S 2
8 CSC–02 CA–07 Continuous Monitoring P3 S X S S S S S S S S S S S S 14
9 CSC–02 CM–02 Baseline Configuration P1 X S S S S S 6
10 CSC–02 CM–08 Information System Component Inventory P1 S X S S S 5
11 CSC–02 CM–10 Software Usage Restrictions P2 X 1
12 CSC–02 CM–11 User–Installed Software P1 X S 2
13 CSC–02 SA–04 Acquisition Process P1 S X S 3
14 CSC–02 SC–18 Mobile Code P2 X 1
15 CSC–02 SC–34 Non–Modifiable Executable Programs P0 X S S 3
16 CSC–02 SI–04 Information System Monitoring P1 S X S S S S S S S S S S S S 14
17 CSC–02 PM–05 Information System Inventory P1 S X 2
18 CSC–03 CA–07 Continuous Monitoring P3 S S X S S S S S S S S S S S 14
19 CSC–03 CM–02 Baseline Configuration P1 S X S S S S 6
20 CSC–03 CM–03 Configuration Change Control P1 X S 2
21 CSC–03 CM–05 Access Restrictions for Change P1 X S 2
22 CSC–03 CM–06 Configuration Settings P1 X S S 3
23 CSC–03 CM–07 Least Functionality P1 X 1
24 CSC–03 CM–08 Information System Component Inventory P1 S S X S S 5
25 CSC–03 CM–09 Configuration Management Plan P1 X 1
26 CSC–03 CM–11 User–Installed Software P1 S X 2
27 CSC–03 MA–04 Nonlocal Maintenance P1 X S 2
28 CSC–03 RA–05 Vulnerability Scanning P1 X S S 3
29 CSC–03 SA–04 Acquisition Process P1 S S X 3
30 CSC–03 SC–15 Collaborative Computing Devices P1 X 1
31 CSC–03 SC–34 Non–Modifiable Executable Programs P0 S X S 3
32 CSC–03 SI–02 Flaw Remediation P1 X 1
33 CSC–03 SI–04 Information System Monitoring P1 S S X S S S S S S S S S S S 14
34 CSC–04 CA–02 Security Assessments P2 X S 2
35 CSC–04 CA–07 Continuous Monitoring P3 S S S X S S S S S S S S S S 14
36 CSC–04 RA–05 Vulnerability Scanning P1 S X S 3
37 CSC–04 SC–34 Non–Modifiable Executable Programs P0 S S X 3
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 7 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORTCSC
CNT: 7 CSC–01 Inventory of Authorized & Unauthorized Devices 11 CSC–11 Ports, Protocols, and Services Management CSC 01 CSC 06 CSC 11 CSC
203 10 CSC–02 Inventory of Authorized and Unauthorized Software 9 CSC–12 Controlled Use of Administrative Privileges CSC–01 X CSC–06 X CSC–11 X CSC–16
16 CSC–03 Secure Configurations for Mobile Devices, Workstations, Servers 11 CSC–13 Boundary Defense CSC 02 CSC 07 CSC 12 CSC
6 CSC–04 Continuous Vulnerability Assessment and Remediation 17 CSC–14 Maintenance, Monitoring & Analysis of Audit Logs CSC–02 X CSC–07 X CSC–12 X CSC–17
6 CSC–05 Malware Defenses 10 CSC–15 Controlled Access Based on the Need to Know CSC 03 CSC 08 CSC 13 CSC
15 CSC–06 Application Software Security 11 CSC–16 Account Monitoring and Control CSC–03 X CSC–08 X CSC–13 X CSC–18
10 CSC–07 Wireless Device Control 13 CSC–17 Data Loss Prevention CSC 04 CSC 09 CSC 14 CSC
3 CSC–08 Data Recovery Capability 9 CSC–18 Incident Response and Management CSC–04 X CSC–09 X CSC–14 X CSC–19
9 CSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps 9 CSC–19 Secure Network Engineering CSC 05 CSC 10 CSC 15 CSC
12 CSC–10 Secure Configurations for Network Infrastructure & Security Devices 9 CSC–20 Penetration Tests and Red Team Exercises CSC–05 X CSC–10 X CSC–15 X CSC–20
# Bl CSC ID–CN NIST_SP_800-53_REV_4_CONTROL_NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
38 CSC–04 SI–04 Information System Monitoring P1 S S S X S S S S S S S S S S 14
39 CSC–04 SI–07 Software, Firmware, and Information Integrity P1 X 1
40 CSC–05 CA–07 Continuous Monitoring P3 S S S S X S S S S S S S S S 14
41 CSC–05 SC–39 Process Isolation P1 X S 2
42 CSC–05 SC–44 Detonation Chambers P0 X 1
43 CSC–05 SI–03 Malicious Code Protection P1 X 1
44 CSC–05 SI–04 Information System Monitoring P1 S S S S X S S S S S S S S S 14
45 CSC–05 SI–08 Spam Protection P2 X 1
46 CSC–06 RA–05 Vulnerability Scanning P1 S S X 3
47 CSC–06 SA–03 System Development Life Cycle P1 X 1
48 CSC–06 SA–10 Developer Configuration Management P1 X 1
49 CSC–06 SA–11 Developer Security Testing and Evaluation P1 X S 2
50 CSC–06 SA–13 Trustworthiness P0 X 1
51 CSC–06 SA–15 Development Process, Standards, and Tools P2 X 1
52 CSC–06 SA–16 Developer–Provided Training P2 X S 2
53 CSC–06 SA–17 Developer Security Architecture and Design P1 X 1
54 CSC–06 SA–20 Customized Development of Critical Components P0 X 1
55 CSC–06 SA–21 Developer Screening P0 X 1
56 CSC–06 SC–39 Process Isolation P1 S X 2
57 CSC–06 SI–10 Information Input Validation P1 X 1
58 CSC–06 SI–11 Error Handling P2 X 1
59 CSC–06 SI–15 Information Output Filtering P0 X 1
60 CSC–06 SI–16 Memory Protection P1 X 1
61 CSC–07 AC–18 Wireless Access P1 X 1
62 CSC–07 AC–19 Access Control for Mobile Devices P1 X S 2
63 CSC–07 CA–03 System Interconnections P1 X S S S 4
64 CSC–07 CA–07 Continuous Monitoring P3 S S S S S X S S S S S S S S 14
65 CSC–07 CM–02 Baseline Configuration P1 S S X S S S 6
66 CSC–07 IA–03 Device Identification and Authentication P1 S X 2
67 CSC–07 SC–08 Transmission Confidentiality and Integrity P1 X S S 3
68 CSC–07 SC–17 Public Key Infrastructure Certificates P1 S X S 3
69 CSC–07 SC–40 Wireless Link Protection P0 X 1
70 CSC–07 SI–04 Information System Monitoring P1 S S S S S X S S S S S S S S 14
71 CSC–08 CP–09 Information System Backup P1 X 1
72 CSC–08 CP–10 Information System Recovery and Reconstitution P1 X 1
73 CSC–08 MP–04 Media Storage P1 X 1
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 8 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORTCSC
CNT: 7 CSC–01 Inventory of Authorized & Unauthorized Devices 11 CSC–11 Ports, Protocols, and Services Management CSC 01 CSC 06 CSC 11 CSC
203 10 CSC–02 Inventory of Authorized and Unauthorized Software 9 CSC–12 Controlled Use of Administrative Privileges CSC–01 X CSC–06 X CSC–11 X CSC–16
16 CSC–03 Secure Configurations for Mobile Devices, Workstations, Servers 11 CSC–13 Boundary Defense CSC 02 CSC 07 CSC 12 CSC
6 CSC–04 Continuous Vulnerability Assessment and Remediation 17 CSC–14 Maintenance, Monitoring & Analysis of Audit Logs CSC–02 X CSC–07 X CSC–12 X CSC–17
6 CSC–05 Malware Defenses 10 CSC–15 Controlled Access Based on the Need to Know CSC 03 CSC 08 CSC 13 CSC
15 CSC–06 Application Software Security 11 CSC–16 Account Monitoring and Control CSC–03 X CSC–08 X CSC–13 X CSC–18
10 CSC–07 Wireless Device Control 13 CSC–17 Data Loss Prevention CSC 04 CSC 09 CSC 14 CSC
3 CSC–08 Data Recovery Capability 9 CSC–18 Incident Response and Management CSC–04 X CSC–09 X CSC–14 X CSC–19
9 CSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps 9 CSC–19 Secure Network Engineering CSC 05 CSC 10 CSC 15 CSC
12 CSC–10 Secure Configurations for Network Infrastructure & Security Devices 9 CSC–20 Penetration Tests and Red Team Exercises CSC–05 X CSC–10 X CSC–15 X CSC–20
# Bl CSC ID–CN NIST_SP_800-53_REV_4_CONTROL_NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
74 CSC–09 AT–01 Security Awareness and Training Policy and Procedures P1 X 1
75 CSC–09 AT–02 Security Awareness Training P1 X 1
76 CSC–09 AT–03 Role–Based Security Training P1 X 1
77 CSC–09 AT–04 Security Training Records P3 X 1
78 CSC–09 SA–11 Developer Security Testing and Evaluation P1 S X 2
79 CSC–09 SA–16 Developer–Provided Training P2 S X 2
80 CSC–09 PM–13 Information Security Workforce P1 X 1
81 CSC–09 PM–14 Testing, Training, & Monitoring P1 X S 2
82 CSC–09 PM–16 Threat Awareness Program P1 X 1
83 CSC–10 AC–04 Information Flow Enforcement P1 X S S S S 5
84 CSC–10 CA–03 System Interconnections P1 S X S S 4
85 CSC–10 CA–07 Continuous Monitoring P3 S S S S S S X S S S S S S S 14
86 CSC–10 CA–09 Internal System Connections P2 X S S S S 5
87 CSC–10 CM–02 Baseline Configuration P1 S S S X S S 6
88 CSC–10 CM–03 Configuration Change Control P1 S X 2
89 CSC–10 CM–05 Access Restrictions for Change P1 S X 2
90 CSC–10 CM–06 Configuration Settings P1 S X S 3
91 CSC–10 CM–08 Information System Component Inventory P1 S S S X S 5
92 CSC–10 MA–04 Nonlocal Maintenance P1 S X 2
93 CSC–10 SC–24 Fail in Known State P1 X 1
94 CSC–10 SI–04 Information System Monitoring P1 S S S S S S X S S S S S S S 14
95 CSC–11 AC–04 Information Flow Enforcement P1 S X S S S 5
96 CSC–11 CA–07 Continuous Monitoring P3 S S S S S S S X S S S S S S 14
97 CSC–11 CA–09 Internal System Connections P2 S X S S S 5
98 CSC–11 CM–02 Baseline Configuration P1 S S S S X S 6
99 CSC–11 CM–06 Configuration Settings P1 S S X 3
100 CSC–11 CM–08 Information System Component Inventory P1 S S S S X 5
101 CSC–11 SC–20 Secure Name /Address Resolution Service (Authoritative Source) P1 X S 2
102CSC–11 SC–21 Secure Name /Address Resolution Service (Recursive or Caching Resolver) P1 X S 2
103 CSC–11 SC–22 Architecture and Provisioning for Name/Address Resolution Service P1 X S 2
104 CSC–11 SC–41 Port and I/O Device Access P0 X S 2
105 CSC–11 SI–04 Information System Monitoring P1 S S S S S S S X S S S S S S 14
106 CSC–12 AC–02 Account Management P1 X S S 3
107 CSC–12 AC–06 Least Privilege P1 X S 2
108 CSC–12 AC–17 Remote Access P1 X S 2
109 CSC–12 AC–19 Access Control for Mobile Devices P1 S X 2
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 9 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORTCSC
CNT: 7 CSC–01 Inventory of Authorized & Unauthorized Devices 11 CSC–11 Ports, Protocols, and Services Management CSC 01 CSC 06 CSC 11 CSC
203 10 CSC–02 Inventory of Authorized and Unauthorized Software 9 CSC–12 Controlled Use of Administrative Privileges CSC–01 X CSC–06 X CSC–11 X CSC–16
16 CSC–03 Secure Configurations for Mobile Devices, Workstations, Servers 11 CSC–13 Boundary Defense CSC 02 CSC 07 CSC 12 CSC
6 CSC–04 Continuous Vulnerability Assessment and Remediation 17 CSC–14 Maintenance, Monitoring & Analysis of Audit Logs CSC–02 X CSC–07 X CSC–12 X CSC–17
6 CSC–05 Malware Defenses 10 CSC–15 Controlled Access Based on the Need to Know CSC 03 CSC 08 CSC 13 CSC
15 CSC–06 Application Software Security 11 CSC–16 Account Monitoring and Control CSC–03 X CSC–08 X CSC–13 X CSC–18
10 CSC–07 Wireless Device Control 13 CSC–17 Data Loss Prevention CSC 04 CSC 09 CSC 14 CSC
3 CSC–08 Data Recovery Capability 9 CSC–18 Incident Response and Management CSC–04 X CSC–09 X CSC–14 X CSC–19
9 CSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps 9 CSC–19 Secure Network Engineering CSC 05 CSC 10 CSC 15 CSC
12 CSC–10 Secure Configurations for Network Infrastructure & Security Devices 9 CSC–20 Penetration Tests and Red Team Exercises CSC–05 X CSC–10 X CSC–15 X CSC–20
# Bl CSC ID–CN NIST_SP_800-53_REV_4_CONTROL_NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
110 CSC–12 CA–07 Continuous Monitoring P3 S S S S S S S S X S S S S S 14
111 CSC–12 IA–02 Identification and Authentication (Organizational Users) P1 X 1
112 CSC–12 IA–04 Identifier Management P1 X 1
113 CSC–12 IA–05 Authenticator Management P1 X S 2
114 CSC–12 SI–04 Information System Monitoring P1 S S S S S S S S X S S S S S 14
115 CSC–13 AC–04 Information Flow Enforcement P1 S S X S S 5
116 CSC–13 AC–17 Remote Access P1 S X 2
117 CSC–13 AC–20 Use of External Information Systems P1 X 1
118 CSC–13 CA–03 System Interconnections P1 S S X S 4
119 CSC–13 CA–07 Continuous Monitoring P3 S S S S S S S S S X S S S S 14
120 CSC–13 CA–09 Internal System Connections P2 S S X S S 5
121 CSC–13 CM–02 Baseline Configuration P1 S S S S S X 6
122 CSC–13 SA–09 External Information System Services P1 X 1
123 CSC–13 SC–07 Boundary Protection P1 X 1
124 CSC–13 SC–08 Transmission Confidentiality and Integrity P1 S X S 3
125 CSC–13 SI–04 Information System Monitoring P1 S S S S S S S S S X S S S S 14
126 CSC–14 AC–23 Data Mining Protection P0 X S 2
127 CSC–14 AU–02 Audit Events P1 X 1
128 CSC–14 AU–03 Content of Audit Records P1 X 1
129 CSC–14 AU–04 Audit Storage Capacity P1 X 1
130 CSC–14 AU–05 Response to Audit Processing Failures P1 X 1
131 CSC–14 AU–06 Audit Review, Analysis, and Reporting P1 X 1
132 CSC–14 AU–07 Audit Reduction and Report Generation P2 X 1
133 CSC–14 AU–08 Time Stamps P1 X 1
134 CSC–14 AU–09 Protection of Audit Information P1 X 1
135 CSC–14 AU–10 Non–repudiation P1 X 1
136 CSC–14 AU–11 Audit Record Retention P3 X 1
137 CSC–14 AU–12 Audit Generation P1 X 1
138 CSC–14 AU–13 Monitoring for Information Disclosure P0 X 1
139 CSC–14 AU–14 Session Audit P0 X 1
140 CSC–14 CA–07 Continuous Monitoring P3 S S S S S S S S S S X S S S 14
141 CSC–14 IA–10 Adaptive Identification and Authentication P0 X S 2
142 CSC–14 SI–04 Information System Monitoring P1 S S S S S S S S S S X S S S 14
143 CSC–15 AC–01 Access Control Policy and Procedures P1 X 1
144 CSC–15 AC–02 Account Management P1 S X S 3
145 CSC–15 AC–03 Access Enforcement P1 X S S 3
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 10 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORTCSC
CNT: 7 CSC–01 Inventory of Authorized & Unauthorized Devices 11 CSC–11 Ports, Protocols, and Services Management CSC 01 CSC 06 CSC 11 CSC
203 10 CSC–02 Inventory of Authorized and Unauthorized Software 9 CSC–12 Controlled Use of Administrative Privileges CSC–01 X CSC–06 X CSC–11 X CSC–16
16 CSC–03 Secure Configurations for Mobile Devices, Workstations, Servers 11 CSC–13 Boundary Defense CSC 02 CSC 07 CSC 12 CSC
6 CSC–04 Continuous Vulnerability Assessment and Remediation 17 CSC–14 Maintenance, Monitoring & Analysis of Audit Logs CSC–02 X CSC–07 X CSC–12 X CSC–17
6 CSC–05 Malware Defenses 10 CSC–15 Controlled Access Based on the Need to Know CSC 03 CSC 08 CSC 13 CSC
15 CSC–06 Application Software Security 11 CSC–16 Account Monitoring and Control CSC–03 X CSC–08 X CSC–13 X CSC–18
10 CSC–07 Wireless Device Control 13 CSC–17 Data Loss Prevention CSC 04 CSC 09 CSC 14 CSC
3 CSC–08 Data Recovery Capability 9 CSC–18 Incident Response and Management CSC–04 X CSC–09 X CSC–14 X CSC–19
9 CSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps 9 CSC–19 Secure Network Engineering CSC 05 CSC 10 CSC 15 CSC
12 CSC–10 Secure Configurations for Network Infrastructure & Security Devices 9 CSC–20 Penetration Tests and Red Team Exercises CSC–05 X CSC–10 X CSC–15 X CSC–20
# Bl CSC ID–CN NIST_SP_800-53_REV_4_CONTROL_NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
146 CSC–15 AC–06 Least Privilege P1 S X 2
147 CSC–15 AC–24 Access Control Decisions P0 X 1
148 CSC–15 CA–07 Continuous Monitoring P3 S S S S S S S S S S S X S S 14
149 CSC–15 MP–03 Media Marking P2 X 1
150 CSC–15 RA–02 Security Categorization P1 X 1
151 CSC–15 SC–16 Transmission of Security Attributes P0 X 1
152 CSC–15 SI–04 Information System Monitoring P1 S S S S S S S S S S S X S S 14
153 CSC–16 AC–02 Account Management P1 S S X 3
154 CSC–16 AC–03 Access Enforcement P1 S X S 3
155 CSC–16 AC–07 Unsuccessful Logon Attempts P2 X 1
156 CSC–16 AC–11 Session Lock P3 X 1
157 CSC–16 AC–12 Session Termination P2 X 1
158 CSC–16 CA–07 Continuous Monitoring P3 S S S S S S S S S S S S X S 14
159 CSC–16 IA–05 Authenticator Management P1 S X 2
160 CSC–16 IA–10 Adaptive Identification and Authentication P0 S X 2
161 CSC–16 SC–17 Public Key Infrastructure Certificates P1 S S X 3
162 CSC–16 SC–23 Session Authenticity P1 X 1
163 CSC–16 SI–04 Information System Monitoring P1 S S S S S S S S S S S S X S 14
164 CSC–17 AC–03 Access Enforcement P1 S S X 3
165 CSC–17 AC–04 Information Flow Enforcement P1 S S S X S 5
166 CSC–17 AC–23 Data Mining Protection P0 S X 2
167 CSC–17 CA–07 Continuous Monitoring P3 S S S S S S S S S S S S S X 14
168 CSC–17 CA–09 Internal System Connections P2 S S S X S 5
169 CSC–17 IR–09 Information Spillage Response P0 X 1
170 CSC–17 MP–05 Media Transport P1 X 1
171 CSC–17 SA–18 Tamper Resistance and Detection P0 X 1
172 CSC–17 SC–08 Transmission Confidentiality and Integrity P1 S S X 3
173 CSC–17 SC–28 Protection of Information at Rest P1 X 1
174 CSC–17 SC–31 Covert Channel Analysis P0 X 1
175 CSC–17 SC–41 Port and I/O Device Access P0 S X 2
176 CSC–17 SI–04 Information System Monitoring P1 S S S S S S S S S S S S S X 14
177 CSC–18 IR–01 Incident Response Policy and Procedures P1 X 1
178 CSC–18 IR–02 Incident Response Training P2 X 1
179 CSC–18 IR–03 Incident Response Testing P2 X 1
180 CSC–18 IR–04 Incident Handling P1 X 1
181 CSC–18 IR–05 Incident Monitoring P1 X 1
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 11 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORTCSC
CNT: 7 CSC–01 Inventory of Authorized & Unauthorized Devices 11 CSC–11 Ports, Protocols, and Services Management CSC 01 CSC 06 CSC 11 CSC
203 10 CSC–02 Inventory of Authorized and Unauthorized Software 9 CSC–12 Controlled Use of Administrative Privileges CSC–01 X CSC–06 X CSC–11 X CSC–16
16 CSC–03 Secure Configurations for Mobile Devices, Workstations, Servers 11 CSC–13 Boundary Defense CSC 02 CSC 07 CSC 12 CSC
6 CSC–04 Continuous Vulnerability Assessment and Remediation 17 CSC–14 Maintenance, Monitoring & Analysis of Audit Logs CSC–02 X CSC–07 X CSC–12 X CSC–17
6 CSC–05 Malware Defenses 10 CSC–15 Controlled Access Based on the Need to Know CSC 03 CSC 08 CSC 13 CSC
15 CSC–06 Application Software Security 11 CSC–16 Account Monitoring and Control CSC–03 X CSC–08 X CSC–13 X CSC–18
10 CSC–07 Wireless Device Control 13 CSC–17 Data Loss Prevention CSC 04 CSC 09 CSC 14 CSC
3 CSC–08 Data Recovery Capability 9 CSC–18 Incident Response and Management CSC–04 X CSC–09 X CSC–14 X CSC–19
9 CSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps 9 CSC–19 Secure Network Engineering CSC 05 CSC 10 CSC 15 CSC
12 CSC–10 Secure Configurations for Network Infrastructure & Security Devices 9 CSC–20 Penetration Tests and Red Team Exercises CSC–05 X CSC–10 X CSC–15 X CSC–20
# Bl CSC ID–CN NIST_SP_800-53_REV_4_CONTROL_NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
182 CSC–18 IR–06 Incident Reporting P1 X 1
183 CSC–18 IR–07 Incident Response Assistance P3 X 1
184 CSC–18 IR–08 Incident Response Plan P1 X 1
185 CSC–18 IR–10 Integrated Information Security Analysis Team P0 X 1
186 CSC–19 AC–04 Information Flow Enforcement P1 S S S S X 5
187 CSC–19 CA–03 System Interconnections P1 S S S X 4
188 CSC–19 CA–09 Internal System Connections P2 S S S S X 5
189 CSC–19 SA–08 Security Engineering Principles P1 X 1
190 CSC–19 SC–20 Secure Name /Address Resolution Service (Authoritative Source) P1 S X 2
191CSC–19 SC–21 Secure Name /Address Resolution Service (Recursive or Caching Resolver) P1 S X 2
192 CSC–19 SC–22 Architecture and Provisioning for Name/Address Resolution Service P1 S X 2
193 CSC–19 SC–32 Information System Partitioning P0 X 1
194 CSC–19 SC–37 Out–of–Band Channels P0 X 1
195 CSC–20 PM–16 Threat Awareness Program P1 S x 2
196 CSC–20 CA–02 Security Assessments P2 S X 2
197 CSC–20 CA–05 Plan of Action and Milestones P3 X 1
198 CSC–20 CA–06 Security Authorization P3 X 1
199 CSC–20 CA–08 Penetration Testing P1 X 1
200 CSC–20 RA–06 Technical Surveillance Countermeasures Survey P0 X 1
201 CSC–20 SI–06 Security Function Verification P1 X 1
202 CSC–20 PM–06 Information Security Measures of Performance P1 X 1
203 CSC–20 PM–14 Testing, Training, & Monitoring P1 S X 2
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 12 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORT_ID
CSC–01 Inventory of Authorized & Unauthorized Devices Ports, Protocols, and Services ManagementCSC–02 Inventory of Authorized and Unauthorized Software Controlled Use of Administrative PrivilegesCSC–03 Secure Configurations for Mobile Devices, Workstations, Servers Boundary Defense CSC–04 Continuous Vulnerability Assessment and Remediation Maintenance, Monitoring and Analysis of Audit LogsCSC–05 Malware Defenses Controlled Access Based on the Need to KnowCSC–06 Application Software Security Account Monitoring and Control CSC–07 Wireless Device Control Data Loss PreventionCSC–08 Data Recovery Capability Incident Response and ManagementCSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps Secure Network EngineeringCSC–10 Secure Configurations for Network Infrastructure & Security Devices Penetration Tests and Red Team Exercises
FAMILY ID–CN CONTROL NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
Occurences 7 10 16 6 6 15 10 3 9 12 11 9 11 17 10 11 13 9 9 9 203
Access Control 2 1 1 4 3 1 5 5 3 1 26
AC AC–01 Access Control Policy and Procedures P1 X 1
AC AC–02 Account Management P1 X X X 3
AC AC–03 Access Enforcement P1 X X X 3
AC AC–04 Information Flow Enforcement P1 X X X X X 5
AC AC–05 Separation of Duties P1
AC AC–06 Least Privilege P1 X X 2
AC AC–07 Unsuccessful Logon Attempts P2 X 1
AC AC–08 System Use Notification P1
AC AC–09 Previous Logon (Access) Notification P0
AC AC–10 Concurrent Session Control P2
AC AC–11 Session Lock P3 X 1
AC AC–12 Session Termination P2 X 1
AC AC–13 Withdrawn –––
AC AC–14 Permitted Actions without Identification or Authentication P1
AC AC–15 Withdrawn –––
AC AC–16 Security Attributes P0
AC AC–17 Remote Access P1 X X 2
AC AC–18 Wireless Access P1 X 1
AC AC–19 Access Control for Mobile Devices P1 X X 2
AC AC–20 Use of External Information Systems P1 X 1
AC AC–21 Information Sharing P2
AC AC–22 Publicly Accessible Content P2
AC AC–23 Data Mining Protection P0 X X 2
AC AC–24 Access Control Decisions P0 X 1
AC AC–25 Reference Monitor P0
Awareness and Training 4 4
AT AT–01 Security Awareness and Training Policy and Procedures P1 X 1
AT AT–02 Security Awareness Training P1 X 1
AT AT–03 Role–Based Security Training P1 X 1
AT AT–04 Security Training Records P3 X 1
AT AT–05 Withdrawn –––
Audit & Accountability 13 13
AU AU–01 Audit and Accountability Policy and Procedures P1
AU AU–02 Audit Events P1 X 1
AU AU–03 Content of Audit Records P1 X 1
AU AU–04 Audit Storage Capacity P1 X 1
AU AU–05 Response to Audit Processing Failures P1 X 1
AU AU–06 Audit Review, Analysis, and Reporting P1 X 1
AU AU–07 Audit Reduction and Report Generation P2 X 1
CSC–20
MappingNISTSP800–53Revision4to CSC–11CSC–12
CriticalSecurityControls(CSC)v4.1 CSC–13
CSC–14
CSC–15
CSC–16
CSC–17
CSC–18
CSC–19
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 13 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORT_ID
CSC–01 Inventory of Authorized & Unauthorized Devices Ports, Protocols, and Services ManagementCSC–02 Inventory of Authorized and Unauthorized Software Controlled Use of Administrative PrivilegesCSC–03 Secure Configurations for Mobile Devices, Workstations, Servers Boundary Defense CSC–04 Continuous Vulnerability Assessment and Remediation Maintenance, Monitoring and Analysis of Audit LogsCSC–05 Malware Defenses Controlled Access Based on the Need to KnowCSC–06 Application Software Security Account Monitoring and Control CSC–07 Wireless Device Control Data Loss PreventionCSC–08 Data Recovery Capability Incident Response and ManagementCSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps Secure Network EngineeringCSC–10 Secure Configurations for Network Infrastructure & Security Devices Penetration Tests and Red Team Exercises
FAMILY ID–CN CONTROL NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
CSC–20
MappingNISTSP800–53Revision4to CSC–11CSC–12
CriticalSecurityControls(CSC)v4.1 CSC–13
CSC–14
CSC–15
CSC–16
CSC–17
CSC–18
CSC–19
AU AU–08 Time Stamps P1 X 1
AU AU–09 Protection of Audit Information P1 X 1
AU AU–10 Non–repudiation P1 X 1
AU AU–11 Audit Record Retention P3 X 1
AU AU–12 Audit Generation P1 X 1
AU AU–13 Monitoring for Information Disclosure P0 X 1
AU AU–14 Session Audit P0 X 1
AU AU–15 Alternate Audit Capability P0
AU AU–16 Cross–Organizational Auditing P0
Security Assessment and Authorization 1 1 1 2 1 2 3 2 1 3 1 1 1 2 2 4 28
CA CA–01 Security Assessment and Authorization Policies and Procedures P1
CA CA–02 Security Assessments P2 X X 2
CA CA–03 System Interconnections P1 X X X X 4
CA CA–04 Withdrawn –––
CA CA–05 Plan of Action and Milestones P3 X 1
CA CA–06 Security Authorization P3 X 1
CA CA–07 Continuous Monitoring P3 X X X X X X X X X X X X X X 14
CA CA–08 Penetration Testing P1 X 1
CA CA–09 Internal System Connections P2 X X X X X 5
Configuration Management 1 4 8 1 5 3 1 23
CM CM–01 Configuration Management Policy and Procedures P1
CM CM–02 Baseline Configuration P1 X X X X X X 6
CM CM–03 Configuration Change Control P1 X X 2
CM CM–04 Security Impact Analysis P2
CM CM–05 Access Restrictions for Change P1 X X 2
CM CM–06 Configuration Settings P1 X X X 3
CM CM–07 Least Functionality P1 X 1
CM CM–08 Information System Component Inventory P1 X X X X X 5
CM CM–09 Configuration Management Plan P1 X 1
CM CM–10 Software Usage Restrictions P2 X 1
CM CM–11 User–Installed Software P1 X X 2
Contingency Planning 2 2
CP CP–01 Contingency Planning Policy and Procedures P1
CP CP–02 Contingency Plan P1
CP CP–03 Contingency Training P2
CP CP–04 Contingency Plan Testing P2
CP CP–05 Withdrawn –––
CP CP–06 Alternate Storage Site P1
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 14 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORT_ID
CSC–01 Inventory of Authorized & Unauthorized Devices Ports, Protocols, and Services ManagementCSC–02 Inventory of Authorized and Unauthorized Software Controlled Use of Administrative PrivilegesCSC–03 Secure Configurations for Mobile Devices, Workstations, Servers Boundary Defense CSC–04 Continuous Vulnerability Assessment and Remediation Maintenance, Monitoring and Analysis of Audit LogsCSC–05 Malware Defenses Controlled Access Based on the Need to KnowCSC–06 Application Software Security Account Monitoring and Control CSC–07 Wireless Device Control Data Loss PreventionCSC–08 Data Recovery Capability Incident Response and ManagementCSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps Secure Network EngineeringCSC–10 Secure Configurations for Network Infrastructure & Security Devices Penetration Tests and Red Team Exercises
FAMILY ID–CN CONTROL NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
CSC–20
MappingNISTSP800–53Revision4to CSC–11CSC–12
CriticalSecurityControls(CSC)v4.1 CSC–13
CSC–14
CSC–15
CSC–16
CSC–17
CSC–18
CSC–19
CP CP–07 Alternate Processing Site P1
CP CP–08 Telecommunications Services P1
CP CP–09 Information System Backup P1 X 1
CP CP–10 Information System Recovery and Reconstitution P1 X 1
CP CP–11 Alternate Communications Protocols P0
CP CP–12 Safe Mode P0
CP CP–13 Alternative Security Mechanisms P0
Identification and Authentication 1 1 3 1 2 8
IA IA–01 Identification and Authentication Policy and Procedures P1
IA IA–02 Identification and Authentication (Organizational Users) P1 X 1
IA IA–03 Device Identification and Authentication P1 X X 2
IA IA–04 Identifier Management P1 X 1
IA IA–05 Authenticator Management P1 X X 2
IA IA–06 Authenticator Feedback P1
IA IA–07 Cryptographic Module Authentication P1
IA IA–08 Identification and Authentication (Non– Organizational Users) P1
IA IA–09 Service Identification and Authentication P0
IA IA–10 Adaptive Identification and Authentication P0 X X 2
IA IA–11 Re–authentication P0
Incident Response 1 9 10
IR IR–01 Incident Response Policy and Procedures P1 X 1
IR IR–02 Incident Response Training P2 X 1
IR IR–03 Incident Response Testing P2 X 1
IR IR–04 Incident Handling P1 X 1
IR IR–05 Incident Monitoring P1 X 1
IR IR–06 Incident Reporting P1 X 1
IR IR–07 Incident Response Assistance P3 X 1
IR IR–08 Incident Response Plan P1 X 1
IR IR–09 Information Spillage Response P0 X 1
IR IR–10 Integrated Information Security Analysis Team P0 X 1
Maintenance 1 1 2
MA MA–01 System Maintenance Policy and Procedures P1
MA MA–02 Controlled Maintenance P2
MA MA–03 Maintenance Tools P2
MA MA–04 Nonlocal Maintenance P1 X X 2
MA MA–05 Maintenance Personnel P1
MA MA–06 Timely Maintenance P2
Media Protection 1 1 1 3
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 15 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORT_ID
CSC–01 Inventory of Authorized & Unauthorized Devices Ports, Protocols, and Services ManagementCSC–02 Inventory of Authorized and Unauthorized Software Controlled Use of Administrative PrivilegesCSC–03 Secure Configurations for Mobile Devices, Workstations, Servers Boundary Defense CSC–04 Continuous Vulnerability Assessment and Remediation Maintenance, Monitoring and Analysis of Audit LogsCSC–05 Malware Defenses Controlled Access Based on the Need to KnowCSC–06 Application Software Security Account Monitoring and Control CSC–07 Wireless Device Control Data Loss PreventionCSC–08 Data Recovery Capability Incident Response and ManagementCSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps Secure Network EngineeringCSC–10 Secure Configurations for Network Infrastructure & Security Devices Penetration Tests and Red Team Exercises
FAMILY ID–CN CONTROL NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
CSC–20
MappingNISTSP800–53Revision4to CSC–11CSC–12
CriticalSecurityControls(CSC)v4.1 CSC–13
CSC–14
CSC–15
CSC–16
CSC–17
CSC–18
CSC–19
MP MP–01 Media Protection Policy and Procedures P1
MP MP–02 Media Access P1
MP MP–03 Media Marking P2 X 1
MP MP–04 Media Storage P1 X 1
MP MP–05 Media Transport P1 X 1
MP MP–06 Media Sanitization P1
MP MP–07 Media Use P1
MP MP–08 Media Downgrading P0
Physical and Environmental Protection
PE PE–01 Physical and Environmental Protection Policy and Procedures P1
PE PE–02 Physical Access Authorizations P1
PE PE–03 Physical Access Control P1
PE PE–04 Access Control for Transmission Medium P1
PE PE–05 Access Control for Output Devices P2
PE PE–06 Monitoring Physical Access P1
PE PE–07 Withdrawn –––
PE PE–08 Visitor Access Records P3
PE PE–09 Power Equipment and Cabling P1
PE PE–10 Emergency Shutoff P1
PE PE–11 Emergency Power P1
PE PE–12 Emergency Lighting P1
PE PE–13 Fire Protection P1
PE PE–14 Temperature and Humidity Controls P1
PE PE–15 Water Damage Protection P1
PE PE–16 Delivery and Removal P2
PE PE–17 Alternate Work Site P2
PE PE–18 Location of Information System Components P3
PE PE–19 Information Leakage P0
PE PE–20 Asset Monitoring and Tracking P0
Planning
PL PL–01 Security Planning Policy and Procedures P1
PL PL–02 System Security Plan P1
PL PL–03 Withdrawn –––
PL PL–04 Rules of Behavior P2
PL PL–05 Withdrawn –––
PL PL–06 Withdrawn –––
PL PL–07 Security Concept of Operations P0
PL PL–08 Information Security Architecture P1
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 16 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORT_ID
CSC–01 Inventory of Authorized & Unauthorized Devices Ports, Protocols, and Services ManagementCSC–02 Inventory of Authorized and Unauthorized Software Controlled Use of Administrative PrivilegesCSC–03 Secure Configurations for Mobile Devices, Workstations, Servers Boundary Defense CSC–04 Continuous Vulnerability Assessment and Remediation Maintenance, Monitoring and Analysis of Audit LogsCSC–05 Malware Defenses Controlled Access Based on the Need to KnowCSC–06 Application Software Security Account Monitoring and Control CSC–07 Wireless Device Control Data Loss PreventionCSC–08 Data Recovery Capability Incident Response and ManagementCSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps Secure Network EngineeringCSC–10 Secure Configurations for Network Infrastructure & Security Devices Penetration Tests and Red Team Exercises
FAMILY ID–CN CONTROL NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
CSC–20
MappingNISTSP800–53Revision4to CSC–11CSC–12
CriticalSecurityControls(CSC)v4.1 CSC–13
CSC–14
CSC–15
CSC–16
CSC–17
CSC–18
CSC–19
PL PL–09 Central Management P0
Personnel Security
PS PS–01 Personnel Security Policy and Procedures P1
PS PS–02 Position Risk Designation P1
PS PS–03 Personnel Screening P1
PS PS–04 Personnel Termination P1
PS PS–05 Personnel Transfer P2
PS PS–06 Access Agreements P3
PS PS–07 Third–Party Personnel Security P1
PS PS–08 Personnel Sanctions P3
Risk Assessment 1 1 1 1 1 5
RA RA–01 Risk Assessment Policy and Procedures P1
RA RA–02 Security Categorization P1 X 1
RA RA–03 Risk Assessment P1
RA RA–04 Withdrawn –––
RA RA–05 Vulnerability Scanning P1 X X X 3
RA RA–06 Technical Surveillance Countermeasures Survey P0 X 1
System and Services Acquisition 1 1 1 9 2 1 1 1 17
SA SA–01 System and Services Acquisition Policy and Procedures P1
SA SA–02 Allocation of Resources P1
SA SA–03 System Development Life Cycle P1 X 1
SA SA–04 Acquisition Process P1 X X X 3
SA SA–05 Information System Documentation P2
SA SA–06 Withdrawn –––
SA SA–07 Withdrawn –––
SA SA–08 Security Engineering Principles P1 X 1
SA SA–09 External Information System Services P1 X 1
SA SA–10 Developer Configuration Management P1 X 1
SA SA–11 Developer Security Testing and Evaluation P1 X X 2
SA SA–12 Supply Chain Protection P1
SA SA–13 Trustworthiness P0 X 1
SA SA–14 Criticality Analysis P0
SA SA–15 Development Process, Standards, and Tools P2 X 1
SA SA–16 Developer–Provided Training P2 X X 2
SA SA–17 Developer Security Architecture and Design P1 X 1
SA SA–18 Tamper Resistance and Detection P0 X 1
SA SA–19 Component Authenticity P0
SA SA–20 Customized Development of Critical Components P0 X 1
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 17 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORT_ID
CSC–01 Inventory of Authorized & Unauthorized Devices Ports, Protocols, and Services ManagementCSC–02 Inventory of Authorized and Unauthorized Software Controlled Use of Administrative PrivilegesCSC–03 Secure Configurations for Mobile Devices, Workstations, Servers Boundary Defense CSC–04 Continuous Vulnerability Assessment and Remediation Maintenance, Monitoring and Analysis of Audit LogsCSC–05 Malware Defenses Controlled Access Based on the Need to KnowCSC–06 Application Software Security Account Monitoring and Control CSC–07 Wireless Device Control Data Loss PreventionCSC–08 Data Recovery Capability Incident Response and ManagementCSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps Secure Network EngineeringCSC–10 Secure Configurations for Network Infrastructure & Security Devices Penetration Tests and Red Team Exercises
FAMILY ID–CN CONTROL NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
CSC–20
MappingNISTSP800–53Revision4to CSC–11CSC–12
CriticalSecurityControls(CSC)v4.1 CSC–13
CSC–14
CSC–15
CSC–16
CSC–17
CSC–18
CSC–19
SA SA–21 Developer Screening P0 X 1
SA SA–22 Unsupported System Components P0
System and Communications Protection 1 2 2 1 2 1 3 1 4 2 1 2 4 5 31
SC SC–01 System and Communications Protection Policy and Procedures P1
SC SC–02 Application Partitioning P1
SC SC–03 Security Function Isolation P1
SC SC–04 Information in Shared Resources P1
SC SC–05 Denial of Service Protection P1
SC SC–06 Resource Availability P0
SC SC–07 Boundary Protection P1 X 1
SC SC–08 Transmission Confidentiality and Integrity P1 X X X 3
SC SC–09 Withdrawn –––
SC SC–10 Network Disconnect P2
SC SC–11 Trusted Path P0
SC SC–12 Cryptographic Key Establishment and Management P1
SC SC–13 Cryptographic Protection P1
SC SC–14 Withdrawn –––
SC SC–15 Collaborative Computing Devices P1 X 1
SC SC–16 Transmission of Security Attributes P0 X 1
SC SC–17 Public Key Infrastructure Certificates P1 X X X 3
SC SC–18 Mobile Code P2 X 1
SC SC–19 Voice Over Internet Protocol P1
SC SC–20 Secure Name /Address Resolution Service (Authoritative Source) P1 X X 2
SC SC–21 Secure Name /Address Resolution Service (Recursive or Caching Resolver) P1 X X2
SC SC–22 Architecture and Provisioning for Name/Address Resolution Service P1 X X 2
SC SC–23 Session Authenticity P1 X 1
SC SC–24 Fail in Known State P1 X 1
SC SC–25 Thin Nodes P0
SC SC–26 Honeypots P0
SC SC–27 Platform–Independent Applications P0
SC SC–28 Protection of Information at Rest P1 X 1
SC SC–29 Heterogeneity P0
SC SC–30 Concealment and Misdirection P0
SC SC–31 Covert Channel Analysis P0 X 1
SC SC–32 Information System Partitioning P0 X 1
SC SC–33 Withdrawn –––
SC SC–34 Non–Modifiable Executable Programs P0 X X X 3
SC SC–35 Honeyclients P0
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 18 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORT_ID
CSC–01 Inventory of Authorized & Unauthorized Devices Ports, Protocols, and Services ManagementCSC–02 Inventory of Authorized and Unauthorized Software Controlled Use of Administrative PrivilegesCSC–03 Secure Configurations for Mobile Devices, Workstations, Servers Boundary Defense CSC–04 Continuous Vulnerability Assessment and Remediation Maintenance, Monitoring and Analysis of Audit LogsCSC–05 Malware Defenses Controlled Access Based on the Need to KnowCSC–06 Application Software Security Account Monitoring and Control CSC–07 Wireless Device Control Data Loss PreventionCSC–08 Data Recovery Capability Incident Response and ManagementCSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps Secure Network EngineeringCSC–10 Secure Configurations for Network Infrastructure & Security Devices Penetration Tests and Red Team Exercises
FAMILY ID–CN CONTROL NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
CSC–20
MappingNISTSP800–53Revision4to CSC–11CSC–12
CriticalSecurityControls(CSC)v4.1 CSC–13
CSC–14
CSC–15
CSC–16
CSC–17
CSC–18
CSC–19
SC SC–36 Distributed Processing and Storage P0
SC SC–37 Out–of–Band Channels P0 X 1
SC SC–38 Operations Security P0
SC SC–39 Process Isolation P1 X X 2
SC SC–40 Wireless Link Protection P0 X 1
SC SC–41 Port and I/O Device Access P0 X X 2
SC SC–42 Sensor Capability and Data P0
SC SC–43 Usage Restrictions P0
SC SC–44 Detonation Chambers P0 X 1
System and Information Integrity 1 1 2 2 3 4 1 1 1 1 1 1 1 1 1 1 23
SI SI–01 System and Information Integrity Policy and Procedures P1
SI SI–02 Flaw Remediation P1 X 1
SI SI–03 Malicious Code Protection P1 X 1
SI SI–04 Information System Monitoring P1 X X X X X X X X X X X X X X 14
SI SI–05 Security Alerts, Advisories, and Directives P1
SI SI–06 Security Function Verification P1 X 1
SI SI–07 Software, Firmware, and Information Integrity P1 X 1
SI SI–08 Spam Protection P2 X 1
SI SI–09 Withdrawn –––
SI SI–10 Information Input Validation P1 X 1
SI SI–11 Error Handling P2 X 1
SI SI–12 Information Handling and Retention P2
SI SI–13 Predictable Failure Prevention P0
SI SI–14 Non–Persistence P0
SI SI–15 Information Output Filtering P0 X 1
SI SI–16 Memory Protection P1 X 1
SI SI–17 Fail–Safe Procedures P0
Program Management 1 1 3 3 8
PM PM–01 Information Security Program Plan P1
PM PM–02 Senior Information Security Officer P1
PM PM–03 Information Security Resources P1
PM PM–04 Plan of Action and Milestones Process P1
PM PM–05 Information System Inventory P1 X X 2
PM PM–06 Information Security Measures of Performance P1 X 1
PM PM–07 Enterprise Architecture P1
PM PM–08 Critical Infrastructure Plan P1
PM PM–09 Risk Management Strategy P1
PM PM–10 Security Authorization Process P1
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 19 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 MAP_CSCv4.1_to_800‐53r4_SORT_ID
CSC–01 Inventory of Authorized & Unauthorized Devices Ports, Protocols, and Services ManagementCSC–02 Inventory of Authorized and Unauthorized Software Controlled Use of Administrative PrivilegesCSC–03 Secure Configurations for Mobile Devices, Workstations, Servers Boundary Defense CSC–04 Continuous Vulnerability Assessment and Remediation Maintenance, Monitoring and Analysis of Audit LogsCSC–05 Malware Defenses Controlled Access Based on the Need to KnowCSC–06 Application Software Security Account Monitoring and Control CSC–07 Wireless Device Control Data Loss PreventionCSC–08 Data Recovery Capability Incident Response and ManagementCSC–09 Security Skills Assessment and Appropriate Training to Fill Gaps Secure Network EngineeringCSC–10 Secure Configurations for Network Infrastructure & Security Devices Penetration Tests and Red Team Exercises
FAMILY ID–CN CONTROL NAME PRI 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 CNT
CSC–20
MappingNISTSP800–53Revision4to CSC–11CSC–12
CriticalSecurityControls(CSC)v4.1 CSC–13
CSC–14
CSC–15
CSC–16
CSC–17
CSC–18
CSC–19
PM PM–11 Mission/Business Process Definition P1
PM PM–12 Isider Threat Program P1
PM PM–13 Information Security Workforce P1 X 1
PM PM–14 Testing, Training, & Monitoring P1 X X 2
PM PM–15 Contacts with Security Groups and Associations P1
PM PM–16 Threat Awareness Program P1 X X 2
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 20 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
Acc
ess
Contr
ol
Acc
ess
Con
trol
Pol
icy
and P
roce
dure
s
Acc
ount
Man
agem
ent
Acc
ess
Enfo
rcem
ent
Info
rmat
ion F
low
Enfo
rcem
ent
Sep
arat
ion o
f D
uties
Leas
t Pr
ivile
ge
Unsu
cces
sful Lo
gon
Att
empts
Sys
tem
Use
Notifica
tion
Prev
ious
Logon (
Acc
ess)
Not
ific
atio
n
Concu
rren
t Ses
sion C
ontr
ol
Ses
sion
Loc
k
Ses
sion T
erm
inat
ion
Withdra
wn
Perm
itte
d A
ctio
ns
without
Iden
tifica
tion o
r Auth
entica
tio
Withdra
wn
Sec
urity
Att
ribute
s
Rem
ote
Acc
ess
Wirel
ess
Acc
ess
Acc
ess
Con
trol
for
Mob
ile D
evic
es
Use
of Ext
ernal
Info
rmat
ion S
yste
ms
Info
rmat
ion S
har
ing
Public
ly A
cces
sible
Con
tent
Dat
a M
inin
g P
rote
ctio
n
Acc
ess
Con
trol
Dec
isio
ns
Ref
eren
ce M
onitor
Aw
are
nes
s and T
rain
ing
Sec
urity
Aw
aren
ess
and T
rain
ing P
olic
y an
d P
roce
dure
s
Sec
urity
Aw
aren
ess
Tra
inin
g
Role
–Bas
ed S
ecurity
Tra
inin
g
Sec
urity
Tra
inin
g R
ecord
s
Withdra
wn
Audit &
Acc
ounta
bili
ty
Audit a
nd A
ccounta
bili
ty P
olic
y an
d P
roce
dure
s
Audit E
vents
Conte
nt
of Audit R
ecord
s
Audit S
tora
ge
Cap
acity
Res
pon
se t
o Audit P
roce
ssin
g F
ailu
res
Audit R
evie
w,
Anal
ysis
, an
d R
eport
ing
Audit R
educt
ion a
nd R
eport
Gen
erat
ion
Tim
e Sta
mps
CriticalSecurityControls CSC? T
ota
l AC
AC–01
AC–02
AC–03
AC–04
AC–05
AC–06
AC–07
AC–08
AC–09
AC–10
AC–11
AC–12
AC–13
AC–14
AC–15
AC–16
AC–17
AC–18
AC–19
AC–20
AC–21
AC–22
AC–23
AC–24
AC–25 AT
AT–01
AT–02
AT–03
AT–04
AT–05 AU
AU
–01
AU
–02
AU
–03
AU
–04
AU
–05
AU
–06
AU
–07
AU
–08
Inventory of Authorized & Unauthorized Devices CSC–01 7
Inventory of Authorized and Unauthorized Software CSC–02 10
Secure Configurations for Mobile Devices, Workstations, Servers CSC–03 16
Continuous Vulnerability Assessment and Remediation CSC–04 6
Malware Defenses CSC–05 6
Application Software Security CSC–06 15
Wireless Device Control CSC–07 10 2 X X
Data Recovery Capability CSC–08 3
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–09 9 4 X X X X
Secure Configurations for Network Infrastructure & Security Devices CSC–10 12 1 X
Inventory of Authorized & Unauthorized Devices CSC–11 11 1 X
Inventory of Authorized and Unauthorized Software CSC–12 9 4 X X X X
Secure Configurations for Mobile Devices, Workstations, Servers CSC–13 11 3 X X X
Continuous Vulnerability Assessment and Remediation CSC–14 17 1 X 13 X X X X X X X
Malware Defenses CSC–15 10 5 X X X X X
Application Software Security CSC–16 11 5 X X X X X
Wireless Device Control CSC–17 13 3 X X X
Data Recovery Capability CSC–18 9
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–19 9 1 X
Secure Configurations for Network Infrastructure & Security Devices CSC–20 9
NIST 800 Series Special Publications 1
An Introduction to Computer Security: The NIST Handbook SP 800-12
Telecommunications Security Guidelines for Telecommunications Manageme SP 800-13
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 21 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
Acc
ess
Contr
ol
Acc
ess
Con
trol
Pol
icy
and P
roce
dure
s
Acc
ount
Man
agem
ent
Acc
ess
Enfo
rcem
ent
Info
rmat
ion F
low
Enfo
rcem
ent
Sep
arat
ion o
f D
uties
Leas
t Pr
ivile
ge
Unsu
cces
sful Lo
gon
Att
empts
Sys
tem
Use
Notifica
tion
Prev
ious
Logon (
Acc
ess)
Not
ific
atio
n
Concu
rren
t Ses
sion C
ontr
ol
Ses
sion
Loc
k
Ses
sion T
erm
inat
ion
Withdra
wn
Perm
itte
d A
ctio
ns
without
Iden
tifica
tion o
r Auth
entica
tio
Withdra
wn
Sec
urity
Att
ribute
s
Rem
ote
Acc
ess
Wirel
ess
Acc
ess
Acc
ess
Con
trol
for
Mob
ile D
evic
es
Use
of Ext
ernal
Info
rmat
ion S
yste
ms
Info
rmat
ion S
har
ing
Public
ly A
cces
sible
Con
tent
Dat
a M
inin
g P
rote
ctio
n
Acc
ess
Con
trol
Dec
isio
ns
Ref
eren
ce M
onitor
Aw
are
nes
s and T
rain
ing
Sec
urity
Aw
aren
ess
and T
rain
ing P
olic
y an
d P
roce
dure
s
Sec
urity
Aw
aren
ess
Tra
inin
g
Role
–Bas
ed S
ecurity
Tra
inin
g
Sec
urity
Tra
inin
g R
ecord
s
Withdra
wn
Audit &
Acc
ounta
bili
ty
Audit a
nd A
ccounta
bili
ty P
olic
y an
d P
roce
dure
s
Audit E
vents
Conte
nt
of Audit R
ecord
s
Audit S
tora
ge
Cap
acity
Res
pon
se t
o Audit P
roce
ssin
g F
ailu
res
Audit R
evie
w,
Anal
ysis
, an
d R
eport
ing
Audit R
educt
ion a
nd R
eport
Gen
erat
ion
Tim
e Sta
mps
CriticalSecurityControls CSC? T
ota
l AC
AC–01
AC–02
AC–03
AC–04
AC–05
AC–06
AC–07
AC–08
AC–09
AC–10
AC–11
AC–12
AC–13
AC–14
AC–15
AC–16
AC–17
AC–18
AC–19
AC–20
AC–21
AC–22
AC–23
AC–24
AC–25 AT
AT–01
AT–02
AT–03
AT–04
AT–05 AU
AU
–01
AU
–02
AU
–03
AU
–04
AU
–05
AU
–06
AU
–07
AU
–08
Generally Accepted Principles and Practices for Securing Information Techno SP 800-14
MISPC Minimum Interoperability Specification for PKI Components SP 800-15 Version 1
Information Technology Security Training Requirements: A Role- and Perform SP 800-16
DRAFT Information Security Training Requirements: A Role- and Performanc SP 800-16 Rev. 1
Modes of Operation Validation System (MOVS): Requirements and Procedure SP 800-17
Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev.1
Mobile Agent Security SP 800-19
Modes of Operation Validation System for the Triple Data Encryption Algorith SP 800-20
Guideline for Implementing Cryptography in the Federal Government 800-21 2nd edition
A Statistical Test Suite for Random and Pseudorandom Number Generators f SP 800-22 Rev. 1a
Guidelines to Federal Organizations on Security Assurance and Acquisition/U SP 800-23
PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else D SP 800-24
Federal Agency Use of Public Key Technology for Digital Signatures and Auth SP 800-25
Engineering Principles for Information Technology Security (A Baseline for A SP 800-27 Rev. A
Guidelines on Active Content and Mobile Code SP 800-28 Version 2
A Comparison of the Security Requirements for Cryptographic Modules in FI SP 800-29
Risk Management Guide for Information Technology Systems SP 800-30
Guide for Conducting Risk Assessments SP 800-30 Rev. 1 1
Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32
Underlying Technical Models for Information Technology Security SP 800-33
Contingency Planning Guide for Federal Information Systems (Errata Page - SP 800-34 Rev. 1
Guide to Information Technology Security Services SP 800-35
Guide to Selecting Information Technology Security Products SP 800-36
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 22 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
Acc
ess
Contr
ol
Acc
ess
Con
trol
Pol
icy
and P
roce
dure
s
Acc
ount
Man
agem
ent
Acc
ess
Enfo
rcem
ent
Info
rmat
ion F
low
Enfo
rcem
ent
Sep
arat
ion o
f D
uties
Leas
t Pr
ivile
ge
Unsu
cces
sful Lo
gon
Att
empts
Sys
tem
Use
Notifica
tion
Prev
ious
Logon (
Acc
ess)
Not
ific
atio
n
Concu
rren
t Ses
sion C
ontr
ol
Ses
sion
Loc
k
Ses
sion T
erm
inat
ion
Withdra
wn
Perm
itte
d A
ctio
ns
without
Iden
tifica
tion o
r Auth
entica
tio
Withdra
wn
Sec
urity
Att
ribute
s
Rem
ote
Acc
ess
Wirel
ess
Acc
ess
Acc
ess
Con
trol
for
Mob
ile D
evic
es
Use
of Ext
ernal
Info
rmat
ion S
yste
ms
Info
rmat
ion S
har
ing
Public
ly A
cces
sible
Con
tent
Dat
a M
inin
g P
rote
ctio
n
Acc
ess
Con
trol
Dec
isio
ns
Ref
eren
ce M
onitor
Aw
are
nes
s and T
rain
ing
Sec
urity
Aw
aren
ess
and T
rain
ing P
olic
y an
d P
roce
dure
s
Sec
urity
Aw
aren
ess
Tra
inin
g
Role
–Bas
ed S
ecurity
Tra
inin
g
Sec
urity
Tra
inin
g R
ecord
s
Withdra
wn
Audit &
Acc
ounta
bili
ty
Audit a
nd A
ccounta
bili
ty P
olic
y an
d P
roce
dure
s
Audit E
vents
Conte
nt
of Audit R
ecord
s
Audit S
tora
ge
Cap
acity
Res
pon
se t
o Audit P
roce
ssin
g F
ailu
res
Audit R
evie
w,
Anal
ysis
, an
d R
eport
ing
Audit R
educt
ion a
nd R
eport
Gen
erat
ion
Tim
e Sta
mps
CriticalSecurityControls CSC? T
ota
l AC
AC–01
AC–02
AC–03
AC–04
AC–05
AC–06
AC–07
AC–08
AC–09
AC–10
AC–11
AC–12
AC–13
AC–14
AC–15
AC–16
AC–17
AC–18
AC–19
AC–20
AC–21
AC–22
AC–23
AC–24
AC–25 AT
AT–01
AT–02
AT–03
AT–04
AT–05 AU
AU
–01
AU
–02
AU
–03
AU
–04
AU
–05
AU
–06
AU
–07
AU
–08
Guide for Applying the Risk Management Framework to Federal Information SP 800-37 Rev. 1
Recommendation for Block Cipher Modes of Operation - Methods and Techni SP 800-38 A
Recommendation for Block Cipher Modes of Operation: Three Variants of Cip800-38 A - Addendum
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for A SP 800-38 B
Recommendation for Block Cipher Modes of Operation: the CCM Mode for Au SP 800-38 C
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode SP 800-38 D
Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode f SP 800-38 E
DRAFT Recommendation for Block Cipher Modes of Operation: Methods for K SP 800-38 F
Managing Information Security Risk: Organization, Mission, and Information SP 800-39
Creating a Patch and Vulnerability Management Program 800-40 Version 2.0
Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1
Systems Administration Guidance for Windows 2000 Professional System SP 800-43
Guidelines on Securing Public Web Servers SP 800-44 Version 2
Guidelines on Electronic Mail Security SP 800-45 Version 2
Guide to Enterprise Telework and Remote Access Security SP 800-46 Rev. 1
Security Guide for Interconnecting Information Technology Systems SP 800-47
Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1
Federal S/MIME V3 Client Profile SP 800-49
Building an Information Technology Security Awareness and Training Progra SP 800-50
Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1
Guidelines for the Selection and Use of Transport Layer Security (TLS) Imple SP 800-52
Guide for Assessing the Security Controls in Federal Information Systems anSP 800-53 A Rev. 1
Recommended Security Controls for Federal Information Systems and Organ SP 800-53 Rev. 3
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 23 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
Acc
ess
Contr
ol
Acc
ess
Con
trol
Pol
icy
and P
roce
dure
s
Acc
ount
Man
agem
ent
Acc
ess
Enfo
rcem
ent
Info
rmat
ion F
low
Enfo
rcem
ent
Sep
arat
ion o
f D
uties
Leas
t Pr
ivile
ge
Unsu
cces
sful Lo
gon
Att
empts
Sys
tem
Use
Notifica
tion
Prev
ious
Logon (
Acc
ess)
Not
ific
atio
n
Concu
rren
t Ses
sion C
ontr
ol
Ses
sion
Loc
k
Ses
sion T
erm
inat
ion
Withdra
wn
Perm
itte
d A
ctio
ns
without
Iden
tifica
tion o
r Auth
entica
tio
Withdra
wn
Sec
urity
Att
ribute
s
Rem
ote
Acc
ess
Wirel
ess
Acc
ess
Acc
ess
Con
trol
for
Mob
ile D
evic
es
Use
of Ext
ernal
Info
rmat
ion S
yste
ms
Info
rmat
ion S
har
ing
Public
ly A
cces
sible
Con
tent
Dat
a M
inin
g P
rote
ctio
n
Acc
ess
Con
trol
Dec
isio
ns
Ref
eren
ce M
onitor
Aw
are
nes
s and T
rain
ing
Sec
urity
Aw
aren
ess
and T
rain
ing P
olic
y an
d P
roce
dure
s
Sec
urity
Aw
aren
ess
Tra
inin
g
Role
–Bas
ed S
ecurity
Tra
inin
g
Sec
urity
Tra
inin
g R
ecord
s
Withdra
wn
Audit &
Acc
ounta
bili
ty
Audit a
nd A
ccounta
bili
ty P
olic
y an
d P
roce
dure
s
Audit E
vents
Conte
nt
of Audit R
ecord
s
Audit S
tora
ge
Cap
acity
Res
pon
se t
o Audit P
roce
ssin
g F
ailu
res
Audit R
evie
w,
Anal
ysis
, an
d R
eport
ing
Audit R
educt
ion a
nd R
eport
Gen
erat
ion
Tim
e Sta
mps
CriticalSecurityControls CSC? T
ota
l AC
AC–01
AC–02
AC–03
AC–04
AC–05
AC–06
AC–07
AC–08
AC–09
AC–10
AC–11
AC–12
AC–13
AC–14
AC–15
AC–16
AC–17
AC–18
AC–19
AC–20
AC–21
AC–22
AC–23
AC–24
AC–25 AT
AT–01
AT–02
AT–03
AT–04
AT–05 AU
AU
–01
AU
–02
AU
–03
AU
–04
AU
–05
AU
–06
AU
–07
AU
–08
DRAFT Security and Privacy Controls for Federal Information Systems and O SP 800-53 Rev. 4
Border Gateway Protocol Security SP 800-54
Performance Measurement Guide for Information Security SP 800-55 Rev. 1
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete L SP 800-56 A
Recommendation for Pair-Wise Key Establishment Schemes Using Integer Fa SP 800-56 B
Recommendation for Key Derivation through Extraction-then-Expansion SP 800-56 C
Recommendation for Key Management SP 800-57
DRAFT Recommendation for Key Management: Part 1: General SP 800-57 Part 1
Security Considerations for Voice Over IP Systems SP 800-58
Guideline for Identifying an Information System as a National Security Syste SP 800-59
Guide for Mapping Types of Information and Information Systems to Securit SP 800-60 Rev. 1
Computer Security Incident Handling Guide SP 800-61 Rev. 1
DRAFT Computer Security Incident Handling Guide SP 800-61 Rev. 2
Electronic Authentication Guideline SP 800-63 Rev. 1
Electronic Authentication Guideline 00-63 Version 1.0.2
Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2
Integrating IT Security into the Capital Planning and Investment Control Pro SP 800-65
DRAFT Recommendations for Integrating Information Security into the Capit SP 800-65 Rev. 1
An Introductory Resource Guide for Implementing the Health Insurance Port SP 800-66 Rev 1
Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Ciph SP 800-67 Rev. 1
Guide to Securing Microsoft Windows XP Systems for IT Professionals SP 800-68 Rev. 1
Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security SP 800-69
National Checklist Program for IT Products: Guidelines for Checklist Users an SP 800-70 Rev. 2
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 24 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
Acc
ess
Contr
ol
Acc
ess
Con
trol
Pol
icy
and P
roce
dure
s
Acc
ount
Man
agem
ent
Acc
ess
Enfo
rcem
ent
Info
rmat
ion F
low
Enfo
rcem
ent
Sep
arat
ion o
f D
uties
Leas
t Pr
ivile
ge
Unsu
cces
sful Lo
gon
Att
empts
Sys
tem
Use
Notifica
tion
Prev
ious
Logon (
Acc
ess)
Not
ific
atio
n
Concu
rren
t Ses
sion C
ontr
ol
Ses
sion
Loc
k
Ses
sion T
erm
inat
ion
Withdra
wn
Perm
itte
d A
ctio
ns
without
Iden
tifica
tion o
r Auth
entica
tio
Withdra
wn
Sec
urity
Att
ribute
s
Rem
ote
Acc
ess
Wirel
ess
Acc
ess
Acc
ess
Con
trol
for
Mob
ile D
evic
es
Use
of Ext
ernal
Info
rmat
ion S
yste
ms
Info
rmat
ion S
har
ing
Public
ly A
cces
sible
Con
tent
Dat
a M
inin
g P
rote
ctio
n
Acc
ess
Con
trol
Dec
isio
ns
Ref
eren
ce M
onitor
Aw
are
nes
s and T
rain
ing
Sec
urity
Aw
aren
ess
and T
rain
ing P
olic
y an
d P
roce
dure
s
Sec
urity
Aw
aren
ess
Tra
inin
g
Role
–Bas
ed S
ecurity
Tra
inin
g
Sec
urity
Tra
inin
g R
ecord
s
Withdra
wn
Audit &
Acc
ounta
bili
ty
Audit a
nd A
ccounta
bili
ty P
olic
y an
d P
roce
dure
s
Audit E
vents
Conte
nt
of Audit R
ecord
s
Audit S
tora
ge
Cap
acity
Res
pon
se t
o Audit P
roce
ssin
g F
ailu
res
Audit R
evie
w,
Anal
ysis
, an
d R
eport
ing
Audit R
educt
ion a
nd R
eport
Gen
erat
ion
Tim
e Sta
mps
CriticalSecurityControls CSC? T
ota
l AC
AC–01
AC–02
AC–03
AC–04
AC–05
AC–06
AC–07
AC–08
AC–09
AC–10
AC–11
AC–12
AC–13
AC–14
AC–15
AC–16
AC–17
AC–18
AC–19
AC–20
AC–21
AC–22
AC–23
AC–24
AC–25 AT
AT–01
AT–02
AT–03
AT–04
AT–05 AU
AU
–01
AU
–02
AU
–03
AU
–04
AU
–05
AU
–06
AU
–07
AU
–08
Guidelines on PDA Forensics SP 800-72
Interfaces for Personal Identity Verification (4 Parts) SP 800-73 -3
Biometric Data Specification for Personal Identity Verification SP 800-76 -1
DRAFT Biometric Data Specification for Personal Identity Verification SP 800-76 -2
Guide to IPsec VPNs SP 800-77
Cryptographic Algorithms and Key Sizes for Personal Identification Verificatio SP 800-78 -3
Guidelines for the Accreditation of Personal Identity Verification (PIV) Card I SP 800-79 -1
Secure Domain Name System (DNS) Deployment Guide SP 800-81 Rev. 1
Guide to Industrial Control Systems (ICS) Security SP 800-82
Guide to Malware Incident Prevention and Handling SP 800-83
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP 800-84
PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 SP 800-85 A-2
PIV Data Model Test Guidelines SP 800-85 B
DRAFT PIV Data Model Conformance Test Guidelines SP 800-85 B-1
Guide to Integrating Forensic Techniques into Incident Response SP 800-86
Codes for Identification of Federal and Federally-Assisted Organizations SP 800-87 Rev 1
Guidelines for Media Sanitization SP 800-88
Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89
Recommendation for Random Number Generation Using Deterministic Rando SP 800-90 A
Guide to Computer Security Log Management SP 800-92
Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94
Guide to Secure Web Services SP 800-95
PIV Card to Reader Interoperability Guidelines SP 800-96
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 25 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
Acc
ess
Contr
ol
Acc
ess
Con
trol
Pol
icy
and P
roce
dure
s
Acc
ount
Man
agem
ent
Acc
ess
Enfo
rcem
ent
Info
rmat
ion F
low
Enfo
rcem
ent
Sep
arat
ion o
f D
uties
Leas
t Pr
ivile
ge
Unsu
cces
sful Lo
gon
Att
empts
Sys
tem
Use
Notifica
tion
Prev
ious
Logon (
Acc
ess)
Not
ific
atio
n
Concu
rren
t Ses
sion C
ontr
ol
Ses
sion
Loc
k
Ses
sion T
erm
inat
ion
Withdra
wn
Perm
itte
d A
ctio
ns
without
Iden
tifica
tion o
r Auth
entica
tio
Withdra
wn
Sec
urity
Att
ribute
s
Rem
ote
Acc
ess
Wirel
ess
Acc
ess
Acc
ess
Con
trol
for
Mob
ile D
evic
es
Use
of Ext
ernal
Info
rmat
ion S
yste
ms
Info
rmat
ion S
har
ing
Public
ly A
cces
sible
Con
tent
Dat
a M
inin
g P
rote
ctio
n
Acc
ess
Con
trol
Dec
isio
ns
Ref
eren
ce M
onitor
Aw
are
nes
s and T
rain
ing
Sec
urity
Aw
aren
ess
and T
rain
ing P
olic
y an
d P
roce
dure
s
Sec
urity
Aw
aren
ess
Tra
inin
g
Role
–Bas
ed S
ecurity
Tra
inin
g
Sec
urity
Tra
inin
g R
ecord
s
Withdra
wn
Audit &
Acc
ounta
bili
ty
Audit a
nd A
ccounta
bili
ty P
olic
y an
d P
roce
dure
s
Audit E
vents
Conte
nt
of Audit R
ecord
s
Audit S
tora
ge
Cap
acity
Res
pon
se t
o Audit P
roce
ssin
g F
ailu
res
Audit R
evie
w,
Anal
ysis
, an
d R
eport
ing
Audit R
educt
ion a
nd R
eport
Gen
erat
ion
Tim
e Sta
mps
CriticalSecurityControls CSC? T
ota
l AC
AC–01
AC–02
AC–03
AC–04
AC–05
AC–06
AC–07
AC–08
AC–09
AC–10
AC–11
AC–12
AC–13
AC–14
AC–15
AC–16
AC–17
AC–18
AC–19
AC–20
AC–21
AC–22
AC–23
AC–24
AC–25 AT
AT–01
AT–02
AT–03
AT–04
AT–05 AU
AU
–01
AU
–02
AU
–03
AU
–04
AU
–05
AU
–06
AU
–07
AU
–08
Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97
Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98
Information Security Handbook: A Guide for Managers SP 800-100
Guidelines on Cell Phone Forensics SP 800-101
Recommendation for Digital Signature Timeliness SP 800-102
DRAFT An Ontology of Identity Credentials, Part I: Background and Formula SP 800-103
A Scheme for PIV Visual Card Topography SP 800-104
Randomized Hashing for Digital Signatures SP 800-106
Recommendation for Applications Using Approved Hash Algorithms SP 800-107
DRAFT Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Revised
Recommendation for Key Derivation Using Pseudorandom Functions SP 800-108
Guide to Storage Encryption Technologies for End User Devices SP 800-111
Guide to SSL VPNs SP 800-113
User's Guide to Securing External Devices for Telework and Remote Access SP 800-114
Technical Guide to Information Security Testing and Assessment SP 800-115
A Recommendation for the Use of PIV Credentials in Physical Access Control SP 800-116
Guide to Adopting and Using the Security Content Automation Protocol (SCA SP 800-117
DRAFT Guide to Adopting and Using the Security Content Automation Protoc SP 800-117 Rev. 1
DRAFT Guide to Enterprise Password Management SP 800-118
Guidelines for the Secure Deployment of IPv6 SP 800-119
Recommendation for EAP Methods Used in Wireless Network Access Authent SP 800-120
Guide to Bluetooth Security SP 800-121 Rev. 1
Guide to Protecting the Confidentiality of Personally Identifiable Information SP 800-122
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 26 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
Acc
ess
Contr
ol
Acc
ess
Con
trol
Pol
icy
and P
roce
dure
s
Acc
ount
Man
agem
ent
Acc
ess
Enfo
rcem
ent
Info
rmat
ion F
low
Enfo
rcem
ent
Sep
arat
ion o
f D
uties
Leas
t Pr
ivile
ge
Unsu
cces
sful Lo
gon
Att
empts
Sys
tem
Use
Notifica
tion
Prev
ious
Logon (
Acc
ess)
Not
ific
atio
n
Concu
rren
t Ses
sion C
ontr
ol
Ses
sion
Loc
k
Ses
sion T
erm
inat
ion
Withdra
wn
Perm
itte
d A
ctio
ns
without
Iden
tifica
tion o
r Auth
entica
tio
Withdra
wn
Sec
urity
Att
ribute
s
Rem
ote
Acc
ess
Wirel
ess
Acc
ess
Acc
ess
Con
trol
for
Mob
ile D
evic
es
Use
of Ext
ernal
Info
rmat
ion S
yste
ms
Info
rmat
ion S
har
ing
Public
ly A
cces
sible
Con
tent
Dat
a M
inin
g P
rote
ctio
n
Acc
ess
Con
trol
Dec
isio
ns
Ref
eren
ce M
onitor
Aw
are
nes
s and T
rain
ing
Sec
urity
Aw
aren
ess
and T
rain
ing P
olic
y an
d P
roce
dure
s
Sec
urity
Aw
aren
ess
Tra
inin
g
Role
–Bas
ed S
ecurity
Tra
inin
g
Sec
urity
Tra
inin
g R
ecord
s
Withdra
wn
Audit &
Acc
ounta
bili
ty
Audit a
nd A
ccounta
bili
ty P
olic
y an
d P
roce
dure
s
Audit E
vents
Conte
nt
of Audit R
ecord
s
Audit S
tora
ge
Cap
acity
Res
pon
se t
o Audit P
roce
ssin
g F
ailu
res
Audit R
evie
w,
Anal
ysis
, an
d R
eport
ing
Audit R
educt
ion a
nd R
eport
Gen
erat
ion
Tim
e Sta
mps
CriticalSecurityControls CSC? T
ota
l AC
AC–01
AC–02
AC–03
AC–04
AC–05
AC–06
AC–07
AC–08
AC–09
AC–10
AC–11
AC–12
AC–13
AC–14
AC–15
AC–16
AC–17
AC–18
AC–19
AC–20
AC–21
AC–22
AC–23
AC–24
AC–25 AT
AT–01
AT–02
AT–03
AT–04
AT–05 AU
AU
–01
AU
–02
AU
–03
AU
–04
AU
–05
AU
–06
AU
–07
AU
–08
Guide to General Server Security SP 800-123
Guidelines on Cell Phone and PDA Security SP 800-124
Guide to Security for Full Virtualization Technologies SP 800-125
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 1
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 2
Guide to Securing WiMAX Wireless Communications SP 800-127
Guide for Security-Focused Configuration Management of Information Syste SP 800-128
DRAFT A Framework for Designing Cryptographic Key Management Systems SP 800-130
Transitions: Recommendation for Transitioning the Use of Cryptographic Alg SP 800-131 A
DRAFT Transitions: Validation of Transitioning Cryptographic Algorithm and SP 800-131 B
DRAFT Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 SP 800-131 C
Recommendation for Password-Based Key Derivation Part 1: Storage Applica SP 800-132
DRAFT Recommendation for Cryptographic Key Generation SP 800-133
Recommendation for Existing Application-Specific Key Derivation Functions SP 800-135 Rev. 1
Information Security Continuous Monitoring for Federal Information Systems SP 800-137
Practical Combinatorial Testing SP 800-142
Guidelines on Security and Privacy in Public Cloud Computing SP 800-144
A NIST Definition of Cloud Computing SP 800-145
Cloud Computing Synopsis and Recommendations SP 800-146
Basic Input/Output System (BIOS) Protection Guidelines SP 800-147
Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153
DRAFT BIOS Integrity Measurement Guidelines SP 800-155
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 27 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Inventory of Authorized & Unauthorized Devices CSC–01 7
Inventory of Authorized and Unauthorized Software CSC–02 10
Secure Configurations for Mobile Devices, Workstations, Servers CSC–03 16
Continuous Vulnerability Assessment and Remediation CSC–04 6
Malware Defenses CSC–05 6
Application Software Security CSC–06 15
Wireless Device Control CSC–07 10
Data Recovery Capability CSC–08 3
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–09 9
Secure Configurations for Network Infrastructure & Security Devices CSC–10 12
Inventory of Authorized & Unauthorized Devices CSC–11 11
Inventory of Authorized and Unauthorized Software CSC–12 9
Secure Configurations for Mobile Devices, Workstations, Servers CSC–13 11
Continuous Vulnerability Assessment and Remediation CSC–14 17
Malware Defenses CSC–15 10
Application Software Security CSC–16 11
Wireless Device Control CSC–17 13
Data Recovery Capability CSC–18 9
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–19 9
Secure Configurations for Network Infrastructure & Security Devices CSC–20 9
NIST 800 Series Special Publications 1
An Introduction to Computer Security: The NIST Handbook SP 800-12
Telecommunications Security Guidelines for Telecommunications Manageme SP 800-13
Prote
ctio
n o
f Audit I
nfo
rmat
ion
Non–re
pudia
tion
Audit R
ecord
Ret
ention
Audit G
ener
atio
n
Monitoring for
Info
rmat
ion D
iscl
osu
re
Ses
sion A
udit
Alter
nat
e Audit C
apab
ility
Cro
ss–O
rgan
izat
ional
Auditin
g
Sec
uri
ty A
sses
smen
t and A
uth
ori
zation
Sec
urity
Ass
essm
ent
and A
uth
oriz
atio
n P
olic
ies
and P
ro
Sec
urity
Ass
essm
ents
Sys
tem
Inte
rconnec
tions
Withdra
wn
Plan
of Act
ion a
nd M
ilest
ones
Sec
urity
Auth
oriza
tion
Continuous
Monitoring
Penet
ration T
esting
Inte
rnal
Sys
tem
Connec
tions
Configura
tion M
anagem
ent
Configura
tion M
anag
emen
t Po
licy
and P
roce
dure
s
Bas
elin
e Configura
tion
Configura
tion C
han
ge
Contr
ol
Sec
urity
Im
pac
t Anal
ysis
Acc
ess
Res
tric
tion
s fo
r Chan
ge
Configura
tion S
ettings
Leas
t Fu
nct
ional
ity
Info
rmat
ion S
yste
m C
om
ponen
t In
vento
ry
Configura
tion M
anag
emen
t Pl
an
Soft
war
e U
sage
Res
tric
tions
Use
r–In
stal
led S
oft
war
e
Contingen
cy P
lannin
g
Contingen
cy P
lannin
g P
olic
y an
d P
roce
dure
s
Contingen
cy P
lan
Contingen
cy T
rain
ing
Contingen
cy P
lan T
esting
Withdra
wn
Alter
nat
e Sto
rage
Site
Alter
nat
e Pr
oce
ssin
g S
ite
Tel
ecom
munic
atio
ns
Ser
vice
s
Info
rmat
ion S
yste
m B
acku
p
AU
–09
AU
–10
AU
–11
AU
–12
AU
–13
AU
–14
AU
–15
AU
–16 CA
CA–01
CA–02
CA–03
CA–04
CA–05
CA–06
CA–07
CA–08
CA–09 CM
CM
–01
CM
–02
CM
–03
CM
–04
CM
–05
CM
–06
CM
–07
CM
–08
CM
–09
CM
–10
CM
–11 CP
CP–
01
CP–
02
CP–
03
CP–
04
CP–
05
CP–
06
CP–
07
CP–
08
CP–
09
1 X 1 X
1 X 4 X X X X
1 X 8 X X X X X X X X
2 X X
1 X
2 X X 1 X
2 X
3 X X X 5 X X X X X
2 X X 3 X X X
1 X
3 X X X 1 X
X X X X X X 1 X
1 X
1 X
2 X X
2 X X
4 X X X X
1 1
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 28 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Generally Accepted Principles and Practices for Securing Information Techno SP 800-14
MISPC Minimum Interoperability Specification for PKI Components SP 800-15 Version 1
Information Technology Security Training Requirements: A Role- and Perform SP 800-16
DRAFT Information Security Training Requirements: A Role- and Performanc SP 800-16 Rev. 1
Modes of Operation Validation System (MOVS): Requirements and Procedure SP 800-17
Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev.1
Mobile Agent Security SP 800-19
Modes of Operation Validation System for the Triple Data Encryption Algorith SP 800-20
Guideline for Implementing Cryptography in the Federal Government 800-21 2nd edition
A Statistical Test Suite for Random and Pseudorandom Number Generators f SP 800-22 Rev. 1a
Guidelines to Federal Organizations on Security Assurance and Acquisition/U SP 800-23
PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else D SP 800-24
Federal Agency Use of Public Key Technology for Digital Signatures and Auth SP 800-25
Engineering Principles for Information Technology Security (A Baseline for A SP 800-27 Rev. A
Guidelines on Active Content and Mobile Code SP 800-28 Version 2
A Comparison of the Security Requirements for Cryptographic Modules in FI SP 800-29
Risk Management Guide for Information Technology Systems SP 800-30
Guide for Conducting Risk Assessments SP 800-30 Rev. 1 1
Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32
Underlying Technical Models for Information Technology Security SP 800-33
Contingency Planning Guide for Federal Information Systems (Errata Page - SP 800-34 Rev. 1
Guide to Information Technology Security Services SP 800-35
Guide to Selecting Information Technology Security Products SP 800-36
Prote
ctio
n o
f Audit I
nfo
rmat
ion
Non–re
pudia
tion
Audit R
ecord
Ret
ention
Audit G
ener
atio
n
Monitoring for
Info
rmat
ion D
iscl
osu
re
Ses
sion A
udit
Alter
nat
e Audit C
apab
ility
Cro
ss–O
rgan
izat
ional
Auditin
g
Sec
uri
ty A
sses
smen
t and A
uth
ori
zation
Sec
urity
Ass
essm
ent
and A
uth
oriz
atio
n P
olic
ies
and P
ro
Sec
urity
Ass
essm
ents
Sys
tem
Inte
rconnec
tions
Withdra
wn
Plan
of Act
ion a
nd M
ilest
ones
Sec
urity
Auth
oriza
tion
Continuous
Monitoring
Penet
ration T
esting
Inte
rnal
Sys
tem
Connec
tions
Configura
tion M
anagem
ent
Configura
tion M
anag
emen
t Po
licy
and P
roce
dure
s
Bas
elin
e Configura
tion
Configura
tion C
han
ge
Contr
ol
Sec
urity
Im
pac
t Anal
ysis
Acc
ess
Res
tric
tion
s fo
r Chan
ge
Configura
tion S
ettings
Leas
t Fu
nct
ional
ity
Info
rmat
ion S
yste
m C
om
ponen
t In
vento
ry
Configura
tion M
anag
emen
t Pl
an
Soft
war
e U
sage
Res
tric
tions
Use
r–In
stal
led S
oft
war
e
Contingen
cy P
lannin
g
Contingen
cy P
lannin
g P
olic
y an
d P
roce
dure
s
Contingen
cy P
lan
Contingen
cy T
rain
ing
Contingen
cy P
lan T
esting
Withdra
wn
Alter
nat
e Sto
rage
Site
Alter
nat
e Pr
oce
ssin
g S
ite
Tel
ecom
munic
atio
ns
Ser
vice
s
Info
rmat
ion S
yste
m B
acku
p
AU
–09
AU
–10
AU
–11
AU
–12
AU
–13
AU
–14
AU
–15
AU
–16 CA
CA–01
CA–02
CA–03
CA–04
CA–05
CA–06
CA–07
CA–08
CA–09 CM
CM
–01
CM
–02
CM
–03
CM
–04
CM
–05
CM
–06
CM
–07
CM
–08
CM
–09
CM
–10
CM
–11 CP
CP–
01
CP–
02
CP–
03
CP–
04
CP–
05
CP–
06
CP–
07
CP–
08
CP–
09
1 x
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 29 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guide for Applying the Risk Management Framework to Federal Information SP 800-37 Rev. 1
Recommendation for Block Cipher Modes of Operation - Methods and Techni SP 800-38 A
Recommendation for Block Cipher Modes of Operation: Three Variants of Cip800-38 A - Addendum
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for A SP 800-38 B
Recommendation for Block Cipher Modes of Operation: the CCM Mode for Au SP 800-38 C
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode SP 800-38 D
Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode f SP 800-38 E
DRAFT Recommendation for Block Cipher Modes of Operation: Methods for K SP 800-38 F
Managing Information Security Risk: Organization, Mission, and Information SP 800-39
Creating a Patch and Vulnerability Management Program 800-40 Version 2.0
Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1
Systems Administration Guidance for Windows 2000 Professional System SP 800-43
Guidelines on Securing Public Web Servers SP 800-44 Version 2
Guidelines on Electronic Mail Security SP 800-45 Version 2
Guide to Enterprise Telework and Remote Access Security SP 800-46 Rev. 1
Security Guide for Interconnecting Information Technology Systems SP 800-47
Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1
Federal S/MIME V3 Client Profile SP 800-49
Building an Information Technology Security Awareness and Training Progra SP 800-50
Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1
Guidelines for the Selection and Use of Transport Layer Security (TLS) Imple SP 800-52
Guide for Assessing the Security Controls in Federal Information Systems anSP 800-53 A Rev. 1
Recommended Security Controls for Federal Information Systems and Organ SP 800-53 Rev. 3
Prote
ctio
n o
f Audit I
nfo
rmat
ion
Non–re
pudia
tion
Audit R
ecord
Ret
ention
Audit G
ener
atio
n
Monitoring for
Info
rmat
ion D
iscl
osu
re
Ses
sion A
udit
Alter
nat
e Audit C
apab
ility
Cro
ss–O
rgan
izat
ional
Auditin
g
Sec
uri
ty A
sses
smen
t and A
uth
ori
zation
Sec
urity
Ass
essm
ent
and A
uth
oriz
atio
n P
olic
ies
and P
ro
Sec
urity
Ass
essm
ents
Sys
tem
Inte
rconnec
tions
Withdra
wn
Plan
of Act
ion a
nd M
ilest
ones
Sec
urity
Auth
oriza
tion
Continuous
Monitoring
Penet
ration T
esting
Inte
rnal
Sys
tem
Connec
tions
Configura
tion M
anagem
ent
Configura
tion M
anag
emen
t Po
licy
and P
roce
dure
s
Bas
elin
e Configura
tion
Configura
tion C
han
ge
Contr
ol
Sec
urity
Im
pac
t Anal
ysis
Acc
ess
Res
tric
tion
s fo
r Chan
ge
Configura
tion S
ettings
Leas
t Fu
nct
ional
ity
Info
rmat
ion S
yste
m C
om
ponen
t In
vento
ry
Configura
tion M
anag
emen
t Pl
an
Soft
war
e U
sage
Res
tric
tions
Use
r–In
stal
led S
oft
war
e
Contingen
cy P
lannin
g
Contingen
cy P
lannin
g P
olic
y an
d P
roce
dure
s
Contingen
cy P
lan
Contingen
cy T
rain
ing
Contingen
cy P
lan T
esting
Withdra
wn
Alter
nat
e Sto
rage
Site
Alter
nat
e Pr
oce
ssin
g S
ite
Tel
ecom
munic
atio
ns
Ser
vice
s
Info
rmat
ion S
yste
m B
acku
p
AU
–09
AU
–10
AU
–11
AU
–12
AU
–13
AU
–14
AU
–15
AU
–16 CA
CA–01
CA–02
CA–03
CA–04
CA–05
CA–06
CA–07
CA–08
CA–09 CM
CM
–01
CM
–02
CM
–03
CM
–04
CM
–05
CM
–06
CM
–07
CM
–08
CM
–09
CM
–10
CM
–11 CP
CP–
01
CP–
02
CP–
03
CP–
04
CP–
05
CP–
06
CP–
07
CP–
08
CP–
09
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 30 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
DRAFT Security and Privacy Controls for Federal Information Systems and O SP 800-53 Rev. 4
Border Gateway Protocol Security SP 800-54
Performance Measurement Guide for Information Security SP 800-55 Rev. 1
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete L SP 800-56 A
Recommendation for Pair-Wise Key Establishment Schemes Using Integer Fa SP 800-56 B
Recommendation for Key Derivation through Extraction-then-Expansion SP 800-56 C
Recommendation for Key Management SP 800-57
DRAFT Recommendation for Key Management: Part 1: General SP 800-57 Part 1
Security Considerations for Voice Over IP Systems SP 800-58
Guideline for Identifying an Information System as a National Security Syste SP 800-59
Guide for Mapping Types of Information and Information Systems to Securit SP 800-60 Rev. 1
Computer Security Incident Handling Guide SP 800-61 Rev. 1
DRAFT Computer Security Incident Handling Guide SP 800-61 Rev. 2
Electronic Authentication Guideline SP 800-63 Rev. 1
Electronic Authentication Guideline 00-63 Version 1.0.2
Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2
Integrating IT Security into the Capital Planning and Investment Control Pro SP 800-65
DRAFT Recommendations for Integrating Information Security into the Capit SP 800-65 Rev. 1
An Introductory Resource Guide for Implementing the Health Insurance Port SP 800-66 Rev 1
Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Ciph SP 800-67 Rev. 1
Guide to Securing Microsoft Windows XP Systems for IT Professionals SP 800-68 Rev. 1
Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security SP 800-69
National Checklist Program for IT Products: Guidelines for Checklist Users an SP 800-70 Rev. 2
Prote
ctio
n o
f Audit I
nfo
rmat
ion
Non–re
pudia
tion
Audit R
ecord
Ret
ention
Audit G
ener
atio
n
Monitoring for
Info
rmat
ion D
iscl
osu
re
Ses
sion A
udit
Alter
nat
e Audit C
apab
ility
Cro
ss–O
rgan
izat
ional
Auditin
g
Sec
uri
ty A
sses
smen
t and A
uth
ori
zation
Sec
urity
Ass
essm
ent
and A
uth
oriz
atio
n P
olic
ies
and P
ro
Sec
urity
Ass
essm
ents
Sys
tem
Inte
rconnec
tions
Withdra
wn
Plan
of Act
ion a
nd M
ilest
ones
Sec
urity
Auth
oriza
tion
Continuous
Monitoring
Penet
ration T
esting
Inte
rnal
Sys
tem
Connec
tions
Configura
tion M
anagem
ent
Configura
tion M
anag
emen
t Po
licy
and P
roce
dure
s
Bas
elin
e Configura
tion
Configura
tion C
han
ge
Contr
ol
Sec
urity
Im
pac
t Anal
ysis
Acc
ess
Res
tric
tion
s fo
r Chan
ge
Configura
tion S
ettings
Leas
t Fu
nct
ional
ity
Info
rmat
ion S
yste
m C
om
ponen
t In
vento
ry
Configura
tion M
anag
emen
t Pl
an
Soft
war
e U
sage
Res
tric
tions
Use
r–In
stal
led S
oft
war
e
Contingen
cy P
lannin
g
Contingen
cy P
lannin
g P
olic
y an
d P
roce
dure
s
Contingen
cy P
lan
Contingen
cy T
rain
ing
Contingen
cy P
lan T
esting
Withdra
wn
Alter
nat
e Sto
rage
Site
Alter
nat
e Pr
oce
ssin
g S
ite
Tel
ecom
munic
atio
ns
Ser
vice
s
Info
rmat
ion S
yste
m B
acku
p
AU
–09
AU
–10
AU
–11
AU
–12
AU
–13
AU
–14
AU
–15
AU
–16 CA
CA–01
CA–02
CA–03
CA–04
CA–05
CA–06
CA–07
CA–08
CA–09 CM
CM
–01
CM
–02
CM
–03
CM
–04
CM
–05
CM
–06
CM
–07
CM
–08
CM
–09
CM
–10
CM
–11 CP
CP–
01
CP–
02
CP–
03
CP–
04
CP–
05
CP–
06
CP–
07
CP–
08
CP–
09
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 31 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guidelines on PDA Forensics SP 800-72
Interfaces for Personal Identity Verification (4 Parts) SP 800-73 -3
Biometric Data Specification for Personal Identity Verification SP 800-76 -1
DRAFT Biometric Data Specification for Personal Identity Verification SP 800-76 -2
Guide to IPsec VPNs SP 800-77
Cryptographic Algorithms and Key Sizes for Personal Identification Verificatio SP 800-78 -3
Guidelines for the Accreditation of Personal Identity Verification (PIV) Card I SP 800-79 -1
Secure Domain Name System (DNS) Deployment Guide SP 800-81 Rev. 1
Guide to Industrial Control Systems (ICS) Security SP 800-82
Guide to Malware Incident Prevention and Handling SP 800-83
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP 800-84
PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 SP 800-85 A-2
PIV Data Model Test Guidelines SP 800-85 B
DRAFT PIV Data Model Conformance Test Guidelines SP 800-85 B-1
Guide to Integrating Forensic Techniques into Incident Response SP 800-86
Codes for Identification of Federal and Federally-Assisted Organizations SP 800-87 Rev 1
Guidelines for Media Sanitization SP 800-88
Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89
Recommendation for Random Number Generation Using Deterministic Rando SP 800-90 A
Guide to Computer Security Log Management SP 800-92
Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94
Guide to Secure Web Services SP 800-95
PIV Card to Reader Interoperability Guidelines SP 800-96
Prote
ctio
n o
f Audit I
nfo
rmat
ion
Non–re
pudia
tion
Audit R
ecord
Ret
ention
Audit G
ener
atio
n
Monitoring for
Info
rmat
ion D
iscl
osu
re
Ses
sion A
udit
Alter
nat
e Audit C
apab
ility
Cro
ss–O
rgan
izat
ional
Auditin
g
Sec
uri
ty A
sses
smen
t and A
uth
ori
zation
Sec
urity
Ass
essm
ent
and A
uth
oriz
atio
n P
olic
ies
and P
ro
Sec
urity
Ass
essm
ents
Sys
tem
Inte
rconnec
tions
Withdra
wn
Plan
of Act
ion a
nd M
ilest
ones
Sec
urity
Auth
oriza
tion
Continuous
Monitoring
Penet
ration T
esting
Inte
rnal
Sys
tem
Connec
tions
Configura
tion M
anagem
ent
Configura
tion M
anag
emen
t Po
licy
and P
roce
dure
s
Bas
elin
e Configura
tion
Configura
tion C
han
ge
Contr
ol
Sec
urity
Im
pac
t Anal
ysis
Acc
ess
Res
tric
tion
s fo
r Chan
ge
Configura
tion S
ettings
Leas
t Fu
nct
ional
ity
Info
rmat
ion S
yste
m C
om
ponen
t In
vento
ry
Configura
tion M
anag
emen
t Pl
an
Soft
war
e U
sage
Res
tric
tions
Use
r–In
stal
led S
oft
war
e
Contingen
cy P
lannin
g
Contingen
cy P
lannin
g P
olic
y an
d P
roce
dure
s
Contingen
cy P
lan
Contingen
cy T
rain
ing
Contingen
cy P
lan T
esting
Withdra
wn
Alter
nat
e Sto
rage
Site
Alter
nat
e Pr
oce
ssin
g S
ite
Tel
ecom
munic
atio
ns
Ser
vice
s
Info
rmat
ion S
yste
m B
acku
p
AU
–09
AU
–10
AU
–11
AU
–12
AU
–13
AU
–14
AU
–15
AU
–16 CA
CA–01
CA–02
CA–03
CA–04
CA–05
CA–06
CA–07
CA–08
CA–09 CM
CM
–01
CM
–02
CM
–03
CM
–04
CM
–05
CM
–06
CM
–07
CM
–08
CM
–09
CM
–10
CM
–11 CP
CP–
01
CP–
02
CP–
03
CP–
04
CP–
05
CP–
06
CP–
07
CP–
08
CP–
09
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 32 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97
Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98
Information Security Handbook: A Guide for Managers SP 800-100
Guidelines on Cell Phone Forensics SP 800-101
Recommendation for Digital Signature Timeliness SP 800-102
DRAFT An Ontology of Identity Credentials, Part I: Background and Formula SP 800-103
A Scheme for PIV Visual Card Topography SP 800-104
Randomized Hashing for Digital Signatures SP 800-106
Recommendation for Applications Using Approved Hash Algorithms SP 800-107
DRAFT Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Revised
Recommendation for Key Derivation Using Pseudorandom Functions SP 800-108
Guide to Storage Encryption Technologies for End User Devices SP 800-111
Guide to SSL VPNs SP 800-113
User's Guide to Securing External Devices for Telework and Remote Access SP 800-114
Technical Guide to Information Security Testing and Assessment SP 800-115
A Recommendation for the Use of PIV Credentials in Physical Access Control SP 800-116
Guide to Adopting and Using the Security Content Automation Protocol (SCA SP 800-117
DRAFT Guide to Adopting and Using the Security Content Automation Protoc SP 800-117 Rev. 1
DRAFT Guide to Enterprise Password Management SP 800-118
Guidelines for the Secure Deployment of IPv6 SP 800-119
Recommendation for EAP Methods Used in Wireless Network Access Authent SP 800-120
Guide to Bluetooth Security SP 800-121 Rev. 1
Guide to Protecting the Confidentiality of Personally Identifiable Information SP 800-122
Prote
ctio
n o
f Audit I
nfo
rmat
ion
Non–re
pudia
tion
Audit R
ecord
Ret
ention
Audit G
ener
atio
n
Monitoring for
Info
rmat
ion D
iscl
osu
re
Ses
sion A
udit
Alter
nat
e Audit C
apab
ility
Cro
ss–O
rgan
izat
ional
Auditin
g
Sec
uri
ty A
sses
smen
t and A
uth
ori
zation
Sec
urity
Ass
essm
ent
and A
uth
oriz
atio
n P
olic
ies
and P
ro
Sec
urity
Ass
essm
ents
Sys
tem
Inte
rconnec
tions
Withdra
wn
Plan
of Act
ion a
nd M
ilest
ones
Sec
urity
Auth
oriza
tion
Continuous
Monitoring
Penet
ration T
esting
Inte
rnal
Sys
tem
Connec
tions
Configura
tion M
anagem
ent
Configura
tion M
anag
emen
t Po
licy
and P
roce
dure
s
Bas
elin
e Configura
tion
Configura
tion C
han
ge
Contr
ol
Sec
urity
Im
pac
t Anal
ysis
Acc
ess
Res
tric
tion
s fo
r Chan
ge
Configura
tion S
ettings
Leas
t Fu
nct
ional
ity
Info
rmat
ion S
yste
m C
om
ponen
t In
vento
ry
Configura
tion M
anag
emen
t Pl
an
Soft
war
e U
sage
Res
tric
tions
Use
r–In
stal
led S
oft
war
e
Contingen
cy P
lannin
g
Contingen
cy P
lannin
g P
olic
y an
d P
roce
dure
s
Contingen
cy P
lan
Contingen
cy T
rain
ing
Contingen
cy P
lan T
esting
Withdra
wn
Alter
nat
e Sto
rage
Site
Alter
nat
e Pr
oce
ssin
g S
ite
Tel
ecom
munic
atio
ns
Ser
vice
s
Info
rmat
ion S
yste
m B
acku
p
AU
–09
AU
–10
AU
–11
AU
–12
AU
–13
AU
–14
AU
–15
AU
–16 CA
CA–01
CA–02
CA–03
CA–04
CA–05
CA–06
CA–07
CA–08
CA–09 CM
CM
–01
CM
–02
CM
–03
CM
–04
CM
–05
CM
–06
CM
–07
CM
–08
CM
–09
CM
–10
CM
–11 CP
CP–
01
CP–
02
CP–
03
CP–
04
CP–
05
CP–
06
CP–
07
CP–
08
CP–
09
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 33 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guide to General Server Security SP 800-123
Guidelines on Cell Phone and PDA Security SP 800-124
Guide to Security for Full Virtualization Technologies SP 800-125
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 1
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 2
Guide to Securing WiMAX Wireless Communications SP 800-127
Guide for Security-Focused Configuration Management of Information Syste SP 800-128
DRAFT A Framework for Designing Cryptographic Key Management Systems SP 800-130
Transitions: Recommendation for Transitioning the Use of Cryptographic Alg SP 800-131 A
DRAFT Transitions: Validation of Transitioning Cryptographic Algorithm and SP 800-131 B
DRAFT Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 SP 800-131 C
Recommendation for Password-Based Key Derivation Part 1: Storage Applica SP 800-132
DRAFT Recommendation for Cryptographic Key Generation SP 800-133
Recommendation for Existing Application-Specific Key Derivation Functions SP 800-135 Rev. 1
Information Security Continuous Monitoring for Federal Information Systems SP 800-137
Practical Combinatorial Testing SP 800-142
Guidelines on Security and Privacy in Public Cloud Computing SP 800-144
A NIST Definition of Cloud Computing SP 800-145
Cloud Computing Synopsis and Recommendations SP 800-146
Basic Input/Output System (BIOS) Protection Guidelines SP 800-147
Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153
DRAFT BIOS Integrity Measurement Guidelines SP 800-155
Prote
ctio
n o
f Audit I
nfo
rmat
ion
Non–re
pudia
tion
Audit R
ecord
Ret
ention
Audit G
ener
atio
n
Monitoring for
Info
rmat
ion D
iscl
osu
re
Ses
sion A
udit
Alter
nat
e Audit C
apab
ility
Cro
ss–O
rgan
izat
ional
Auditin
g
Sec
uri
ty A
sses
smen
t and A
uth
ori
zation
Sec
urity
Ass
essm
ent
and A
uth
oriz
atio
n P
olic
ies
and P
ro
Sec
urity
Ass
essm
ents
Sys
tem
Inte
rconnec
tions
Withdra
wn
Plan
of Act
ion a
nd M
ilest
ones
Sec
urity
Auth
oriza
tion
Continuous
Monitoring
Penet
ration T
esting
Inte
rnal
Sys
tem
Connec
tions
Configura
tion M
anagem
ent
Configura
tion M
anag
emen
t Po
licy
and P
roce
dure
s
Bas
elin
e Configura
tion
Configura
tion C
han
ge
Contr
ol
Sec
urity
Im
pac
t Anal
ysis
Acc
ess
Res
tric
tion
s fo
r Chan
ge
Configura
tion S
ettings
Leas
t Fu
nct
ional
ity
Info
rmat
ion S
yste
m C
om
ponen
t In
vento
ry
Configura
tion M
anag
emen
t Pl
an
Soft
war
e U
sage
Res
tric
tions
Use
r–In
stal
led S
oft
war
e
Contingen
cy P
lannin
g
Contingen
cy P
lannin
g P
olic
y an
d P
roce
dure
s
Contingen
cy P
lan
Contingen
cy T
rain
ing
Contingen
cy P
lan T
esting
Withdra
wn
Alter
nat
e Sto
rage
Site
Alter
nat
e Pr
oce
ssin
g S
ite
Tel
ecom
munic
atio
ns
Ser
vice
s
Info
rmat
ion S
yste
m B
acku
p
AU
–09
AU
–10
AU
–11
AU
–12
AU
–13
AU
–14
AU
–15
AU
–16 CA
CA–01
CA–02
CA–03
CA–04
CA–05
CA–06
CA–07
CA–08
CA–09 CM
CM
–01
CM
–02
CM
–03
CM
–04
CM
–05
CM
–06
CM
–07
CM
–08
CM
–09
CM
–10
CM
–11 CP
CP–
01
CP–
02
CP–
03
CP–
04
CP–
05
CP–
06
CP–
07
CP–
08
CP–
09
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 34 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Inventory of Authorized & Unauthorized Devices CSC–01 7
Inventory of Authorized and Unauthorized Software CSC–02 10
Secure Configurations for Mobile Devices, Workstations, Servers CSC–03 16
Continuous Vulnerability Assessment and Remediation CSC–04 6
Malware Defenses CSC–05 6
Application Software Security CSC–06 15
Wireless Device Control CSC–07 10
Data Recovery Capability CSC–08 3
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–09 9
Secure Configurations for Network Infrastructure & Security Devices CSC–10 12
Inventory of Authorized & Unauthorized Devices CSC–11 11
Inventory of Authorized and Unauthorized Software CSC–12 9
Secure Configurations for Mobile Devices, Workstations, Servers CSC–13 11
Continuous Vulnerability Assessment and Remediation CSC–14 17
Malware Defenses CSC–15 10
Application Software Security CSC–16 11
Wireless Device Control CSC–17 13
Data Recovery Capability CSC–18 9
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–19 9
Secure Configurations for Network Infrastructure & Security Devices CSC–20 9
NIST 800 Series Special Publications 1
An Introduction to Computer Security: The NIST Handbook SP 800-12
Telecommunications Security Guidelines for Telecommunications Manageme SP 800-13
Info
rmat
ion S
yste
m R
ecov
ery
and R
econ
stitution
Alter
nat
e Com
munic
atio
ns
Proto
cols
Saf
e M
ode
Alter
nat
ive
Sec
urity
Mec
han
ism
s
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion P
olic
y an
d P
roce
dure
s
Iden
tifica
tion a
nd A
uth
entica
tion (
Org
aniz
atio
nal
Use
rs)
Dev
ice
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifier
Man
agem
ent
Auth
entica
tor
Man
agem
ent
Auth
entica
tor
Feed
bac
k
Cry
pto
gra
phic
Module
Auth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion (
Non– O
rgan
izat
ional
Ser
vice
Iden
tifica
tion a
nd A
uth
entica
tion
Adap
tive
Iden
tifica
tion a
nd A
uth
entica
tion
Re–
auth
entica
tion
Inci
den
t R
esponse
Inci
den
t Res
ponse
Polic
y an
d P
roce
dure
s
Inci
den
t Res
pon
se T
rain
ing
Inci
den
t Res
pon
se T
esting
Inci
den
t H
andlin
g
Inci
den
t M
onitoring
Inci
den
t Rep
ort
ing
Inci
den
t Res
pon
se A
ssis
tance
Inci
den
t Res
pon
se P
lan
Info
rmat
ion S
pill
age
Res
ponse
Inte
gra
ted I
nfo
rmat
ion S
ecurity
Anal
ysis
Tea
m
Main
tenance
Sys
tem
Mai
nte
nan
ce P
olic
y an
d P
roce
dure
s
Contr
olle
d M
ainte
nan
ce
Mai
nte
nan
ce T
ools
Nonlo
cal M
ainte
nan
ce
Mai
nte
nan
ce P
erso
nnel
Tim
ely
Mai
nte
nan
ce
Med
ia P
rote
ctio
n
Med
ia P
rote
ctio
n P
olic
y an
d P
roce
dure
s
Med
ia A
cces
s
Med
ia M
arki
ng
Med
ia S
tora
ge
Med
ia T
ransp
ort
CP–
10
CP–
11
CP–
12
CP–
13 IA
IA–01
IA–02
IA–03
IA–04
IA–05
IA–06
IA–07
IA–08
IA–09
IA–10
IA–11 IR
IR–01
IR–02
IR–03
IR–04
IR–05
IR–06
IR–07
IR–08
IR–09
IR–10 MA
MA–01
MA–02
MA–03
MA–04
MA–05
MA–06 MP
MP–
01
MP–
02
MP–
03
MP–
04
MP–
05
1 X
1 X
1 X
X 1 X
1 X
3 X X X
1 X
1 X
2 X X
1 X 1 X
9 X X X X X X X X X
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 35 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Generally Accepted Principles and Practices for Securing Information Techno SP 800-14
MISPC Minimum Interoperability Specification for PKI Components SP 800-15 Version 1
Information Technology Security Training Requirements: A Role- and Perform SP 800-16
DRAFT Information Security Training Requirements: A Role- and Performanc SP 800-16 Rev. 1
Modes of Operation Validation System (MOVS): Requirements and Procedure SP 800-17
Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev.1
Mobile Agent Security SP 800-19
Modes of Operation Validation System for the Triple Data Encryption Algorith SP 800-20
Guideline for Implementing Cryptography in the Federal Government 800-21 2nd edition
A Statistical Test Suite for Random and Pseudorandom Number Generators f SP 800-22 Rev. 1a
Guidelines to Federal Organizations on Security Assurance and Acquisition/U SP 800-23
PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else D SP 800-24
Federal Agency Use of Public Key Technology for Digital Signatures and Auth SP 800-25
Engineering Principles for Information Technology Security (A Baseline for A SP 800-27 Rev. A
Guidelines on Active Content and Mobile Code SP 800-28 Version 2
A Comparison of the Security Requirements for Cryptographic Modules in FI SP 800-29
Risk Management Guide for Information Technology Systems SP 800-30
Guide for Conducting Risk Assessments SP 800-30 Rev. 1 1
Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32
Underlying Technical Models for Information Technology Security SP 800-33
Contingency Planning Guide for Federal Information Systems (Errata Page - SP 800-34 Rev. 1
Guide to Information Technology Security Services SP 800-35
Guide to Selecting Information Technology Security Products SP 800-36
Info
rmat
ion S
yste
m R
ecov
ery
and R
econ
stitution
Alter
nat
e Com
munic
atio
ns
Proto
cols
Saf
e M
ode
Alter
nat
ive
Sec
urity
Mec
han
ism
s
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion P
olic
y an
d P
roce
dure
s
Iden
tifica
tion a
nd A
uth
entica
tion (
Org
aniz
atio
nal
Use
rs)
Dev
ice
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifier
Man
agem
ent
Auth
entica
tor
Man
agem
ent
Auth
entica
tor
Feed
bac
k
Cry
pto
gra
phic
Module
Auth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion (
Non– O
rgan
izat
ional
Ser
vice
Iden
tifica
tion a
nd A
uth
entica
tion
Adap
tive
Iden
tifica
tion a
nd A
uth
entica
tion
Re–
auth
entica
tion
Inci
den
t R
esponse
Inci
den
t Res
ponse
Polic
y an
d P
roce
dure
s
Inci
den
t Res
pon
se T
rain
ing
Inci
den
t Res
pon
se T
esting
Inci
den
t H
andlin
g
Inci
den
t M
onitoring
Inci
den
t Rep
ort
ing
Inci
den
t Res
pon
se A
ssis
tance
Inci
den
t Res
pon
se P
lan
Info
rmat
ion S
pill
age
Res
ponse
Inte
gra
ted I
nfo
rmat
ion S
ecurity
Anal
ysis
Tea
m
Main
tenance
Sys
tem
Mai
nte
nan
ce P
olic
y an
d P
roce
dure
s
Contr
olle
d M
ainte
nan
ce
Mai
nte
nan
ce T
ools
Nonlo
cal M
ainte
nan
ce
Mai
nte
nan
ce P
erso
nnel
Tim
ely
Mai
nte
nan
ce
Med
ia P
rote
ctio
n
Med
ia P
rote
ctio
n P
olic
y an
d P
roce
dure
s
Med
ia A
cces
s
Med
ia M
arki
ng
Med
ia S
tora
ge
Med
ia T
ransp
ort
CP–
10
CP–
11
CP–
12
CP–
13 IA
IA–01
IA–02
IA–03
IA–04
IA–05
IA–06
IA–07
IA–08
IA–09
IA–10
IA–11 IR
IR–01
IR–02
IR–03
IR–04
IR–05
IR–06
IR–07
IR–08
IR–09
IR–10 MA
MA–01
MA–02
MA–03
MA–04
MA–05
MA–06 MP
MP–
01
MP–
02
MP–
03
MP–
04
MP–
05
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 36 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guide for Applying the Risk Management Framework to Federal Information SP 800-37 Rev. 1
Recommendation for Block Cipher Modes of Operation - Methods and Techni SP 800-38 A
Recommendation for Block Cipher Modes of Operation: Three Variants of Cip800-38 A - Addendum
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for A SP 800-38 B
Recommendation for Block Cipher Modes of Operation: the CCM Mode for Au SP 800-38 C
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode SP 800-38 D
Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode f SP 800-38 E
DRAFT Recommendation for Block Cipher Modes of Operation: Methods for K SP 800-38 F
Managing Information Security Risk: Organization, Mission, and Information SP 800-39
Creating a Patch and Vulnerability Management Program 800-40 Version 2.0
Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1
Systems Administration Guidance for Windows 2000 Professional System SP 800-43
Guidelines on Securing Public Web Servers SP 800-44 Version 2
Guidelines on Electronic Mail Security SP 800-45 Version 2
Guide to Enterprise Telework and Remote Access Security SP 800-46 Rev. 1
Security Guide for Interconnecting Information Technology Systems SP 800-47
Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1
Federal S/MIME V3 Client Profile SP 800-49
Building an Information Technology Security Awareness and Training Progra SP 800-50
Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1
Guidelines for the Selection and Use of Transport Layer Security (TLS) Imple SP 800-52
Guide for Assessing the Security Controls in Federal Information Systems anSP 800-53 A Rev. 1
Recommended Security Controls for Federal Information Systems and Organ SP 800-53 Rev. 3
Info
rmat
ion S
yste
m R
ecov
ery
and R
econ
stitution
Alter
nat
e Com
munic
atio
ns
Proto
cols
Saf
e M
ode
Alter
nat
ive
Sec
urity
Mec
han
ism
s
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion P
olic
y an
d P
roce
dure
s
Iden
tifica
tion a
nd A
uth
entica
tion (
Org
aniz
atio
nal
Use
rs)
Dev
ice
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifier
Man
agem
ent
Auth
entica
tor
Man
agem
ent
Auth
entica
tor
Feed
bac
k
Cry
pto
gra
phic
Module
Auth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion (
Non– O
rgan
izat
ional
Ser
vice
Iden
tifica
tion a
nd A
uth
entica
tion
Adap
tive
Iden
tifica
tion a
nd A
uth
entica
tion
Re–
auth
entica
tion
Inci
den
t R
esponse
Inci
den
t Res
ponse
Polic
y an
d P
roce
dure
s
Inci
den
t Res
pon
se T
rain
ing
Inci
den
t Res
pon
se T
esting
Inci
den
t H
andlin
g
Inci
den
t M
onitoring
Inci
den
t Rep
ort
ing
Inci
den
t Res
pon
se A
ssis
tance
Inci
den
t Res
pon
se P
lan
Info
rmat
ion S
pill
age
Res
ponse
Inte
gra
ted I
nfo
rmat
ion S
ecurity
Anal
ysis
Tea
m
Main
tenance
Sys
tem
Mai
nte
nan
ce P
olic
y an
d P
roce
dure
s
Contr
olle
d M
ainte
nan
ce
Mai
nte
nan
ce T
ools
Nonlo
cal M
ainte
nan
ce
Mai
nte
nan
ce P
erso
nnel
Tim
ely
Mai
nte
nan
ce
Med
ia P
rote
ctio
n
Med
ia P
rote
ctio
n P
olic
y an
d P
roce
dure
s
Med
ia A
cces
s
Med
ia M
arki
ng
Med
ia S
tora
ge
Med
ia T
ransp
ort
CP–
10
CP–
11
CP–
12
CP–
13 IA
IA–01
IA–02
IA–03
IA–04
IA–05
IA–06
IA–07
IA–08
IA–09
IA–10
IA–11 IR
IR–01
IR–02
IR–03
IR–04
IR–05
IR–06
IR–07
IR–08
IR–09
IR–10 MA
MA–01
MA–02
MA–03
MA–04
MA–05
MA–06 MP
MP–
01
MP–
02
MP–
03
MP–
04
MP–
05
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 37 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
DRAFT Security and Privacy Controls for Federal Information Systems and O SP 800-53 Rev. 4
Border Gateway Protocol Security SP 800-54
Performance Measurement Guide for Information Security SP 800-55 Rev. 1
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete L SP 800-56 A
Recommendation for Pair-Wise Key Establishment Schemes Using Integer Fa SP 800-56 B
Recommendation for Key Derivation through Extraction-then-Expansion SP 800-56 C
Recommendation for Key Management SP 800-57
DRAFT Recommendation for Key Management: Part 1: General SP 800-57 Part 1
Security Considerations for Voice Over IP Systems SP 800-58
Guideline for Identifying an Information System as a National Security Syste SP 800-59
Guide for Mapping Types of Information and Information Systems to Securit SP 800-60 Rev. 1
Computer Security Incident Handling Guide SP 800-61 Rev. 1
DRAFT Computer Security Incident Handling Guide SP 800-61 Rev. 2
Electronic Authentication Guideline SP 800-63 Rev. 1
Electronic Authentication Guideline 00-63 Version 1.0.2
Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2
Integrating IT Security into the Capital Planning and Investment Control Pro SP 800-65
DRAFT Recommendations for Integrating Information Security into the Capit SP 800-65 Rev. 1
An Introductory Resource Guide for Implementing the Health Insurance Port SP 800-66 Rev 1
Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Ciph SP 800-67 Rev. 1
Guide to Securing Microsoft Windows XP Systems for IT Professionals SP 800-68 Rev. 1
Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security SP 800-69
National Checklist Program for IT Products: Guidelines for Checklist Users an SP 800-70 Rev. 2
Info
rmat
ion S
yste
m R
ecov
ery
and R
econ
stitution
Alter
nat
e Com
munic
atio
ns
Proto
cols
Saf
e M
ode
Alter
nat
ive
Sec
urity
Mec
han
ism
s
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion P
olic
y an
d P
roce
dure
s
Iden
tifica
tion a
nd A
uth
entica
tion (
Org
aniz
atio
nal
Use
rs)
Dev
ice
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifier
Man
agem
ent
Auth
entica
tor
Man
agem
ent
Auth
entica
tor
Feed
bac
k
Cry
pto
gra
phic
Module
Auth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion (
Non– O
rgan
izat
ional
Ser
vice
Iden
tifica
tion a
nd A
uth
entica
tion
Adap
tive
Iden
tifica
tion a
nd A
uth
entica
tion
Re–
auth
entica
tion
Inci
den
t R
esponse
Inci
den
t Res
ponse
Polic
y an
d P
roce
dure
s
Inci
den
t Res
pon
se T
rain
ing
Inci
den
t Res
pon
se T
esting
Inci
den
t H
andlin
g
Inci
den
t M
onitoring
Inci
den
t Rep
ort
ing
Inci
den
t Res
pon
se A
ssis
tance
Inci
den
t Res
pon
se P
lan
Info
rmat
ion S
pill
age
Res
ponse
Inte
gra
ted I
nfo
rmat
ion S
ecurity
Anal
ysis
Tea
m
Main
tenance
Sys
tem
Mai
nte
nan
ce P
olic
y an
d P
roce
dure
s
Contr
olle
d M
ainte
nan
ce
Mai
nte
nan
ce T
ools
Nonlo
cal M
ainte
nan
ce
Mai
nte
nan
ce P
erso
nnel
Tim
ely
Mai
nte
nan
ce
Med
ia P
rote
ctio
n
Med
ia P
rote
ctio
n P
olic
y an
d P
roce
dure
s
Med
ia A
cces
s
Med
ia M
arki
ng
Med
ia S
tora
ge
Med
ia T
ransp
ort
CP–
10
CP–
11
CP–
12
CP–
13 IA
IA–01
IA–02
IA–03
IA–04
IA–05
IA–06
IA–07
IA–08
IA–09
IA–10
IA–11 IR
IR–01
IR–02
IR–03
IR–04
IR–05
IR–06
IR–07
IR–08
IR–09
IR–10 MA
MA–01
MA–02
MA–03
MA–04
MA–05
MA–06 MP
MP–
01
MP–
02
MP–
03
MP–
04
MP–
05
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 38 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guidelines on PDA Forensics SP 800-72
Interfaces for Personal Identity Verification (4 Parts) SP 800-73 -3
Biometric Data Specification for Personal Identity Verification SP 800-76 -1
DRAFT Biometric Data Specification for Personal Identity Verification SP 800-76 -2
Guide to IPsec VPNs SP 800-77
Cryptographic Algorithms and Key Sizes for Personal Identification Verificatio SP 800-78 -3
Guidelines for the Accreditation of Personal Identity Verification (PIV) Card I SP 800-79 -1
Secure Domain Name System (DNS) Deployment Guide SP 800-81 Rev. 1
Guide to Industrial Control Systems (ICS) Security SP 800-82
Guide to Malware Incident Prevention and Handling SP 800-83
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP 800-84
PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 SP 800-85 A-2
PIV Data Model Test Guidelines SP 800-85 B
DRAFT PIV Data Model Conformance Test Guidelines SP 800-85 B-1
Guide to Integrating Forensic Techniques into Incident Response SP 800-86
Codes for Identification of Federal and Federally-Assisted Organizations SP 800-87 Rev 1
Guidelines for Media Sanitization SP 800-88
Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89
Recommendation for Random Number Generation Using Deterministic Rando SP 800-90 A
Guide to Computer Security Log Management SP 800-92
Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94
Guide to Secure Web Services SP 800-95
PIV Card to Reader Interoperability Guidelines SP 800-96
Info
rmat
ion S
yste
m R
ecov
ery
and R
econ
stitution
Alter
nat
e Com
munic
atio
ns
Proto
cols
Saf
e M
ode
Alter
nat
ive
Sec
urity
Mec
han
ism
s
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion P
olic
y an
d P
roce
dure
s
Iden
tifica
tion a
nd A
uth
entica
tion (
Org
aniz
atio
nal
Use
rs)
Dev
ice
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifier
Man
agem
ent
Auth
entica
tor
Man
agem
ent
Auth
entica
tor
Feed
bac
k
Cry
pto
gra
phic
Module
Auth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion (
Non– O
rgan
izat
ional
Ser
vice
Iden
tifica
tion a
nd A
uth
entica
tion
Adap
tive
Iden
tifica
tion a
nd A
uth
entica
tion
Re–
auth
entica
tion
Inci
den
t R
esponse
Inci
den
t Res
ponse
Polic
y an
d P
roce
dure
s
Inci
den
t Res
pon
se T
rain
ing
Inci
den
t Res
pon
se T
esting
Inci
den
t H
andlin
g
Inci
den
t M
onitoring
Inci
den
t Rep
ort
ing
Inci
den
t Res
pon
se A
ssis
tance
Inci
den
t Res
pon
se P
lan
Info
rmat
ion S
pill
age
Res
ponse
Inte
gra
ted I
nfo
rmat
ion S
ecurity
Anal
ysis
Tea
m
Main
tenance
Sys
tem
Mai
nte
nan
ce P
olic
y an
d P
roce
dure
s
Contr
olle
d M
ainte
nan
ce
Mai
nte
nan
ce T
ools
Nonlo
cal M
ainte
nan
ce
Mai
nte
nan
ce P
erso
nnel
Tim
ely
Mai
nte
nan
ce
Med
ia P
rote
ctio
n
Med
ia P
rote
ctio
n P
olic
y an
d P
roce
dure
s
Med
ia A
cces
s
Med
ia M
arki
ng
Med
ia S
tora
ge
Med
ia T
ransp
ort
CP–
10
CP–
11
CP–
12
CP–
13 IA
IA–01
IA–02
IA–03
IA–04
IA–05
IA–06
IA–07
IA–08
IA–09
IA–10
IA–11 IR
IR–01
IR–02
IR–03
IR–04
IR–05
IR–06
IR–07
IR–08
IR–09
IR–10 MA
MA–01
MA–02
MA–03
MA–04
MA–05
MA–06 MP
MP–
01
MP–
02
MP–
03
MP–
04
MP–
05
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 39 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97
Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98
Information Security Handbook: A Guide for Managers SP 800-100
Guidelines on Cell Phone Forensics SP 800-101
Recommendation for Digital Signature Timeliness SP 800-102
DRAFT An Ontology of Identity Credentials, Part I: Background and Formula SP 800-103
A Scheme for PIV Visual Card Topography SP 800-104
Randomized Hashing for Digital Signatures SP 800-106
Recommendation for Applications Using Approved Hash Algorithms SP 800-107
DRAFT Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Revised
Recommendation for Key Derivation Using Pseudorandom Functions SP 800-108
Guide to Storage Encryption Technologies for End User Devices SP 800-111
Guide to SSL VPNs SP 800-113
User's Guide to Securing External Devices for Telework and Remote Access SP 800-114
Technical Guide to Information Security Testing and Assessment SP 800-115
A Recommendation for the Use of PIV Credentials in Physical Access Control SP 800-116
Guide to Adopting and Using the Security Content Automation Protocol (SCA SP 800-117
DRAFT Guide to Adopting and Using the Security Content Automation Protoc SP 800-117 Rev. 1
DRAFT Guide to Enterprise Password Management SP 800-118
Guidelines for the Secure Deployment of IPv6 SP 800-119
Recommendation for EAP Methods Used in Wireless Network Access Authent SP 800-120
Guide to Bluetooth Security SP 800-121 Rev. 1
Guide to Protecting the Confidentiality of Personally Identifiable Information SP 800-122
Info
rmat
ion S
yste
m R
ecov
ery
and R
econ
stitution
Alter
nat
e Com
munic
atio
ns
Proto
cols
Saf
e M
ode
Alter
nat
ive
Sec
urity
Mec
han
ism
s
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion P
olic
y an
d P
roce
dure
s
Iden
tifica
tion a
nd A
uth
entica
tion (
Org
aniz
atio
nal
Use
rs)
Dev
ice
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifier
Man
agem
ent
Auth
entica
tor
Man
agem
ent
Auth
entica
tor
Feed
bac
k
Cry
pto
gra
phic
Module
Auth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion (
Non– O
rgan
izat
ional
Ser
vice
Iden
tifica
tion a
nd A
uth
entica
tion
Adap
tive
Iden
tifica
tion a
nd A
uth
entica
tion
Re–
auth
entica
tion
Inci
den
t R
esponse
Inci
den
t Res
ponse
Polic
y an
d P
roce
dure
s
Inci
den
t Res
pon
se T
rain
ing
Inci
den
t Res
pon
se T
esting
Inci
den
t H
andlin
g
Inci
den
t M
onitoring
Inci
den
t Rep
ort
ing
Inci
den
t Res
pon
se A
ssis
tance
Inci
den
t Res
pon
se P
lan
Info
rmat
ion S
pill
age
Res
ponse
Inte
gra
ted I
nfo
rmat
ion S
ecurity
Anal
ysis
Tea
m
Main
tenance
Sys
tem
Mai
nte
nan
ce P
olic
y an
d P
roce
dure
s
Contr
olle
d M
ainte
nan
ce
Mai
nte
nan
ce T
ools
Nonlo
cal M
ainte
nan
ce
Mai
nte
nan
ce P
erso
nnel
Tim
ely
Mai
nte
nan
ce
Med
ia P
rote
ctio
n
Med
ia P
rote
ctio
n P
olic
y an
d P
roce
dure
s
Med
ia A
cces
s
Med
ia M
arki
ng
Med
ia S
tora
ge
Med
ia T
ransp
ort
CP–
10
CP–
11
CP–
12
CP–
13 IA
IA–01
IA–02
IA–03
IA–04
IA–05
IA–06
IA–07
IA–08
IA–09
IA–10
IA–11 IR
IR–01
IR–02
IR–03
IR–04
IR–05
IR–06
IR–07
IR–08
IR–09
IR–10 MA
MA–01
MA–02
MA–03
MA–04
MA–05
MA–06 MP
MP–
01
MP–
02
MP–
03
MP–
04
MP–
05
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 40 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guide to General Server Security SP 800-123
Guidelines on Cell Phone and PDA Security SP 800-124
Guide to Security for Full Virtualization Technologies SP 800-125
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 1
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 2
Guide to Securing WiMAX Wireless Communications SP 800-127
Guide for Security-Focused Configuration Management of Information Syste SP 800-128
DRAFT A Framework for Designing Cryptographic Key Management Systems SP 800-130
Transitions: Recommendation for Transitioning the Use of Cryptographic Alg SP 800-131 A
DRAFT Transitions: Validation of Transitioning Cryptographic Algorithm and SP 800-131 B
DRAFT Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 SP 800-131 C
Recommendation for Password-Based Key Derivation Part 1: Storage Applica SP 800-132
DRAFT Recommendation for Cryptographic Key Generation SP 800-133
Recommendation for Existing Application-Specific Key Derivation Functions SP 800-135 Rev. 1
Information Security Continuous Monitoring for Federal Information Systems SP 800-137
Practical Combinatorial Testing SP 800-142
Guidelines on Security and Privacy in Public Cloud Computing SP 800-144
A NIST Definition of Cloud Computing SP 800-145
Cloud Computing Synopsis and Recommendations SP 800-146
Basic Input/Output System (BIOS) Protection Guidelines SP 800-147
Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153
DRAFT BIOS Integrity Measurement Guidelines SP 800-155
Info
rmat
ion S
yste
m R
ecov
ery
and R
econ
stitution
Alter
nat
e Com
munic
atio
ns
Proto
cols
Saf
e M
ode
Alter
nat
ive
Sec
urity
Mec
han
ism
s
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion P
olic
y an
d P
roce
dure
s
Iden
tifica
tion a
nd A
uth
entica
tion (
Org
aniz
atio
nal
Use
rs)
Dev
ice
Iden
tifica
tion a
nd A
uth
entica
tion
Iden
tifier
Man
agem
ent
Auth
entica
tor
Man
agem
ent
Auth
entica
tor
Feed
bac
k
Cry
pto
gra
phic
Module
Auth
entica
tion
Iden
tifica
tion a
nd A
uth
entica
tion (
Non– O
rgan
izat
ional
Ser
vice
Iden
tifica
tion a
nd A
uth
entica
tion
Adap
tive
Iden
tifica
tion a
nd A
uth
entica
tion
Re–
auth
entica
tion
Inci
den
t R
esponse
Inci
den
t Res
ponse
Polic
y an
d P
roce
dure
s
Inci
den
t Res
pon
se T
rain
ing
Inci
den
t Res
pon
se T
esting
Inci
den
t H
andlin
g
Inci
den
t M
onitoring
Inci
den
t Rep
ort
ing
Inci
den
t Res
pon
se A
ssis
tance
Inci
den
t Res
pon
se P
lan
Info
rmat
ion S
pill
age
Res
ponse
Inte
gra
ted I
nfo
rmat
ion S
ecurity
Anal
ysis
Tea
m
Main
tenance
Sys
tem
Mai
nte
nan
ce P
olic
y an
d P
roce
dure
s
Contr
olle
d M
ainte
nan
ce
Mai
nte
nan
ce T
ools
Nonlo
cal M
ainte
nan
ce
Mai
nte
nan
ce P
erso
nnel
Tim
ely
Mai
nte
nan
ce
Med
ia P
rote
ctio
n
Med
ia P
rote
ctio
n P
olic
y an
d P
roce
dure
s
Med
ia A
cces
s
Med
ia M
arki
ng
Med
ia S
tora
ge
Med
ia T
ransp
ort
CP–
10
CP–
11
CP–
12
CP–
13 IA
IA–01
IA–02
IA–03
IA–04
IA–05
IA–06
IA–07
IA–08
IA–09
IA–10
IA–11 IR
IR–01
IR–02
IR–03
IR–04
IR–05
IR–06
IR–07
IR–08
IR–09
IR–10 MA
MA–01
MA–02
MA–03
MA–04
MA–05
MA–06 MP
MP–
01
MP–
02
MP–
03
MP–
04
MP–
05
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 41 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Inventory of Authorized & Unauthorized Devices CSC–01 7
Inventory of Authorized and Unauthorized Software CSC–02 10
Secure Configurations for Mobile Devices, Workstations, Servers CSC–03 16
Continuous Vulnerability Assessment and Remediation CSC–04 6
Malware Defenses CSC–05 6
Application Software Security CSC–06 15
Wireless Device Control CSC–07 10
Data Recovery Capability CSC–08 3
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–09 9
Secure Configurations for Network Infrastructure & Security Devices CSC–10 12
Inventory of Authorized & Unauthorized Devices CSC–11 11
Inventory of Authorized and Unauthorized Software CSC–12 9
Secure Configurations for Mobile Devices, Workstations, Servers CSC–13 11
Continuous Vulnerability Assessment and Remediation CSC–14 17
Malware Defenses CSC–15 10
Application Software Security CSC–16 11
Wireless Device Control CSC–17 13
Data Recovery Capability CSC–18 9
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–19 9
Secure Configurations for Network Infrastructure & Security Devices CSC–20 9
NIST 800 Series Special Publications 1
An Introduction to Computer Security: The NIST Handbook SP 800-12
Telecommunications Security Guidelines for Telecommunications Manageme SP 800-13
Med
ia S
anitiz
atio
n
Med
ia U
se
Med
ia D
ow
ngra
din
g
Phys
ical and E
nvi
ronm
enta
l Pro
tect
ion
Phys
ical
and E
nvi
ronm
enta
l Pr
ote
ctio
n P
olic
y an
d P
roce
Phys
ical
Acc
ess
Auth
oriz
atio
ns
Phys
ical
Acc
ess
Con
trol
Acc
ess
Contr
ol fo
r Tra
nsm
issi
on M
ediu
m
Acc
ess
Con
trol
for
Outp
ut
Dev
ices
Monitoring P
hys
ical
Acc
ess
Withdra
wn
Vis
itor
Acc
ess
Rec
ords
Pow
er E
quip
men
t an
d C
ablin
g
Em
ergen
cy S
huto
ff
Em
ergen
cy P
ow
er
Em
ergen
cy L
ighting
Fire
Pro
tect
ion
Tem
per
ature
and H
um
idity
Contr
ols
Wat
er D
amag
e Pr
ote
ctio
n
Del
iver
y an
d R
emov
al
Alter
nat
e W
ork
Site
Loca
tion o
f In
form
atio
n S
yste
m C
om
ponen
ts
Info
rmat
ion L
eaka
ge
Ass
et M
onitoring a
nd T
rack
ing
Pla
nnin
g
Sec
urity
Pla
nnin
g P
olic
y an
d P
roce
dure
s
Sys
tem
Sec
urity
Pla
n
Withdra
wn
Rule
s of Beh
avio
r
Withdra
wn
Withdra
wn
Sec
urity
Conce
pt
of O
per
atio
ns
Info
rmat
ion S
ecurity
Arc
hitec
ture
Cen
tral
Man
agem
ent
Per
sonnel
Sec
uri
ty
Pers
onnel
Sec
urity
Polic
y an
d P
roce
dure
s
Posi
tion
Ris
k D
esig
nat
ion
Pers
onnel
Scr
eenin
g
Pers
onnel
Ter
min
atio
n
Pers
onnel
Tra
nsf
er
Acc
ess
Agre
emen
ts
MP–
06
MP–
07
MP–
08 PE
PE–01
PE–02
PE–03
PE–04
PE–05
PE–06
PE–07
PE–08
PE–09
PE–10
PE–11
PE–12
PE–13
PE–14
PE–15
PE–16
PE–17
PE–18
PE–19
PE–20 PL
PL–01
PL–02
PL–03
PL–04
PL–05
PL–06
PL–07
PL–08
PL–09 PS
PS–01
PS–02
PS–03
PS–04
PS–05
PS–06
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 42 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Generally Accepted Principles and Practices for Securing Information Techno SP 800-14
MISPC Minimum Interoperability Specification for PKI Components SP 800-15 Version 1
Information Technology Security Training Requirements: A Role- and Perform SP 800-16
DRAFT Information Security Training Requirements: A Role- and Performanc SP 800-16 Rev. 1
Modes of Operation Validation System (MOVS): Requirements and Procedure SP 800-17
Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev.1
Mobile Agent Security SP 800-19
Modes of Operation Validation System for the Triple Data Encryption Algorith SP 800-20
Guideline for Implementing Cryptography in the Federal Government 800-21 2nd edition
A Statistical Test Suite for Random and Pseudorandom Number Generators f SP 800-22 Rev. 1a
Guidelines to Federal Organizations on Security Assurance and Acquisition/U SP 800-23
PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else D SP 800-24
Federal Agency Use of Public Key Technology for Digital Signatures and Auth SP 800-25
Engineering Principles for Information Technology Security (A Baseline for A SP 800-27 Rev. A
Guidelines on Active Content and Mobile Code SP 800-28 Version 2
A Comparison of the Security Requirements for Cryptographic Modules in FI SP 800-29
Risk Management Guide for Information Technology Systems SP 800-30
Guide for Conducting Risk Assessments SP 800-30 Rev. 1 1
Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32
Underlying Technical Models for Information Technology Security SP 800-33
Contingency Planning Guide for Federal Information Systems (Errata Page - SP 800-34 Rev. 1
Guide to Information Technology Security Services SP 800-35
Guide to Selecting Information Technology Security Products SP 800-36
Med
ia S
anitiz
atio
n
Med
ia U
se
Med
ia D
ow
ngra
din
g
Phys
ical and E
nvi
ronm
enta
l Pro
tect
ion
Phys
ical
and E
nvi
ronm
enta
l Pr
ote
ctio
n P
olic
y an
d P
roce
Phys
ical
Acc
ess
Auth
oriz
atio
ns
Phys
ical
Acc
ess
Con
trol
Acc
ess
Contr
ol fo
r Tra
nsm
issi
on M
ediu
m
Acc
ess
Con
trol
for
Outp
ut
Dev
ices
Monitoring P
hys
ical
Acc
ess
Withdra
wn
Vis
itor
Acc
ess
Rec
ords
Pow
er E
quip
men
t an
d C
ablin
g
Em
ergen
cy S
huto
ff
Em
ergen
cy P
ow
er
Em
ergen
cy L
ighting
Fire
Pro
tect
ion
Tem
per
ature
and H
um
idity
Contr
ols
Wat
er D
amag
e Pr
ote
ctio
n
Del
iver
y an
d R
emov
al
Alter
nat
e W
ork
Site
Loca
tion o
f In
form
atio
n S
yste
m C
om
ponen
ts
Info
rmat
ion L
eaka
ge
Ass
et M
onitoring a
nd T
rack
ing
Pla
nnin
g
Sec
urity
Pla
nnin
g P
olic
y an
d P
roce
dure
s
Sys
tem
Sec
urity
Pla
n
Withdra
wn
Rule
s of Beh
avio
r
Withdra
wn
Withdra
wn
Sec
urity
Conce
pt
of O
per
atio
ns
Info
rmat
ion S
ecurity
Arc
hitec
ture
Cen
tral
Man
agem
ent
Per
sonnel
Sec
uri
ty
Pers
onnel
Sec
urity
Polic
y an
d P
roce
dure
s
Posi
tion
Ris
k D
esig
nat
ion
Pers
onnel
Scr
eenin
g
Pers
onnel
Ter
min
atio
n
Pers
onnel
Tra
nsf
er
Acc
ess
Agre
emen
ts
MP–
06
MP–
07
MP–
08 PE
PE–01
PE–02
PE–03
PE–04
PE–05
PE–06
PE–07
PE–08
PE–09
PE–10
PE–11
PE–12
PE–13
PE–14
PE–15
PE–16
PE–17
PE–18
PE–19
PE–20 PL
PL–01
PL–02
PL–03
PL–04
PL–05
PL–06
PL–07
PL–08
PL–09 PS
PS–01
PS–02
PS–03
PS–04
PS–05
PS–06
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 43 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guide for Applying the Risk Management Framework to Federal Information SP 800-37 Rev. 1
Recommendation for Block Cipher Modes of Operation - Methods and Techni SP 800-38 A
Recommendation for Block Cipher Modes of Operation: Three Variants of Cip800-38 A - Addendum
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for A SP 800-38 B
Recommendation for Block Cipher Modes of Operation: the CCM Mode for Au SP 800-38 C
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode SP 800-38 D
Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode f SP 800-38 E
DRAFT Recommendation for Block Cipher Modes of Operation: Methods for K SP 800-38 F
Managing Information Security Risk: Organization, Mission, and Information SP 800-39
Creating a Patch and Vulnerability Management Program 800-40 Version 2.0
Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1
Systems Administration Guidance for Windows 2000 Professional System SP 800-43
Guidelines on Securing Public Web Servers SP 800-44 Version 2
Guidelines on Electronic Mail Security SP 800-45 Version 2
Guide to Enterprise Telework and Remote Access Security SP 800-46 Rev. 1
Security Guide for Interconnecting Information Technology Systems SP 800-47
Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1
Federal S/MIME V3 Client Profile SP 800-49
Building an Information Technology Security Awareness and Training Progra SP 800-50
Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1
Guidelines for the Selection and Use of Transport Layer Security (TLS) Imple SP 800-52
Guide for Assessing the Security Controls in Federal Information Systems anSP 800-53 A Rev. 1
Recommended Security Controls for Federal Information Systems and Organ SP 800-53 Rev. 3
Med
ia S
anitiz
atio
n
Med
ia U
se
Med
ia D
ow
ngra
din
g
Phys
ical and E
nvi
ronm
enta
l Pro
tect
ion
Phys
ical
and E
nvi
ronm
enta
l Pr
ote
ctio
n P
olic
y an
d P
roce
Phys
ical
Acc
ess
Auth
oriz
atio
ns
Phys
ical
Acc
ess
Con
trol
Acc
ess
Contr
ol fo
r Tra
nsm
issi
on M
ediu
m
Acc
ess
Con
trol
for
Outp
ut
Dev
ices
Monitoring P
hys
ical
Acc
ess
Withdra
wn
Vis
itor
Acc
ess
Rec
ords
Pow
er E
quip
men
t an
d C
ablin
g
Em
ergen
cy S
huto
ff
Em
ergen
cy P
ow
er
Em
ergen
cy L
ighting
Fire
Pro
tect
ion
Tem
per
ature
and H
um
idity
Contr
ols
Wat
er D
amag
e Pr
ote
ctio
n
Del
iver
y an
d R
emov
al
Alter
nat
e W
ork
Site
Loca
tion o
f In
form
atio
n S
yste
m C
om
ponen
ts
Info
rmat
ion L
eaka
ge
Ass
et M
onitoring a
nd T
rack
ing
Pla
nnin
g
Sec
urity
Pla
nnin
g P
olic
y an
d P
roce
dure
s
Sys
tem
Sec
urity
Pla
n
Withdra
wn
Rule
s of Beh
avio
r
Withdra
wn
Withdra
wn
Sec
urity
Conce
pt
of O
per
atio
ns
Info
rmat
ion S
ecurity
Arc
hitec
ture
Cen
tral
Man
agem
ent
Per
sonnel
Sec
uri
ty
Pers
onnel
Sec
urity
Polic
y an
d P
roce
dure
s
Posi
tion
Ris
k D
esig
nat
ion
Pers
onnel
Scr
eenin
g
Pers
onnel
Ter
min
atio
n
Pers
onnel
Tra
nsf
er
Acc
ess
Agre
emen
ts
MP–
06
MP–
07
MP–
08 PE
PE–01
PE–02
PE–03
PE–04
PE–05
PE–06
PE–07
PE–08
PE–09
PE–10
PE–11
PE–12
PE–13
PE–14
PE–15
PE–16
PE–17
PE–18
PE–19
PE–20 PL
PL–01
PL–02
PL–03
PL–04
PL–05
PL–06
PL–07
PL–08
PL–09 PS
PS–01
PS–02
PS–03
PS–04
PS–05
PS–06
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 44 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
DRAFT Security and Privacy Controls for Federal Information Systems and O SP 800-53 Rev. 4
Border Gateway Protocol Security SP 800-54
Performance Measurement Guide for Information Security SP 800-55 Rev. 1
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete L SP 800-56 A
Recommendation for Pair-Wise Key Establishment Schemes Using Integer Fa SP 800-56 B
Recommendation for Key Derivation through Extraction-then-Expansion SP 800-56 C
Recommendation for Key Management SP 800-57
DRAFT Recommendation for Key Management: Part 1: General SP 800-57 Part 1
Security Considerations for Voice Over IP Systems SP 800-58
Guideline for Identifying an Information System as a National Security Syste SP 800-59
Guide for Mapping Types of Information and Information Systems to Securit SP 800-60 Rev. 1
Computer Security Incident Handling Guide SP 800-61 Rev. 1
DRAFT Computer Security Incident Handling Guide SP 800-61 Rev. 2
Electronic Authentication Guideline SP 800-63 Rev. 1
Electronic Authentication Guideline 00-63 Version 1.0.2
Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2
Integrating IT Security into the Capital Planning and Investment Control Pro SP 800-65
DRAFT Recommendations for Integrating Information Security into the Capit SP 800-65 Rev. 1
An Introductory Resource Guide for Implementing the Health Insurance Port SP 800-66 Rev 1
Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Ciph SP 800-67 Rev. 1
Guide to Securing Microsoft Windows XP Systems for IT Professionals SP 800-68 Rev. 1
Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security SP 800-69
National Checklist Program for IT Products: Guidelines for Checklist Users an SP 800-70 Rev. 2
Med
ia S
anitiz
atio
n
Med
ia U
se
Med
ia D
ow
ngra
din
g
Phys
ical and E
nvi
ronm
enta
l Pro
tect
ion
Phys
ical
and E
nvi
ronm
enta
l Pr
ote
ctio
n P
olic
y an
d P
roce
Phys
ical
Acc
ess
Auth
oriz
atio
ns
Phys
ical
Acc
ess
Con
trol
Acc
ess
Contr
ol fo
r Tra
nsm
issi
on M
ediu
m
Acc
ess
Con
trol
for
Outp
ut
Dev
ices
Monitoring P
hys
ical
Acc
ess
Withdra
wn
Vis
itor
Acc
ess
Rec
ords
Pow
er E
quip
men
t an
d C
ablin
g
Em
ergen
cy S
huto
ff
Em
ergen
cy P
ow
er
Em
ergen
cy L
ighting
Fire
Pro
tect
ion
Tem
per
ature
and H
um
idity
Contr
ols
Wat
er D
amag
e Pr
ote
ctio
n
Del
iver
y an
d R
emov
al
Alter
nat
e W
ork
Site
Loca
tion o
f In
form
atio
n S
yste
m C
om
ponen
ts
Info
rmat
ion L
eaka
ge
Ass
et M
onitoring a
nd T
rack
ing
Pla
nnin
g
Sec
urity
Pla
nnin
g P
olic
y an
d P
roce
dure
s
Sys
tem
Sec
urity
Pla
n
Withdra
wn
Rule
s of Beh
avio
r
Withdra
wn
Withdra
wn
Sec
urity
Conce
pt
of O
per
atio
ns
Info
rmat
ion S
ecurity
Arc
hitec
ture
Cen
tral
Man
agem
ent
Per
sonnel
Sec
uri
ty
Pers
onnel
Sec
urity
Polic
y an
d P
roce
dure
s
Posi
tion
Ris
k D
esig
nat
ion
Pers
onnel
Scr
eenin
g
Pers
onnel
Ter
min
atio
n
Pers
onnel
Tra
nsf
er
Acc
ess
Agre
emen
ts
MP–
06
MP–
07
MP–
08 PE
PE–01
PE–02
PE–03
PE–04
PE–05
PE–06
PE–07
PE–08
PE–09
PE–10
PE–11
PE–12
PE–13
PE–14
PE–15
PE–16
PE–17
PE–18
PE–19
PE–20 PL
PL–01
PL–02
PL–03
PL–04
PL–05
PL–06
PL–07
PL–08
PL–09 PS
PS–01
PS–02
PS–03
PS–04
PS–05
PS–06
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 45 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guidelines on PDA Forensics SP 800-72
Interfaces for Personal Identity Verification (4 Parts) SP 800-73 -3
Biometric Data Specification for Personal Identity Verification SP 800-76 -1
DRAFT Biometric Data Specification for Personal Identity Verification SP 800-76 -2
Guide to IPsec VPNs SP 800-77
Cryptographic Algorithms and Key Sizes for Personal Identification Verificatio SP 800-78 -3
Guidelines for the Accreditation of Personal Identity Verification (PIV) Card I SP 800-79 -1
Secure Domain Name System (DNS) Deployment Guide SP 800-81 Rev. 1
Guide to Industrial Control Systems (ICS) Security SP 800-82
Guide to Malware Incident Prevention and Handling SP 800-83
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP 800-84
PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 SP 800-85 A-2
PIV Data Model Test Guidelines SP 800-85 B
DRAFT PIV Data Model Conformance Test Guidelines SP 800-85 B-1
Guide to Integrating Forensic Techniques into Incident Response SP 800-86
Codes for Identification of Federal and Federally-Assisted Organizations SP 800-87 Rev 1
Guidelines for Media Sanitization SP 800-88
Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89
Recommendation for Random Number Generation Using Deterministic Rando SP 800-90 A
Guide to Computer Security Log Management SP 800-92
Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94
Guide to Secure Web Services SP 800-95
PIV Card to Reader Interoperability Guidelines SP 800-96
Med
ia S
anitiz
atio
n
Med
ia U
se
Med
ia D
ow
ngra
din
g
Phys
ical and E
nvi
ronm
enta
l Pro
tect
ion
Phys
ical
and E
nvi
ronm
enta
l Pr
ote
ctio
n P
olic
y an
d P
roce
Phys
ical
Acc
ess
Auth
oriz
atio
ns
Phys
ical
Acc
ess
Con
trol
Acc
ess
Contr
ol fo
r Tra
nsm
issi
on M
ediu
m
Acc
ess
Con
trol
for
Outp
ut
Dev
ices
Monitoring P
hys
ical
Acc
ess
Withdra
wn
Vis
itor
Acc
ess
Rec
ords
Pow
er E
quip
men
t an
d C
ablin
g
Em
ergen
cy S
huto
ff
Em
ergen
cy P
ow
er
Em
ergen
cy L
ighting
Fire
Pro
tect
ion
Tem
per
ature
and H
um
idity
Contr
ols
Wat
er D
amag
e Pr
ote
ctio
n
Del
iver
y an
d R
emov
al
Alter
nat
e W
ork
Site
Loca
tion o
f In
form
atio
n S
yste
m C
om
ponen
ts
Info
rmat
ion L
eaka
ge
Ass
et M
onitoring a
nd T
rack
ing
Pla
nnin
g
Sec
urity
Pla
nnin
g P
olic
y an
d P
roce
dure
s
Sys
tem
Sec
urity
Pla
n
Withdra
wn
Rule
s of Beh
avio
r
Withdra
wn
Withdra
wn
Sec
urity
Conce
pt
of O
per
atio
ns
Info
rmat
ion S
ecurity
Arc
hitec
ture
Cen
tral
Man
agem
ent
Per
sonnel
Sec
uri
ty
Pers
onnel
Sec
urity
Polic
y an
d P
roce
dure
s
Posi
tion
Ris
k D
esig
nat
ion
Pers
onnel
Scr
eenin
g
Pers
onnel
Ter
min
atio
n
Pers
onnel
Tra
nsf
er
Acc
ess
Agre
emen
ts
MP–
06
MP–
07
MP–
08 PE
PE–01
PE–02
PE–03
PE–04
PE–05
PE–06
PE–07
PE–08
PE–09
PE–10
PE–11
PE–12
PE–13
PE–14
PE–15
PE–16
PE–17
PE–18
PE–19
PE–20 PL
PL–01
PL–02
PL–03
PL–04
PL–05
PL–06
PL–07
PL–08
PL–09 PS
PS–01
PS–02
PS–03
PS–04
PS–05
PS–06
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 46 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97
Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98
Information Security Handbook: A Guide for Managers SP 800-100
Guidelines on Cell Phone Forensics SP 800-101
Recommendation for Digital Signature Timeliness SP 800-102
DRAFT An Ontology of Identity Credentials, Part I: Background and Formula SP 800-103
A Scheme for PIV Visual Card Topography SP 800-104
Randomized Hashing for Digital Signatures SP 800-106
Recommendation for Applications Using Approved Hash Algorithms SP 800-107
DRAFT Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Revised
Recommendation for Key Derivation Using Pseudorandom Functions SP 800-108
Guide to Storage Encryption Technologies for End User Devices SP 800-111
Guide to SSL VPNs SP 800-113
User's Guide to Securing External Devices for Telework and Remote Access SP 800-114
Technical Guide to Information Security Testing and Assessment SP 800-115
A Recommendation for the Use of PIV Credentials in Physical Access Control SP 800-116
Guide to Adopting and Using the Security Content Automation Protocol (SCA SP 800-117
DRAFT Guide to Adopting and Using the Security Content Automation Protoc SP 800-117 Rev. 1
DRAFT Guide to Enterprise Password Management SP 800-118
Guidelines for the Secure Deployment of IPv6 SP 800-119
Recommendation for EAP Methods Used in Wireless Network Access Authent SP 800-120
Guide to Bluetooth Security SP 800-121 Rev. 1
Guide to Protecting the Confidentiality of Personally Identifiable Information SP 800-122
Med
ia S
anitiz
atio
n
Med
ia U
se
Med
ia D
ow
ngra
din
g
Phys
ical and E
nvi
ronm
enta
l Pro
tect
ion
Phys
ical
and E
nvi
ronm
enta
l Pr
ote
ctio
n P
olic
y an
d P
roce
Phys
ical
Acc
ess
Auth
oriz
atio
ns
Phys
ical
Acc
ess
Con
trol
Acc
ess
Contr
ol fo
r Tra
nsm
issi
on M
ediu
m
Acc
ess
Con
trol
for
Outp
ut
Dev
ices
Monitoring P
hys
ical
Acc
ess
Withdra
wn
Vis
itor
Acc
ess
Rec
ords
Pow
er E
quip
men
t an
d C
ablin
g
Em
ergen
cy S
huto
ff
Em
ergen
cy P
ow
er
Em
ergen
cy L
ighting
Fire
Pro
tect
ion
Tem
per
ature
and H
um
idity
Contr
ols
Wat
er D
amag
e Pr
ote
ctio
n
Del
iver
y an
d R
emov
al
Alter
nat
e W
ork
Site
Loca
tion o
f In
form
atio
n S
yste
m C
om
ponen
ts
Info
rmat
ion L
eaka
ge
Ass
et M
onitoring a
nd T
rack
ing
Pla
nnin
g
Sec
urity
Pla
nnin
g P
olic
y an
d P
roce
dure
s
Sys
tem
Sec
urity
Pla
n
Withdra
wn
Rule
s of Beh
avio
r
Withdra
wn
Withdra
wn
Sec
urity
Conce
pt
of O
per
atio
ns
Info
rmat
ion S
ecurity
Arc
hitec
ture
Cen
tral
Man
agem
ent
Per
sonnel
Sec
uri
ty
Pers
onnel
Sec
urity
Polic
y an
d P
roce
dure
s
Posi
tion
Ris
k D
esig
nat
ion
Pers
onnel
Scr
eenin
g
Pers
onnel
Ter
min
atio
n
Pers
onnel
Tra
nsf
er
Acc
ess
Agre
emen
ts
MP–
06
MP–
07
MP–
08 PE
PE–01
PE–02
PE–03
PE–04
PE–05
PE–06
PE–07
PE–08
PE–09
PE–10
PE–11
PE–12
PE–13
PE–14
PE–15
PE–16
PE–17
PE–18
PE–19
PE–20 PL
PL–01
PL–02
PL–03
PL–04
PL–05
PL–06
PL–07
PL–08
PL–09 PS
PS–01
PS–02
PS–03
PS–04
PS–05
PS–06
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 47 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guide to General Server Security SP 800-123
Guidelines on Cell Phone and PDA Security SP 800-124
Guide to Security for Full Virtualization Technologies SP 800-125
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 1
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 2
Guide to Securing WiMAX Wireless Communications SP 800-127
Guide for Security-Focused Configuration Management of Information Syste SP 800-128
DRAFT A Framework for Designing Cryptographic Key Management Systems SP 800-130
Transitions: Recommendation for Transitioning the Use of Cryptographic Alg SP 800-131 A
DRAFT Transitions: Validation of Transitioning Cryptographic Algorithm and SP 800-131 B
DRAFT Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 SP 800-131 C
Recommendation for Password-Based Key Derivation Part 1: Storage Applica SP 800-132
DRAFT Recommendation for Cryptographic Key Generation SP 800-133
Recommendation for Existing Application-Specific Key Derivation Functions SP 800-135 Rev. 1
Information Security Continuous Monitoring for Federal Information Systems SP 800-137
Practical Combinatorial Testing SP 800-142
Guidelines on Security and Privacy in Public Cloud Computing SP 800-144
A NIST Definition of Cloud Computing SP 800-145
Cloud Computing Synopsis and Recommendations SP 800-146
Basic Input/Output System (BIOS) Protection Guidelines SP 800-147
Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153
DRAFT BIOS Integrity Measurement Guidelines SP 800-155
Med
ia S
anitiz
atio
n
Med
ia U
se
Med
ia D
ow
ngra
din
g
Phys
ical and E
nvi
ronm
enta
l Pro
tect
ion
Phys
ical
and E
nvi
ronm
enta
l Pr
ote
ctio
n P
olic
y an
d P
roce
Phys
ical
Acc
ess
Auth
oriz
atio
ns
Phys
ical
Acc
ess
Con
trol
Acc
ess
Contr
ol fo
r Tra
nsm
issi
on M
ediu
m
Acc
ess
Con
trol
for
Outp
ut
Dev
ices
Monitoring P
hys
ical
Acc
ess
Withdra
wn
Vis
itor
Acc
ess
Rec
ords
Pow
er E
quip
men
t an
d C
ablin
g
Em
ergen
cy S
huto
ff
Em
ergen
cy P
ow
er
Em
ergen
cy L
ighting
Fire
Pro
tect
ion
Tem
per
ature
and H
um
idity
Contr
ols
Wat
er D
amag
e Pr
ote
ctio
n
Del
iver
y an
d R
emov
al
Alter
nat
e W
ork
Site
Loca
tion o
f In
form
atio
n S
yste
m C
om
ponen
ts
Info
rmat
ion L
eaka
ge
Ass
et M
onitoring a
nd T
rack
ing
Pla
nnin
g
Sec
urity
Pla
nnin
g P
olic
y an
d P
roce
dure
s
Sys
tem
Sec
urity
Pla
n
Withdra
wn
Rule
s of Beh
avio
r
Withdra
wn
Withdra
wn
Sec
urity
Conce
pt
of O
per
atio
ns
Info
rmat
ion S
ecurity
Arc
hitec
ture
Cen
tral
Man
agem
ent
Per
sonnel
Sec
uri
ty
Pers
onnel
Sec
urity
Polic
y an
d P
roce
dure
s
Posi
tion
Ris
k D
esig
nat
ion
Pers
onnel
Scr
eenin
g
Pers
onnel
Ter
min
atio
n
Pers
onnel
Tra
nsf
er
Acc
ess
Agre
emen
ts
MP–
06
MP–
07
MP–
08 PE
PE–01
PE–02
PE–03
PE–04
PE–05
PE–06
PE–07
PE–08
PE–09
PE–10
PE–11
PE–12
PE–13
PE–14
PE–15
PE–16
PE–17
PE–18
PE–19
PE–20 PL
PL–01
PL–02
PL–03
PL–04
PL–05
PL–06
PL–07
PL–08
PL–09 PS
PS–01
PS–02
PS–03
PS–04
PS–05
PS–06
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 48 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Inventory of Authorized & Unauthorized Devices CSC–01 7
Inventory of Authorized and Unauthorized Software CSC–02 10
Secure Configurations for Mobile Devices, Workstations, Servers CSC–03 16
Continuous Vulnerability Assessment and Remediation CSC–04 6
Malware Defenses CSC–05 6
Application Software Security CSC–06 15
Wireless Device Control CSC–07 10
Data Recovery Capability CSC–08 3
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–09 9
Secure Configurations for Network Infrastructure & Security Devices CSC–10 12
Inventory of Authorized & Unauthorized Devices CSC–11 11
Inventory of Authorized and Unauthorized Software CSC–12 9
Secure Configurations for Mobile Devices, Workstations, Servers CSC–13 11
Continuous Vulnerability Assessment and Remediation CSC–14 17
Malware Defenses CSC–15 10
Application Software Security CSC–16 11
Wireless Device Control CSC–17 13
Data Recovery Capability CSC–18 9
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–19 9
Secure Configurations for Network Infrastructure & Security Devices CSC–20 9
NIST 800 Series Special Publications 1
An Introduction to Computer Security: The NIST Handbook SP 800-12
Telecommunications Security Guidelines for Telecommunications Manageme SP 800-13
Third–Pa
rty
Pers
onnel
Sec
urity
Pers
onnel
San
ctio
ns
Ris
k Ass
essm
ent
Ris
k Ass
essm
ent
Polic
y an
d P
roce
dure
s
Sec
urity
Cat
egoriza
tion
Ris
k Ass
essm
ent
Withdra
wn
Vuln
erab
ility
Sca
nnin
g
Tec
hnic
al S
urv
eilla
nce
Counte
rmea
sure
s Surv
ey
Sys
tem
and S
ervi
ces
Acq
uis
itio
n
Sys
tem
and S
ervi
ces
Acq
uis
itio
n P
olic
y an
d P
roce
dure
s
Allo
cation
of Res
ourc
es
Sys
tem
Dev
elopm
ent
Life
Cyc
le
Acq
uis
itio
n P
roce
ss
Info
rmat
ion S
yste
m D
ocum
enta
tion
Withdra
wn
Withdra
wn
Sec
urity
Engin
eering P
rinci
ple
s
Ext
ernal
Info
rmat
ion S
yste
m S
ervi
ces
Dev
eloper
Configura
tion M
anag
emen
t
Dev
eloper
Sec
urity
Tes
ting a
nd E
valu
atio
n
Supply
Chai
n P
rote
ctio
n
Tru
stw
ort
hin
ess
Critica
lity
Anal
ysis
Dev
elopm
ent
Proce
ss,
Sta
ndar
ds,
and T
ools
Dev
eloper
–Pr
ovi
ded
Tra
inin
g
Dev
eloper
Sec
urity
Arc
hitec
ture
and D
esig
n
Tam
per
Res
ista
nce
and D
etec
tion
Com
ponen
t Auth
entici
ty
Cust
om
ized
Dev
elopm
ent
of Critica
l Com
ponen
ts
Dev
eloper
Scr
eenin
g
Unsu
pport
ed S
yste
m C
om
ponen
ts
Sys
tem
and C
om
munic
ations
Pro
tect
ion
Sys
tem
and C
om
munic
atio
ns
Prote
ctio
n P
olic
y an
d P
roc
Applic
atio
n P
artitionin
g
Sec
urity
Funct
ion I
sola
tion
Info
rmat
ion in S
har
ed R
esourc
es
Den
ial of Ser
vice
Pro
tect
ion
Res
ourc
e Ava
ilabili
ty
Boundar
y Pr
ote
ctio
n
Tra
nsm
issi
on C
onfiden
tial
ity
and I
nte
grity
PS–07
PS–08 RA
RA–01
RA–02
RA–03
RA–04
RA–05
RA–06 SA
SA–01
SA–02
SA–03
SA–04
SA–05
SA–06
SA–07
SA–08
SA–09
SA–10
SA–11
SA–12
SA–13
SA–14
SA–15
SA–16
SA–17
SA–18
SA–19
SA–20
SA–21
SA–22 SC
SC–01
SC–02
SC–03
SC–04
SC–05
SC–06
SC–07
SC–08
1 X 1
1 X 2
1 X 1 X 2
1 X 1
2
1 X 9 X X X X X X X X X 1
3 X
2 X X
1
4
1 X 2 X X
1 X 1
2
1 X 4 X
1 X 5
1 X
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 49 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Generally Accepted Principles and Practices for Securing Information Techno SP 800-14
MISPC Minimum Interoperability Specification for PKI Components SP 800-15 Version 1
Information Technology Security Training Requirements: A Role- and Perform SP 800-16
DRAFT Information Security Training Requirements: A Role- and Performanc SP 800-16 Rev. 1
Modes of Operation Validation System (MOVS): Requirements and Procedure SP 800-17
Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev.1
Mobile Agent Security SP 800-19
Modes of Operation Validation System for the Triple Data Encryption Algorith SP 800-20
Guideline for Implementing Cryptography in the Federal Government 800-21 2nd edition
A Statistical Test Suite for Random and Pseudorandom Number Generators f SP 800-22 Rev. 1a
Guidelines to Federal Organizations on Security Assurance and Acquisition/U SP 800-23
PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else D SP 800-24
Federal Agency Use of Public Key Technology for Digital Signatures and Auth SP 800-25
Engineering Principles for Information Technology Security (A Baseline for A SP 800-27 Rev. A
Guidelines on Active Content and Mobile Code SP 800-28 Version 2
A Comparison of the Security Requirements for Cryptographic Modules in FI SP 800-29
Risk Management Guide for Information Technology Systems SP 800-30
Guide for Conducting Risk Assessments SP 800-30 Rev. 1 1
Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32
Underlying Technical Models for Information Technology Security SP 800-33
Contingency Planning Guide for Federal Information Systems (Errata Page - SP 800-34 Rev. 1
Guide to Information Technology Security Services SP 800-35
Guide to Selecting Information Technology Security Products SP 800-36
Third–Pa
rty
Pers
onnel
Sec
urity
Pers
onnel
San
ctio
ns
Ris
k Ass
essm
ent
Ris
k Ass
essm
ent
Polic
y an
d P
roce
dure
s
Sec
urity
Cat
egoriza
tion
Ris
k Ass
essm
ent
Withdra
wn
Vuln
erab
ility
Sca
nnin
g
Tec
hnic
al S
urv
eilla
nce
Counte
rmea
sure
s Surv
ey
Sys
tem
and S
ervi
ces
Acq
uis
itio
n
Sys
tem
and S
ervi
ces
Acq
uis
itio
n P
olic
y an
d P
roce
dure
s
Allo
cation
of Res
ourc
es
Sys
tem
Dev
elopm
ent
Life
Cyc
le
Acq
uis
itio
n P
roce
ss
Info
rmat
ion S
yste
m D
ocum
enta
tion
Withdra
wn
Withdra
wn
Sec
urity
Engin
eering P
rinci
ple
s
Ext
ernal
Info
rmat
ion S
yste
m S
ervi
ces
Dev
eloper
Configura
tion M
anag
emen
t
Dev
eloper
Sec
urity
Tes
ting a
nd E
valu
atio
n
Supply
Chai
n P
rote
ctio
n
Tru
stw
ort
hin
ess
Critica
lity
Anal
ysis
Dev
elopm
ent
Proce
ss,
Sta
ndar
ds,
and T
ools
Dev
eloper
–Pr
ovi
ded
Tra
inin
g
Dev
eloper
Sec
urity
Arc
hitec
ture
and D
esig
n
Tam
per
Res
ista
nce
and D
etec
tion
Com
ponen
t Auth
entici
ty
Cust
om
ized
Dev
elopm
ent
of Critica
l Com
ponen
ts
Dev
eloper
Scr
eenin
g
Unsu
pport
ed S
yste
m C
om
ponen
ts
Sys
tem
and C
om
munic
ations
Pro
tect
ion
Sys
tem
and C
om
munic
atio
ns
Prote
ctio
n P
olic
y an
d P
roc
Applic
atio
n P
artitionin
g
Sec
urity
Funct
ion I
sola
tion
Info
rmat
ion in S
har
ed R
esourc
es
Den
ial of Ser
vice
Pro
tect
ion
Res
ourc
e Ava
ilabili
ty
Boundar
y Pr
ote
ctio
n
Tra
nsm
issi
on C
onfiden
tial
ity
and I
nte
grity
PS–07
PS–08 RA
RA–01
RA–02
RA–03
RA–04
RA–05
RA–06 SA
SA–01
SA–02
SA–03
SA–04
SA–05
SA–06
SA–07
SA–08
SA–09
SA–10
SA–11
SA–12
SA–13
SA–14
SA–15
SA–16
SA–17
SA–18
SA–19
SA–20
SA–21
SA–22 SC
SC–01
SC–02
SC–03
SC–04
SC–05
SC–06
SC–07
SC–08
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 50 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guide for Applying the Risk Management Framework to Federal Information SP 800-37 Rev. 1
Recommendation for Block Cipher Modes of Operation - Methods and Techni SP 800-38 A
Recommendation for Block Cipher Modes of Operation: Three Variants of Cip800-38 A - Addendum
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for A SP 800-38 B
Recommendation for Block Cipher Modes of Operation: the CCM Mode for Au SP 800-38 C
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode SP 800-38 D
Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode f SP 800-38 E
DRAFT Recommendation for Block Cipher Modes of Operation: Methods for K SP 800-38 F
Managing Information Security Risk: Organization, Mission, and Information SP 800-39
Creating a Patch and Vulnerability Management Program 800-40 Version 2.0
Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1
Systems Administration Guidance for Windows 2000 Professional System SP 800-43
Guidelines on Securing Public Web Servers SP 800-44 Version 2
Guidelines on Electronic Mail Security SP 800-45 Version 2
Guide to Enterprise Telework and Remote Access Security SP 800-46 Rev. 1
Security Guide for Interconnecting Information Technology Systems SP 800-47
Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1
Federal S/MIME V3 Client Profile SP 800-49
Building an Information Technology Security Awareness and Training Progra SP 800-50
Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1
Guidelines for the Selection and Use of Transport Layer Security (TLS) Imple SP 800-52
Guide for Assessing the Security Controls in Federal Information Systems anSP 800-53 A Rev. 1
Recommended Security Controls for Federal Information Systems and Organ SP 800-53 Rev. 3
Third–Pa
rty
Pers
onnel
Sec
urity
Pers
onnel
San
ctio
ns
Ris
k Ass
essm
ent
Ris
k Ass
essm
ent
Polic
y an
d P
roce
dure
s
Sec
urity
Cat
egoriza
tion
Ris
k Ass
essm
ent
Withdra
wn
Vuln
erab
ility
Sca
nnin
g
Tec
hnic
al S
urv
eilla
nce
Counte
rmea
sure
s Surv
ey
Sys
tem
and S
ervi
ces
Acq
uis
itio
n
Sys
tem
and S
ervi
ces
Acq
uis
itio
n P
olic
y an
d P
roce
dure
s
Allo
cation
of Res
ourc
es
Sys
tem
Dev
elopm
ent
Life
Cyc
le
Acq
uis
itio
n P
roce
ss
Info
rmat
ion S
yste
m D
ocum
enta
tion
Withdra
wn
Withdra
wn
Sec
urity
Engin
eering P
rinci
ple
s
Ext
ernal
Info
rmat
ion S
yste
m S
ervi
ces
Dev
eloper
Configura
tion M
anag
emen
t
Dev
eloper
Sec
urity
Tes
ting a
nd E
valu
atio
n
Supply
Chai
n P
rote
ctio
n
Tru
stw
ort
hin
ess
Critica
lity
Anal
ysis
Dev
elopm
ent
Proce
ss,
Sta
ndar
ds,
and T
ools
Dev
eloper
–Pr
ovi
ded
Tra
inin
g
Dev
eloper
Sec
urity
Arc
hitec
ture
and D
esig
n
Tam
per
Res
ista
nce
and D
etec
tion
Com
ponen
t Auth
entici
ty
Cust
om
ized
Dev
elopm
ent
of Critica
l Com
ponen
ts
Dev
eloper
Scr
eenin
g
Unsu
pport
ed S
yste
m C
om
ponen
ts
Sys
tem
and C
om
munic
ations
Pro
tect
ion
Sys
tem
and C
om
munic
atio
ns
Prote
ctio
n P
olic
y an
d P
roc
Applic
atio
n P
artitionin
g
Sec
urity
Funct
ion I
sola
tion
Info
rmat
ion in S
har
ed R
esourc
es
Den
ial of Ser
vice
Pro
tect
ion
Res
ourc
e Ava
ilabili
ty
Boundar
y Pr
ote
ctio
n
Tra
nsm
issi
on C
onfiden
tial
ity
and I
nte
grity
PS–07
PS–08 RA
RA–01
RA–02
RA–03
RA–04
RA–05
RA–06 SA
SA–01
SA–02
SA–03
SA–04
SA–05
SA–06
SA–07
SA–08
SA–09
SA–10
SA–11
SA–12
SA–13
SA–14
SA–15
SA–16
SA–17
SA–18
SA–19
SA–20
SA–21
SA–22 SC
SC–01
SC–02
SC–03
SC–04
SC–05
SC–06
SC–07
SC–08
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 51 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
DRAFT Security and Privacy Controls for Federal Information Systems and O SP 800-53 Rev. 4
Border Gateway Protocol Security SP 800-54
Performance Measurement Guide for Information Security SP 800-55 Rev. 1
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete L SP 800-56 A
Recommendation for Pair-Wise Key Establishment Schemes Using Integer Fa SP 800-56 B
Recommendation for Key Derivation through Extraction-then-Expansion SP 800-56 C
Recommendation for Key Management SP 800-57
DRAFT Recommendation for Key Management: Part 1: General SP 800-57 Part 1
Security Considerations for Voice Over IP Systems SP 800-58
Guideline for Identifying an Information System as a National Security Syste SP 800-59
Guide for Mapping Types of Information and Information Systems to Securit SP 800-60 Rev. 1
Computer Security Incident Handling Guide SP 800-61 Rev. 1
DRAFT Computer Security Incident Handling Guide SP 800-61 Rev. 2
Electronic Authentication Guideline SP 800-63 Rev. 1
Electronic Authentication Guideline 00-63 Version 1.0.2
Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2
Integrating IT Security into the Capital Planning and Investment Control Pro SP 800-65
DRAFT Recommendations for Integrating Information Security into the Capit SP 800-65 Rev. 1
An Introductory Resource Guide for Implementing the Health Insurance Port SP 800-66 Rev 1
Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Ciph SP 800-67 Rev. 1
Guide to Securing Microsoft Windows XP Systems for IT Professionals SP 800-68 Rev. 1
Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security SP 800-69
National Checklist Program for IT Products: Guidelines for Checklist Users an SP 800-70 Rev. 2
Third–Pa
rty
Pers
onnel
Sec
urity
Pers
onnel
San
ctio
ns
Ris
k Ass
essm
ent
Ris
k Ass
essm
ent
Polic
y an
d P
roce
dure
s
Sec
urity
Cat
egoriza
tion
Ris
k Ass
essm
ent
Withdra
wn
Vuln
erab
ility
Sca
nnin
g
Tec
hnic
al S
urv
eilla
nce
Counte
rmea
sure
s Surv
ey
Sys
tem
and S
ervi
ces
Acq
uis
itio
n
Sys
tem
and S
ervi
ces
Acq
uis
itio
n P
olic
y an
d P
roce
dure
s
Allo
cation
of Res
ourc
es
Sys
tem
Dev
elopm
ent
Life
Cyc
le
Acq
uis
itio
n P
roce
ss
Info
rmat
ion S
yste
m D
ocum
enta
tion
Withdra
wn
Withdra
wn
Sec
urity
Engin
eering P
rinci
ple
s
Ext
ernal
Info
rmat
ion S
yste
m S
ervi
ces
Dev
eloper
Configura
tion M
anag
emen
t
Dev
eloper
Sec
urity
Tes
ting a
nd E
valu
atio
n
Supply
Chai
n P
rote
ctio
n
Tru
stw
ort
hin
ess
Critica
lity
Anal
ysis
Dev
elopm
ent
Proce
ss,
Sta
ndar
ds,
and T
ools
Dev
eloper
–Pr
ovi
ded
Tra
inin
g
Dev
eloper
Sec
urity
Arc
hitec
ture
and D
esig
n
Tam
per
Res
ista
nce
and D
etec
tion
Com
ponen
t Auth
entici
ty
Cust
om
ized
Dev
elopm
ent
of Critica
l Com
ponen
ts
Dev
eloper
Scr
eenin
g
Unsu
pport
ed S
yste
m C
om
ponen
ts
Sys
tem
and C
om
munic
ations
Pro
tect
ion
Sys
tem
and C
om
munic
atio
ns
Prote
ctio
n P
olic
y an
d P
roc
Applic
atio
n P
artitionin
g
Sec
urity
Funct
ion I
sola
tion
Info
rmat
ion in S
har
ed R
esourc
es
Den
ial of Ser
vice
Pro
tect
ion
Res
ourc
e Ava
ilabili
ty
Boundar
y Pr
ote
ctio
n
Tra
nsm
issi
on C
onfiden
tial
ity
and I
nte
grity
PS–07
PS–08 RA
RA–01
RA–02
RA–03
RA–04
RA–05
RA–06 SA
SA–01
SA–02
SA–03
SA–04
SA–05
SA–06
SA–07
SA–08
SA–09
SA–10
SA–11
SA–12
SA–13
SA–14
SA–15
SA–16
SA–17
SA–18
SA–19
SA–20
SA–21
SA–22 SC
SC–01
SC–02
SC–03
SC–04
SC–05
SC–06
SC–07
SC–08
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 52 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guidelines on PDA Forensics SP 800-72
Interfaces for Personal Identity Verification (4 Parts) SP 800-73 -3
Biometric Data Specification for Personal Identity Verification SP 800-76 -1
DRAFT Biometric Data Specification for Personal Identity Verification SP 800-76 -2
Guide to IPsec VPNs SP 800-77
Cryptographic Algorithms and Key Sizes for Personal Identification Verificatio SP 800-78 -3
Guidelines for the Accreditation of Personal Identity Verification (PIV) Card I SP 800-79 -1
Secure Domain Name System (DNS) Deployment Guide SP 800-81 Rev. 1
Guide to Industrial Control Systems (ICS) Security SP 800-82
Guide to Malware Incident Prevention and Handling SP 800-83
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP 800-84
PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 SP 800-85 A-2
PIV Data Model Test Guidelines SP 800-85 B
DRAFT PIV Data Model Conformance Test Guidelines SP 800-85 B-1
Guide to Integrating Forensic Techniques into Incident Response SP 800-86
Codes for Identification of Federal and Federally-Assisted Organizations SP 800-87 Rev 1
Guidelines for Media Sanitization SP 800-88
Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89
Recommendation for Random Number Generation Using Deterministic Rando SP 800-90 A
Guide to Computer Security Log Management SP 800-92
Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94
Guide to Secure Web Services SP 800-95
PIV Card to Reader Interoperability Guidelines SP 800-96
Third–Pa
rty
Pers
onnel
Sec
urity
Pers
onnel
San
ctio
ns
Ris
k Ass
essm
ent
Ris
k Ass
essm
ent
Polic
y an
d P
roce
dure
s
Sec
urity
Cat
egoriza
tion
Ris
k Ass
essm
ent
Withdra
wn
Vuln
erab
ility
Sca
nnin
g
Tec
hnic
al S
urv
eilla
nce
Counte
rmea
sure
s Surv
ey
Sys
tem
and S
ervi
ces
Acq
uis
itio
n
Sys
tem
and S
ervi
ces
Acq
uis
itio
n P
olic
y an
d P
roce
dure
s
Allo
cation
of Res
ourc
es
Sys
tem
Dev
elopm
ent
Life
Cyc
le
Acq
uis
itio
n P
roce
ss
Info
rmat
ion S
yste
m D
ocum
enta
tion
Withdra
wn
Withdra
wn
Sec
urity
Engin
eering P
rinci
ple
s
Ext
ernal
Info
rmat
ion S
yste
m S
ervi
ces
Dev
eloper
Configura
tion M
anag
emen
t
Dev
eloper
Sec
urity
Tes
ting a
nd E
valu
atio
n
Supply
Chai
n P
rote
ctio
n
Tru
stw
ort
hin
ess
Critica
lity
Anal
ysis
Dev
elopm
ent
Proce
ss,
Sta
ndar
ds,
and T
ools
Dev
eloper
–Pr
ovi
ded
Tra
inin
g
Dev
eloper
Sec
urity
Arc
hitec
ture
and D
esig
n
Tam
per
Res
ista
nce
and D
etec
tion
Com
ponen
t Auth
entici
ty
Cust
om
ized
Dev
elopm
ent
of Critica
l Com
ponen
ts
Dev
eloper
Scr
eenin
g
Unsu
pport
ed S
yste
m C
om
ponen
ts
Sys
tem
and C
om
munic
ations
Pro
tect
ion
Sys
tem
and C
om
munic
atio
ns
Prote
ctio
n P
olic
y an
d P
roc
Applic
atio
n P
artitionin
g
Sec
urity
Funct
ion I
sola
tion
Info
rmat
ion in S
har
ed R
esourc
es
Den
ial of Ser
vice
Pro
tect
ion
Res
ourc
e Ava
ilabili
ty
Boundar
y Pr
ote
ctio
n
Tra
nsm
issi
on C
onfiden
tial
ity
and I
nte
grity
PS–07
PS–08 RA
RA–01
RA–02
RA–03
RA–04
RA–05
RA–06 SA
SA–01
SA–02
SA–03
SA–04
SA–05
SA–06
SA–07
SA–08
SA–09
SA–10
SA–11
SA–12
SA–13
SA–14
SA–15
SA–16
SA–17
SA–18
SA–19
SA–20
SA–21
SA–22 SC
SC–01
SC–02
SC–03
SC–04
SC–05
SC–06
SC–07
SC–08
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 53 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97
Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98
Information Security Handbook: A Guide for Managers SP 800-100
Guidelines on Cell Phone Forensics SP 800-101
Recommendation for Digital Signature Timeliness SP 800-102
DRAFT An Ontology of Identity Credentials, Part I: Background and Formula SP 800-103
A Scheme for PIV Visual Card Topography SP 800-104
Randomized Hashing for Digital Signatures SP 800-106
Recommendation for Applications Using Approved Hash Algorithms SP 800-107
DRAFT Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Revised
Recommendation for Key Derivation Using Pseudorandom Functions SP 800-108
Guide to Storage Encryption Technologies for End User Devices SP 800-111
Guide to SSL VPNs SP 800-113
User's Guide to Securing External Devices for Telework and Remote Access SP 800-114
Technical Guide to Information Security Testing and Assessment SP 800-115
A Recommendation for the Use of PIV Credentials in Physical Access Control SP 800-116
Guide to Adopting and Using the Security Content Automation Protocol (SCA SP 800-117
DRAFT Guide to Adopting and Using the Security Content Automation Protoc SP 800-117 Rev. 1
DRAFT Guide to Enterprise Password Management SP 800-118
Guidelines for the Secure Deployment of IPv6 SP 800-119
Recommendation for EAP Methods Used in Wireless Network Access Authent SP 800-120
Guide to Bluetooth Security SP 800-121 Rev. 1
Guide to Protecting the Confidentiality of Personally Identifiable Information SP 800-122
Third–Pa
rty
Pers
onnel
Sec
urity
Pers
onnel
San
ctio
ns
Ris
k Ass
essm
ent
Ris
k Ass
essm
ent
Polic
y an
d P
roce
dure
s
Sec
urity
Cat
egoriza
tion
Ris
k Ass
essm
ent
Withdra
wn
Vuln
erab
ility
Sca
nnin
g
Tec
hnic
al S
urv
eilla
nce
Counte
rmea
sure
s Surv
ey
Sys
tem
and S
ervi
ces
Acq
uis
itio
n
Sys
tem
and S
ervi
ces
Acq
uis
itio
n P
olic
y an
d P
roce
dure
s
Allo
cation
of Res
ourc
es
Sys
tem
Dev
elopm
ent
Life
Cyc
le
Acq
uis
itio
n P
roce
ss
Info
rmat
ion S
yste
m D
ocum
enta
tion
Withdra
wn
Withdra
wn
Sec
urity
Engin
eering P
rinci
ple
s
Ext
ernal
Info
rmat
ion S
yste
m S
ervi
ces
Dev
eloper
Configura
tion M
anag
emen
t
Dev
eloper
Sec
urity
Tes
ting a
nd E
valu
atio
n
Supply
Chai
n P
rote
ctio
n
Tru
stw
ort
hin
ess
Critica
lity
Anal
ysis
Dev
elopm
ent
Proce
ss,
Sta
ndar
ds,
and T
ools
Dev
eloper
–Pr
ovi
ded
Tra
inin
g
Dev
eloper
Sec
urity
Arc
hitec
ture
and D
esig
n
Tam
per
Res
ista
nce
and D
etec
tion
Com
ponen
t Auth
entici
ty
Cust
om
ized
Dev
elopm
ent
of Critica
l Com
ponen
ts
Dev
eloper
Scr
eenin
g
Unsu
pport
ed S
yste
m C
om
ponen
ts
Sys
tem
and C
om
munic
ations
Pro
tect
ion
Sys
tem
and C
om
munic
atio
ns
Prote
ctio
n P
olic
y an
d P
roc
Applic
atio
n P
artitionin
g
Sec
urity
Funct
ion I
sola
tion
Info
rmat
ion in S
har
ed R
esourc
es
Den
ial of Ser
vice
Pro
tect
ion
Res
ourc
e Ava
ilabili
ty
Boundar
y Pr
ote
ctio
n
Tra
nsm
issi
on C
onfiden
tial
ity
and I
nte
grity
PS–07
PS–08 RA
RA–01
RA–02
RA–03
RA–04
RA–05
RA–06 SA
SA–01
SA–02
SA–03
SA–04
SA–05
SA–06
SA–07
SA–08
SA–09
SA–10
SA–11
SA–12
SA–13
SA–14
SA–15
SA–16
SA–17
SA–18
SA–19
SA–20
SA–21
SA–22 SC
SC–01
SC–02
SC–03
SC–04
SC–05
SC–06
SC–07
SC–08
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 54 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guide to General Server Security SP 800-123
Guidelines on Cell Phone and PDA Security SP 800-124
Guide to Security for Full Virtualization Technologies SP 800-125
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 1
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 2
Guide to Securing WiMAX Wireless Communications SP 800-127
Guide for Security-Focused Configuration Management of Information Syste SP 800-128
DRAFT A Framework for Designing Cryptographic Key Management Systems SP 800-130
Transitions: Recommendation for Transitioning the Use of Cryptographic Alg SP 800-131 A
DRAFT Transitions: Validation of Transitioning Cryptographic Algorithm and SP 800-131 B
DRAFT Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 SP 800-131 C
Recommendation for Password-Based Key Derivation Part 1: Storage Applica SP 800-132
DRAFT Recommendation for Cryptographic Key Generation SP 800-133
Recommendation for Existing Application-Specific Key Derivation Functions SP 800-135 Rev. 1
Information Security Continuous Monitoring for Federal Information Systems SP 800-137
Practical Combinatorial Testing SP 800-142
Guidelines on Security and Privacy in Public Cloud Computing SP 800-144
A NIST Definition of Cloud Computing SP 800-145
Cloud Computing Synopsis and Recommendations SP 800-146
Basic Input/Output System (BIOS) Protection Guidelines SP 800-147
Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153
DRAFT BIOS Integrity Measurement Guidelines SP 800-155
Third–Pa
rty
Pers
onnel
Sec
urity
Pers
onnel
San
ctio
ns
Ris
k Ass
essm
ent
Ris
k Ass
essm
ent
Polic
y an
d P
roce
dure
s
Sec
urity
Cat
egoriza
tion
Ris
k Ass
essm
ent
Withdra
wn
Vuln
erab
ility
Sca
nnin
g
Tec
hnic
al S
urv
eilla
nce
Counte
rmea
sure
s Surv
ey
Sys
tem
and S
ervi
ces
Acq
uis
itio
n
Sys
tem
and S
ervi
ces
Acq
uis
itio
n P
olic
y an
d P
roce
dure
s
Allo
cation
of Res
ourc
es
Sys
tem
Dev
elopm
ent
Life
Cyc
le
Acq
uis
itio
n P
roce
ss
Info
rmat
ion S
yste
m D
ocum
enta
tion
Withdra
wn
Withdra
wn
Sec
urity
Engin
eering P
rinci
ple
s
Ext
ernal
Info
rmat
ion S
yste
m S
ervi
ces
Dev
eloper
Configura
tion M
anag
emen
t
Dev
eloper
Sec
urity
Tes
ting a
nd E
valu
atio
n
Supply
Chai
n P
rote
ctio
n
Tru
stw
ort
hin
ess
Critica
lity
Anal
ysis
Dev
elopm
ent
Proce
ss,
Sta
ndar
ds,
and T
ools
Dev
eloper
–Pr
ovi
ded
Tra
inin
g
Dev
eloper
Sec
urity
Arc
hitec
ture
and D
esig
n
Tam
per
Res
ista
nce
and D
etec
tion
Com
ponen
t Auth
entici
ty
Cust
om
ized
Dev
elopm
ent
of Critica
l Com
ponen
ts
Dev
eloper
Scr
eenin
g
Unsu
pport
ed S
yste
m C
om
ponen
ts
Sys
tem
and C
om
munic
ations
Pro
tect
ion
Sys
tem
and C
om
munic
atio
ns
Prote
ctio
n P
olic
y an
d P
roc
Applic
atio
n P
artitionin
g
Sec
urity
Funct
ion I
sola
tion
Info
rmat
ion in S
har
ed R
esourc
es
Den
ial of Ser
vice
Pro
tect
ion
Res
ourc
e Ava
ilabili
ty
Boundar
y Pr
ote
ctio
n
Tra
nsm
issi
on C
onfiden
tial
ity
and I
nte
grity
PS–07
PS–08 RA
RA–01
RA–02
RA–03
RA–04
RA–05
RA–06 SA
SA–01
SA–02
SA–03
SA–04
SA–05
SA–06
SA–07
SA–08
SA–09
SA–10
SA–11
SA–12
SA–13
SA–14
SA–15
SA–16
SA–17
SA–18
SA–19
SA–20
SA–21
SA–22 SC
SC–01
SC–02
SC–03
SC–04
SC–05
SC–06
SC–07
SC–08
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 55 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Inventory of Authorized & Unauthorized Devices CSC–01 7
Inventory of Authorized and Unauthorized Software CSC–02 10
Secure Configurations for Mobile Devices, Workstations, Servers CSC–03 16
Continuous Vulnerability Assessment and Remediation CSC–04 6
Malware Defenses CSC–05 6
Application Software Security CSC–06 15
Wireless Device Control CSC–07 10
Data Recovery Capability CSC–08 3
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–09 9
Secure Configurations for Network Infrastructure & Security Devices CSC–10 12
Inventory of Authorized & Unauthorized Devices CSC–11 11
Inventory of Authorized and Unauthorized Software CSC–12 9
Secure Configurations for Mobile Devices, Workstations, Servers CSC–13 11
Continuous Vulnerability Assessment and Remediation CSC–14 17
Malware Defenses CSC–15 10
Application Software Security CSC–16 11
Wireless Device Control CSC–17 13
Data Recovery Capability CSC–18 9
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–19 9
Secure Configurations for Network Infrastructure & Security Devices CSC–20 9
NIST 800 Series Special Publications 1
An Introduction to Computer Security: The NIST Handbook SP 800-12
Telecommunications Security Guidelines for Telecommunications Manageme SP 800-13
Withdra
wn
Net
wor
k D
isco
nnec
t
Tru
sted
Pat
h
Cry
pto
gra
phic
Key
Est
ablis
hm
ent
and M
anag
emen
t
Cry
pto
gra
phic
Pro
tect
ion
Withdra
wn
Colla
bora
tive
Com
puting D
evic
es
Tra
nsm
issi
on o
f Sec
urity
Att
ribute
s
Public
Key
Infr
astr
uct
ure
Cer
tifica
tes
Mobile
Code
Voic
e O
ver
Inte
rnet
Pro
toco
l
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Auth
oritat
iv
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Rec
urs
ive
o
Arc
hitec
ture
and P
rovi
sionin
g for
Nam
e/Addre
ss R
esolu
Ses
sion A
uth
entici
ty
Fail
in K
now
n S
tate
Thin
Nodes
Hon
eypot
s
Plat
form
–In
dep
enden
t Applic
atio
ns
Prote
ctio
n o
f In
form
atio
n a
t Res
t
Het
erog
enei
ty
Conce
alm
ent
and M
isdirec
tion
Cove
rt C
han
nel
Anal
ysis
Info
rmat
ion S
yste
m P
artitionin
g
Withdra
wn
Non–M
odifia
ble
Exe
cuta
ble
Pro
gra
ms
Honey
clie
nts
Dis
trib
ute
d P
roce
ssin
g a
nd S
tora
ge
Out–
of–Ban
d C
han
nel
s
Oper
atio
ns
Sec
urity
Proce
ss I
sola
tion
Wirel
ess
Link
Prote
ctio
n
Port
and I
/O D
evic
e Acc
ess
Sen
sor
Cap
abili
ty a
nd D
ata
Usa
ge
Res
tric
tion
s
Det
onat
ion C
ham
ber
s
Sys
tem
and I
nfo
rmation I
nte
gri
ty
Sys
tem
and I
nfo
rmat
ion I
nte
grity
Polic
y an
d P
roce
dure
Flaw
Rem
edia
tion
Mal
icio
us
Code
Prote
ctio
n
Info
rmat
ion S
yste
m M
onitoring
Sec
urity
Ale
rts,
Advi
sories
, an
d D
irec
tive
s
SC–09
SC–10
SC–11
SC–12
SC–13
SC–14
SC–15
SC–16
SC–17
SC–18
SC–19
SC–20
SC–21
SC–22
SC–23
SC–24
SC–25
SC–26
SC–27
SC–28
SC–29
SC–30
SC–31
SC–32
SC–33
SC–34
SC–35
SC–36
SC–37
SC–38
SC–39
SC–40
SC–41
SC–42
SC–43
SC–44 SI
SI–
01
SI–
02
SI–
03
SI–
04
SI–
05
X 1 X
X X 1 X
X X 2 X X
X 2 X
X X 3 X X
X 4
X X 1 X
X 1 X
X X X X 1 X
1 X
1 X
1 X
X 1 X
X X 1 X
X X X 1 X
X X X X X
1
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 56 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Generally Accepted Principles and Practices for Securing Information Techno SP 800-14
MISPC Minimum Interoperability Specification for PKI Components SP 800-15 Version 1
Information Technology Security Training Requirements: A Role- and Perform SP 800-16
DRAFT Information Security Training Requirements: A Role- and Performanc SP 800-16 Rev. 1
Modes of Operation Validation System (MOVS): Requirements and Procedure SP 800-17
Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev.1
Mobile Agent Security SP 800-19
Modes of Operation Validation System for the Triple Data Encryption Algorith SP 800-20
Guideline for Implementing Cryptography in the Federal Government 800-21 2nd edition
A Statistical Test Suite for Random and Pseudorandom Number Generators f SP 800-22 Rev. 1a
Guidelines to Federal Organizations on Security Assurance and Acquisition/U SP 800-23
PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else D SP 800-24
Federal Agency Use of Public Key Technology for Digital Signatures and Auth SP 800-25
Engineering Principles for Information Technology Security (A Baseline for A SP 800-27 Rev. A
Guidelines on Active Content and Mobile Code SP 800-28 Version 2
A Comparison of the Security Requirements for Cryptographic Modules in FI SP 800-29
Risk Management Guide for Information Technology Systems SP 800-30
Guide for Conducting Risk Assessments SP 800-30 Rev. 1 1
Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32
Underlying Technical Models for Information Technology Security SP 800-33
Contingency Planning Guide for Federal Information Systems (Errata Page - SP 800-34 Rev. 1
Guide to Information Technology Security Services SP 800-35
Guide to Selecting Information Technology Security Products SP 800-36
Withdra
wn
Net
wor
k D
isco
nnec
t
Tru
sted
Pat
h
Cry
pto
gra
phic
Key
Est
ablis
hm
ent
and M
anag
emen
t
Cry
pto
gra
phic
Pro
tect
ion
Withdra
wn
Colla
bora
tive
Com
puting D
evic
es
Tra
nsm
issi
on o
f Sec
urity
Att
ribute
s
Public
Key
Infr
astr
uct
ure
Cer
tifica
tes
Mobile
Code
Voic
e O
ver
Inte
rnet
Pro
toco
l
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Auth
oritat
iv
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Rec
urs
ive
o
Arc
hitec
ture
and P
rovi
sionin
g for
Nam
e/Addre
ss R
esolu
Ses
sion A
uth
entici
ty
Fail
in K
now
n S
tate
Thin
Nodes
Hon
eypot
s
Plat
form
–In
dep
enden
t Applic
atio
ns
Prote
ctio
n o
f In
form
atio
n a
t Res
t
Het
erog
enei
ty
Conce
alm
ent
and M
isdirec
tion
Cove
rt C
han
nel
Anal
ysis
Info
rmat
ion S
yste
m P
artitionin
g
Withdra
wn
Non–M
odifia
ble
Exe
cuta
ble
Pro
gra
ms
Honey
clie
nts
Dis
trib
ute
d P
roce
ssin
g a
nd S
tora
ge
Out–
of–Ban
d C
han
nel
s
Oper
atio
ns
Sec
urity
Proce
ss I
sola
tion
Wirel
ess
Link
Prote
ctio
n
Port
and I
/O D
evic
e Acc
ess
Sen
sor
Cap
abili
ty a
nd D
ata
Usa
ge
Res
tric
tion
s
Det
onat
ion C
ham
ber
s
Sys
tem
and I
nfo
rmation I
nte
gri
ty
Sys
tem
and I
nfo
rmat
ion I
nte
grity
Polic
y an
d P
roce
dure
Flaw
Rem
edia
tion
Mal
icio
us
Code
Prote
ctio
n
Info
rmat
ion S
yste
m M
onitoring
Sec
urity
Ale
rts,
Advi
sories
, an
d D
irec
tive
s
SC–09
SC–10
SC–11
SC–12
SC–13
SC–14
SC–15
SC–16
SC–17
SC–18
SC–19
SC–20
SC–21
SC–22
SC–23
SC–24
SC–25
SC–26
SC–27
SC–28
SC–29
SC–30
SC–31
SC–32
SC–33
SC–34
SC–35
SC–36
SC–37
SC–38
SC–39
SC–40
SC–41
SC–42
SC–43
SC–44 SI
SI–
01
SI–
02
SI–
03
SI–
04
SI–
05
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 57 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guide for Applying the Risk Management Framework to Federal Information SP 800-37 Rev. 1
Recommendation for Block Cipher Modes of Operation - Methods and Techni SP 800-38 A
Recommendation for Block Cipher Modes of Operation: Three Variants of Cip800-38 A - Addendum
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for A SP 800-38 B
Recommendation for Block Cipher Modes of Operation: the CCM Mode for Au SP 800-38 C
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode SP 800-38 D
Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode f SP 800-38 E
DRAFT Recommendation for Block Cipher Modes of Operation: Methods for K SP 800-38 F
Managing Information Security Risk: Organization, Mission, and Information SP 800-39
Creating a Patch and Vulnerability Management Program 800-40 Version 2.0
Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1
Systems Administration Guidance for Windows 2000 Professional System SP 800-43
Guidelines on Securing Public Web Servers SP 800-44 Version 2
Guidelines on Electronic Mail Security SP 800-45 Version 2
Guide to Enterprise Telework and Remote Access Security SP 800-46 Rev. 1
Security Guide for Interconnecting Information Technology Systems SP 800-47
Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1
Federal S/MIME V3 Client Profile SP 800-49
Building an Information Technology Security Awareness and Training Progra SP 800-50
Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1
Guidelines for the Selection and Use of Transport Layer Security (TLS) Imple SP 800-52
Guide for Assessing the Security Controls in Federal Information Systems anSP 800-53 A Rev. 1
Recommended Security Controls for Federal Information Systems and Organ SP 800-53 Rev. 3
Withdra
wn
Net
wor
k D
isco
nnec
t
Tru
sted
Pat
h
Cry
pto
gra
phic
Key
Est
ablis
hm
ent
and M
anag
emen
t
Cry
pto
gra
phic
Pro
tect
ion
Withdra
wn
Colla
bora
tive
Com
puting D
evic
es
Tra
nsm
issi
on o
f Sec
urity
Att
ribute
s
Public
Key
Infr
astr
uct
ure
Cer
tifica
tes
Mobile
Code
Voic
e O
ver
Inte
rnet
Pro
toco
l
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Auth
oritat
iv
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Rec
urs
ive
o
Arc
hitec
ture
and P
rovi
sionin
g for
Nam
e/Addre
ss R
esolu
Ses
sion A
uth
entici
ty
Fail
in K
now
n S
tate
Thin
Nodes
Hon
eypot
s
Plat
form
–In
dep
enden
t Applic
atio
ns
Prote
ctio
n o
f In
form
atio
n a
t Res
t
Het
erog
enei
ty
Conce
alm
ent
and M
isdirec
tion
Cove
rt C
han
nel
Anal
ysis
Info
rmat
ion S
yste
m P
artitionin
g
Withdra
wn
Non–M
odifia
ble
Exe
cuta
ble
Pro
gra
ms
Honey
clie
nts
Dis
trib
ute
d P
roce
ssin
g a
nd S
tora
ge
Out–
of–Ban
d C
han
nel
s
Oper
atio
ns
Sec
urity
Proce
ss I
sola
tion
Wirel
ess
Link
Prote
ctio
n
Port
and I
/O D
evic
e Acc
ess
Sen
sor
Cap
abili
ty a
nd D
ata
Usa
ge
Res
tric
tion
s
Det
onat
ion C
ham
ber
s
Sys
tem
and I
nfo
rmation I
nte
gri
ty
Sys
tem
and I
nfo
rmat
ion I
nte
grity
Polic
y an
d P
roce
dure
Flaw
Rem
edia
tion
Mal
icio
us
Code
Prote
ctio
n
Info
rmat
ion S
yste
m M
onitoring
Sec
urity
Ale
rts,
Advi
sories
, an
d D
irec
tive
s
SC–09
SC–10
SC–11
SC–12
SC–13
SC–14
SC–15
SC–16
SC–17
SC–18
SC–19
SC–20
SC–21
SC–22
SC–23
SC–24
SC–25
SC–26
SC–27
SC–28
SC–29
SC–30
SC–31
SC–32
SC–33
SC–34
SC–35
SC–36
SC–37
SC–38
SC–39
SC–40
SC–41
SC–42
SC–43
SC–44 SI
SI–
01
SI–
02
SI–
03
SI–
04
SI–
05
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 58 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
DRAFT Security and Privacy Controls for Federal Information Systems and O SP 800-53 Rev. 4
Border Gateway Protocol Security SP 800-54
Performance Measurement Guide for Information Security SP 800-55 Rev. 1
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete L SP 800-56 A
Recommendation for Pair-Wise Key Establishment Schemes Using Integer Fa SP 800-56 B
Recommendation for Key Derivation through Extraction-then-Expansion SP 800-56 C
Recommendation for Key Management SP 800-57
DRAFT Recommendation for Key Management: Part 1: General SP 800-57 Part 1
Security Considerations for Voice Over IP Systems SP 800-58
Guideline for Identifying an Information System as a National Security Syste SP 800-59
Guide for Mapping Types of Information and Information Systems to Securit SP 800-60 Rev. 1
Computer Security Incident Handling Guide SP 800-61 Rev. 1
DRAFT Computer Security Incident Handling Guide SP 800-61 Rev. 2
Electronic Authentication Guideline SP 800-63 Rev. 1
Electronic Authentication Guideline 00-63 Version 1.0.2
Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2
Integrating IT Security into the Capital Planning and Investment Control Pro SP 800-65
DRAFT Recommendations for Integrating Information Security into the Capit SP 800-65 Rev. 1
An Introductory Resource Guide for Implementing the Health Insurance Port SP 800-66 Rev 1
Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Ciph SP 800-67 Rev. 1
Guide to Securing Microsoft Windows XP Systems for IT Professionals SP 800-68 Rev. 1
Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security SP 800-69
National Checklist Program for IT Products: Guidelines for Checklist Users an SP 800-70 Rev. 2
Withdra
wn
Net
wor
k D
isco
nnec
t
Tru
sted
Pat
h
Cry
pto
gra
phic
Key
Est
ablis
hm
ent
and M
anag
emen
t
Cry
pto
gra
phic
Pro
tect
ion
Withdra
wn
Colla
bora
tive
Com
puting D
evic
es
Tra
nsm
issi
on o
f Sec
urity
Att
ribute
s
Public
Key
Infr
astr
uct
ure
Cer
tifica
tes
Mobile
Code
Voic
e O
ver
Inte
rnet
Pro
toco
l
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Auth
oritat
iv
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Rec
urs
ive
o
Arc
hitec
ture
and P
rovi
sionin
g for
Nam
e/Addre
ss R
esolu
Ses
sion A
uth
entici
ty
Fail
in K
now
n S
tate
Thin
Nodes
Hon
eypot
s
Plat
form
–In
dep
enden
t Applic
atio
ns
Prote
ctio
n o
f In
form
atio
n a
t Res
t
Het
erog
enei
ty
Conce
alm
ent
and M
isdirec
tion
Cove
rt C
han
nel
Anal
ysis
Info
rmat
ion S
yste
m P
artitionin
g
Withdra
wn
Non–M
odifia
ble
Exe
cuta
ble
Pro
gra
ms
Honey
clie
nts
Dis
trib
ute
d P
roce
ssin
g a
nd S
tora
ge
Out–
of–Ban
d C
han
nel
s
Oper
atio
ns
Sec
urity
Proce
ss I
sola
tion
Wirel
ess
Link
Prote
ctio
n
Port
and I
/O D
evic
e Acc
ess
Sen
sor
Cap
abili
ty a
nd D
ata
Usa
ge
Res
tric
tion
s
Det
onat
ion C
ham
ber
s
Sys
tem
and I
nfo
rmation I
nte
gri
ty
Sys
tem
and I
nfo
rmat
ion I
nte
grity
Polic
y an
d P
roce
dure
Flaw
Rem
edia
tion
Mal
icio
us
Code
Prote
ctio
n
Info
rmat
ion S
yste
m M
onitoring
Sec
urity
Ale
rts,
Advi
sories
, an
d D
irec
tive
s
SC–09
SC–10
SC–11
SC–12
SC–13
SC–14
SC–15
SC–16
SC–17
SC–18
SC–19
SC–20
SC–21
SC–22
SC–23
SC–24
SC–25
SC–26
SC–27
SC–28
SC–29
SC–30
SC–31
SC–32
SC–33
SC–34
SC–35
SC–36
SC–37
SC–38
SC–39
SC–40
SC–41
SC–42
SC–43
SC–44 SI
SI–
01
SI–
02
SI–
03
SI–
04
SI–
05
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 59 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guidelines on PDA Forensics SP 800-72
Interfaces for Personal Identity Verification (4 Parts) SP 800-73 -3
Biometric Data Specification for Personal Identity Verification SP 800-76 -1
DRAFT Biometric Data Specification for Personal Identity Verification SP 800-76 -2
Guide to IPsec VPNs SP 800-77
Cryptographic Algorithms and Key Sizes for Personal Identification Verificatio SP 800-78 -3
Guidelines for the Accreditation of Personal Identity Verification (PIV) Card I SP 800-79 -1
Secure Domain Name System (DNS) Deployment Guide SP 800-81 Rev. 1
Guide to Industrial Control Systems (ICS) Security SP 800-82
Guide to Malware Incident Prevention and Handling SP 800-83
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP 800-84
PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 SP 800-85 A-2
PIV Data Model Test Guidelines SP 800-85 B
DRAFT PIV Data Model Conformance Test Guidelines SP 800-85 B-1
Guide to Integrating Forensic Techniques into Incident Response SP 800-86
Codes for Identification of Federal and Federally-Assisted Organizations SP 800-87 Rev 1
Guidelines for Media Sanitization SP 800-88
Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89
Recommendation for Random Number Generation Using Deterministic Rando SP 800-90 A
Guide to Computer Security Log Management SP 800-92
Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94
Guide to Secure Web Services SP 800-95
PIV Card to Reader Interoperability Guidelines SP 800-96
Withdra
wn
Net
wor
k D
isco
nnec
t
Tru
sted
Pat
h
Cry
pto
gra
phic
Key
Est
ablis
hm
ent
and M
anag
emen
t
Cry
pto
gra
phic
Pro
tect
ion
Withdra
wn
Colla
bora
tive
Com
puting D
evic
es
Tra
nsm
issi
on o
f Sec
urity
Att
ribute
s
Public
Key
Infr
astr
uct
ure
Cer
tifica
tes
Mobile
Code
Voic
e O
ver
Inte
rnet
Pro
toco
l
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Auth
oritat
iv
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Rec
urs
ive
o
Arc
hitec
ture
and P
rovi
sionin
g for
Nam
e/Addre
ss R
esolu
Ses
sion A
uth
entici
ty
Fail
in K
now
n S
tate
Thin
Nodes
Hon
eypot
s
Plat
form
–In
dep
enden
t Applic
atio
ns
Prote
ctio
n o
f In
form
atio
n a
t Res
t
Het
erog
enei
ty
Conce
alm
ent
and M
isdirec
tion
Cove
rt C
han
nel
Anal
ysis
Info
rmat
ion S
yste
m P
artitionin
g
Withdra
wn
Non–M
odifia
ble
Exe
cuta
ble
Pro
gra
ms
Honey
clie
nts
Dis
trib
ute
d P
roce
ssin
g a
nd S
tora
ge
Out–
of–Ban
d C
han
nel
s
Oper
atio
ns
Sec
urity
Proce
ss I
sola
tion
Wirel
ess
Link
Prote
ctio
n
Port
and I
/O D
evic
e Acc
ess
Sen
sor
Cap
abili
ty a
nd D
ata
Usa
ge
Res
tric
tion
s
Det
onat
ion C
ham
ber
s
Sys
tem
and I
nfo
rmation I
nte
gri
ty
Sys
tem
and I
nfo
rmat
ion I
nte
grity
Polic
y an
d P
roce
dure
Flaw
Rem
edia
tion
Mal
icio
us
Code
Prote
ctio
n
Info
rmat
ion S
yste
m M
onitoring
Sec
urity
Ale
rts,
Advi
sories
, an
d D
irec
tive
s
SC–09
SC–10
SC–11
SC–12
SC–13
SC–14
SC–15
SC–16
SC–17
SC–18
SC–19
SC–20
SC–21
SC–22
SC–23
SC–24
SC–25
SC–26
SC–27
SC–28
SC–29
SC–30
SC–31
SC–32
SC–33
SC–34
SC–35
SC–36
SC–37
SC–38
SC–39
SC–40
SC–41
SC–42
SC–43
SC–44 SI
SI–
01
SI–
02
SI–
03
SI–
04
SI–
05
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 60 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97
Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98
Information Security Handbook: A Guide for Managers SP 800-100
Guidelines on Cell Phone Forensics SP 800-101
Recommendation for Digital Signature Timeliness SP 800-102
DRAFT An Ontology of Identity Credentials, Part I: Background and Formula SP 800-103
A Scheme for PIV Visual Card Topography SP 800-104
Randomized Hashing for Digital Signatures SP 800-106
Recommendation for Applications Using Approved Hash Algorithms SP 800-107
DRAFT Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Revised
Recommendation for Key Derivation Using Pseudorandom Functions SP 800-108
Guide to Storage Encryption Technologies for End User Devices SP 800-111
Guide to SSL VPNs SP 800-113
User's Guide to Securing External Devices for Telework and Remote Access SP 800-114
Technical Guide to Information Security Testing and Assessment SP 800-115
A Recommendation for the Use of PIV Credentials in Physical Access Control SP 800-116
Guide to Adopting and Using the Security Content Automation Protocol (SCA SP 800-117
DRAFT Guide to Adopting and Using the Security Content Automation Protoc SP 800-117 Rev. 1
DRAFT Guide to Enterprise Password Management SP 800-118
Guidelines for the Secure Deployment of IPv6 SP 800-119
Recommendation for EAP Methods Used in Wireless Network Access Authent SP 800-120
Guide to Bluetooth Security SP 800-121 Rev. 1
Guide to Protecting the Confidentiality of Personally Identifiable Information SP 800-122
Withdra
wn
Net
wor
k D
isco
nnec
t
Tru
sted
Pat
h
Cry
pto
gra
phic
Key
Est
ablis
hm
ent
and M
anag
emen
t
Cry
pto
gra
phic
Pro
tect
ion
Withdra
wn
Colla
bora
tive
Com
puting D
evic
es
Tra
nsm
issi
on o
f Sec
urity
Att
ribute
s
Public
Key
Infr
astr
uct
ure
Cer
tifica
tes
Mobile
Code
Voic
e O
ver
Inte
rnet
Pro
toco
l
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Auth
oritat
iv
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Rec
urs
ive
o
Arc
hitec
ture
and P
rovi
sionin
g for
Nam
e/Addre
ss R
esolu
Ses
sion A
uth
entici
ty
Fail
in K
now
n S
tate
Thin
Nodes
Hon
eypot
s
Plat
form
–In
dep
enden
t Applic
atio
ns
Prote
ctio
n o
f In
form
atio
n a
t Res
t
Het
erog
enei
ty
Conce
alm
ent
and M
isdirec
tion
Cove
rt C
han
nel
Anal
ysis
Info
rmat
ion S
yste
m P
artitionin
g
Withdra
wn
Non–M
odifia
ble
Exe
cuta
ble
Pro
gra
ms
Honey
clie
nts
Dis
trib
ute
d P
roce
ssin
g a
nd S
tora
ge
Out–
of–Ban
d C
han
nel
s
Oper
atio
ns
Sec
urity
Proce
ss I
sola
tion
Wirel
ess
Link
Prote
ctio
n
Port
and I
/O D
evic
e Acc
ess
Sen
sor
Cap
abili
ty a
nd D
ata
Usa
ge
Res
tric
tion
s
Det
onat
ion C
ham
ber
s
Sys
tem
and I
nfo
rmation I
nte
gri
ty
Sys
tem
and I
nfo
rmat
ion I
nte
grity
Polic
y an
d P
roce
dure
Flaw
Rem
edia
tion
Mal
icio
us
Code
Prote
ctio
n
Info
rmat
ion S
yste
m M
onitoring
Sec
urity
Ale
rts,
Advi
sories
, an
d D
irec
tive
s
SC–09
SC–10
SC–11
SC–12
SC–13
SC–14
SC–15
SC–16
SC–17
SC–18
SC–19
SC–20
SC–21
SC–22
SC–23
SC–24
SC–25
SC–26
SC–27
SC–28
SC–29
SC–30
SC–31
SC–32
SC–33
SC–34
SC–35
SC–36
SC–37
SC–38
SC–39
SC–40
SC–41
SC–42
SC–43
SC–44 SI
SI–
01
SI–
02
SI–
03
SI–
04
SI–
05
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 61 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guide to General Server Security SP 800-123
Guidelines on Cell Phone and PDA Security SP 800-124
Guide to Security for Full Virtualization Technologies SP 800-125
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 1
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 2
Guide to Securing WiMAX Wireless Communications SP 800-127
Guide for Security-Focused Configuration Management of Information Syste SP 800-128
DRAFT A Framework for Designing Cryptographic Key Management Systems SP 800-130
Transitions: Recommendation for Transitioning the Use of Cryptographic Alg SP 800-131 A
DRAFT Transitions: Validation of Transitioning Cryptographic Algorithm and SP 800-131 B
DRAFT Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 SP 800-131 C
Recommendation for Password-Based Key Derivation Part 1: Storage Applica SP 800-132
DRAFT Recommendation for Cryptographic Key Generation SP 800-133
Recommendation for Existing Application-Specific Key Derivation Functions SP 800-135 Rev. 1
Information Security Continuous Monitoring for Federal Information Systems SP 800-137
Practical Combinatorial Testing SP 800-142
Guidelines on Security and Privacy in Public Cloud Computing SP 800-144
A NIST Definition of Cloud Computing SP 800-145
Cloud Computing Synopsis and Recommendations SP 800-146
Basic Input/Output System (BIOS) Protection Guidelines SP 800-147
Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153
DRAFT BIOS Integrity Measurement Guidelines SP 800-155
Withdra
wn
Net
wor
k D
isco
nnec
t
Tru
sted
Pat
h
Cry
pto
gra
phic
Key
Est
ablis
hm
ent
and M
anag
emen
t
Cry
pto
gra
phic
Pro
tect
ion
Withdra
wn
Colla
bora
tive
Com
puting D
evic
es
Tra
nsm
issi
on o
f Sec
urity
Att
ribute
s
Public
Key
Infr
astr
uct
ure
Cer
tifica
tes
Mobile
Code
Voic
e O
ver
Inte
rnet
Pro
toco
l
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Auth
oritat
iv
Sec
ure
Nam
e /A
ddre
ss R
esol
ution
Ser
vice
(Rec
urs
ive
o
Arc
hitec
ture
and P
rovi
sionin
g for
Nam
e/Addre
ss R
esolu
Ses
sion A
uth
entici
ty
Fail
in K
now
n S
tate
Thin
Nodes
Hon
eypot
s
Plat
form
–In
dep
enden
t Applic
atio
ns
Prote
ctio
n o
f In
form
atio
n a
t Res
t
Het
erog
enei
ty
Conce
alm
ent
and M
isdirec
tion
Cove
rt C
han
nel
Anal
ysis
Info
rmat
ion S
yste
m P
artitionin
g
Withdra
wn
Non–M
odifia
ble
Exe
cuta
ble
Pro
gra
ms
Honey
clie
nts
Dis
trib
ute
d P
roce
ssin
g a
nd S
tora
ge
Out–
of–Ban
d C
han
nel
s
Oper
atio
ns
Sec
urity
Proce
ss I
sola
tion
Wirel
ess
Link
Prote
ctio
n
Port
and I
/O D
evic
e Acc
ess
Sen
sor
Cap
abili
ty a
nd D
ata
Usa
ge
Res
tric
tion
s
Det
onat
ion C
ham
ber
s
Sys
tem
and I
nfo
rmation I
nte
gri
ty
Sys
tem
and I
nfo
rmat
ion I
nte
grity
Polic
y an
d P
roce
dure
Flaw
Rem
edia
tion
Mal
icio
us
Code
Prote
ctio
n
Info
rmat
ion S
yste
m M
onitoring
Sec
urity
Ale
rts,
Advi
sories
, an
d D
irec
tive
s
SC–09
SC–10
SC–11
SC–12
SC–13
SC–14
SC–15
SC–16
SC–17
SC–18
SC–19
SC–20
SC–21
SC–22
SC–23
SC–24
SC–25
SC–26
SC–27
SC–28
SC–29
SC–30
SC–31
SC–32
SC–33
SC–34
SC–35
SC–36
SC–37
SC–38
SC–39
SC–40
SC–41
SC–42
SC–43
SC–44 SI
SI–
01
SI–
02
SI–
03
SI–
04
SI–
05
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 62 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Inventory of Authorized & Unauthorized Devices CSC–01 7
Inventory of Authorized and Unauthorized Software CSC–02 10
Secure Configurations for Mobile Devices, Workstations, Servers CSC–03 16
Continuous Vulnerability Assessment and Remediation CSC–04 6
Malware Defenses CSC–05 6
Application Software Security CSC–06 15
Wireless Device Control CSC–07 10
Data Recovery Capability CSC–08 3
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–09 9
Secure Configurations for Network Infrastructure & Security Devices CSC–10 12
Inventory of Authorized & Unauthorized Devices CSC–11 11
Inventory of Authorized and Unauthorized Software CSC–12 9
Secure Configurations for Mobile Devices, Workstations, Servers CSC–13 11
Continuous Vulnerability Assessment and Remediation CSC–14 17
Malware Defenses CSC–15 10
Application Software Security CSC–16 11
Wireless Device Control CSC–17 13
Data Recovery Capability CSC–18 9
Security Skills Assessment and Appropriate Training to Fill Gaps CSC–19 9
Secure Configurations for Network Infrastructure & Security Devices CSC–20 9
NIST 800 Series Special Publications 1
An Introduction to Computer Security: The NIST Handbook SP 800-12
Telecommunications Security Guidelines for Telecommunications Manageme SP 800-13
Sec
urity
Funct
ion V
erific
atio
n
Soft
war
e, F
irm
war
e, a
nd I
nfo
rmat
ion I
nte
grity
Spam
Pro
tect
ion
Withdra
wn
Info
rmat
ion I
nput
Val
idat
ion
Err
or
Han
dlin
g
Info
rmat
ion H
andlin
g a
nd R
eten
tion
Pred
icta
ble
Fai
lure
Pre
vention
Non–Pe
rsis
tence
Info
rmat
ion O
utp
ut
Filter
ing
Mem
ory
Pro
tect
ion
Fail–
Saf
e Pr
oce
dure
s
Pro
gra
m M
anagem
ent
Info
rmat
ion S
ecurity
Pro
gra
m P
lan
Sen
ior
Info
rmat
ion S
ecurity
Offic
er
Info
rmat
ion S
ecurity
Res
ourc
es
Plan
of Act
ion a
nd M
ilest
ones
Pro
cess
Info
rmat
ion S
yste
m I
nve
nto
ry
Info
rmat
ion S
ecurity
Mea
sure
s of Pe
rform
ance
Ente
rprise
Arc
hitec
ture
Critica
l In
fras
truct
ure
Pla
n
Ris
k M
anag
emen
t Str
ateg
y
Sec
urity
Auth
oriza
tion P
roce
ss
Mis
sion
/Busi
nes
s Pr
oces
s D
efin
itio
n
Isid
er T
hre
at P
rogra
m
Info
rmat
ion S
ecurity
Work
forc
e
Tes
ting,
Tra
inin
g,
& M
onitoring
Con
tact
s w
ith S
ecurity
Gro
ups
and A
ssoc
iation
s
Thre
at A
war
enes
s Pr
ogra
m
SI–
06
SI–
07
SI–
08
SI–
09
SI–
10
SI–
11
SI–
12
SI–
13
SI–
14
SI–
15
SI–
16
SI–
17 PM
PM–01
PM–02
PM–03
PM–04
PM–05
PM–06
PM–07
PM–08
PM–09
PM–10
PM–11
PM–12
PM–13
PM–14
PM–15
PM–16
1 X
1 X
X
X
X X X X
3 X X X
X 3 X X X
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 63 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Generally Accepted Principles and Practices for Securing Information Techno SP 800-14
MISPC Minimum Interoperability Specification for PKI Components SP 800-15 Version 1
Information Technology Security Training Requirements: A Role- and Perform SP 800-16
DRAFT Information Security Training Requirements: A Role- and Performanc SP 800-16 Rev. 1
Modes of Operation Validation System (MOVS): Requirements and Procedure SP 800-17
Guide for Developing Security Plans for Federal Information Systems SP 800-18 Rev.1
Mobile Agent Security SP 800-19
Modes of Operation Validation System for the Triple Data Encryption Algorith SP 800-20
Guideline for Implementing Cryptography in the Federal Government 800-21 2nd edition
A Statistical Test Suite for Random and Pseudorandom Number Generators f SP 800-22 Rev. 1a
Guidelines to Federal Organizations on Security Assurance and Acquisition/U SP 800-23
PBX Vulnerability Analysis: Finding Holes in Your PBX Before Someone Else D SP 800-24
Federal Agency Use of Public Key Technology for Digital Signatures and Auth SP 800-25
Engineering Principles for Information Technology Security (A Baseline for A SP 800-27 Rev. A
Guidelines on Active Content and Mobile Code SP 800-28 Version 2
A Comparison of the Security Requirements for Cryptographic Modules in FI SP 800-29
Risk Management Guide for Information Technology Systems SP 800-30
Guide for Conducting Risk Assessments SP 800-30 Rev. 1 1
Introduction to Public Key Technology and the Federal PKI Infrastructure SP 800-32
Underlying Technical Models for Information Technology Security SP 800-33
Contingency Planning Guide for Federal Information Systems (Errata Page - SP 800-34 Rev. 1
Guide to Information Technology Security Services SP 800-35
Guide to Selecting Information Technology Security Products SP 800-36
Sec
urity
Funct
ion V
erific
atio
n
Soft
war
e, F
irm
war
e, a
nd I
nfo
rmat
ion I
nte
grity
Spam
Pro
tect
ion
Withdra
wn
Info
rmat
ion I
nput
Val
idat
ion
Err
or
Han
dlin
g
Info
rmat
ion H
andlin
g a
nd R
eten
tion
Pred
icta
ble
Fai
lure
Pre
vention
Non–Pe
rsis
tence
Info
rmat
ion O
utp
ut
Filter
ing
Mem
ory
Pro
tect
ion
Fail–
Saf
e Pr
oce
dure
s
Pro
gra
m M
anagem
ent
Info
rmat
ion S
ecurity
Pro
gra
m P
lan
Sen
ior
Info
rmat
ion S
ecurity
Offic
er
Info
rmat
ion S
ecurity
Res
ourc
es
Plan
of Act
ion a
nd M
ilest
ones
Pro
cess
Info
rmat
ion S
yste
m I
nve
nto
ry
Info
rmat
ion S
ecurity
Mea
sure
s of Pe
rform
ance
Ente
rprise
Arc
hitec
ture
Critica
l In
fras
truct
ure
Pla
n
Ris
k M
anag
emen
t Str
ateg
y
Sec
urity
Auth
oriza
tion P
roce
ss
Mis
sion
/Busi
nes
s Pr
oces
s D
efin
itio
n
Isid
er T
hre
at P
rogra
m
Info
rmat
ion S
ecurity
Work
forc
e
Tes
ting,
Tra
inin
g,
& M
onitoring
Con
tact
s w
ith S
ecurity
Gro
ups
and A
ssoc
iation
s
Thre
at A
war
enes
s Pr
ogra
m
SI–
06
SI–
07
SI–
08
SI–
09
SI–
10
SI–
11
SI–
12
SI–
13
SI–
14
SI–
15
SI–
16
SI–
17 PM
PM–01
PM–02
PM–03
PM–04
PM–05
PM–06
PM–07
PM–08
PM–09
PM–10
PM–11
PM–12
PM–13
PM–14
PM–15
PM–16
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 64 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guide for Applying the Risk Management Framework to Federal Information SP 800-37 Rev. 1
Recommendation for Block Cipher Modes of Operation - Methods and Techni SP 800-38 A
Recommendation for Block Cipher Modes of Operation: Three Variants of Cip800-38 A - Addendum
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for A SP 800-38 B
Recommendation for Block Cipher Modes of Operation: the CCM Mode for Au SP 800-38 C
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode SP 800-38 D
Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode f SP 800-38 E
DRAFT Recommendation for Block Cipher Modes of Operation: Methods for K SP 800-38 F
Managing Information Security Risk: Organization, Mission, and Information SP 800-39
Creating a Patch and Vulnerability Management Program 800-40 Version 2.0
Guidelines on Firewalls and Firewall Policy SP 800-41 Rev. 1
Systems Administration Guidance for Windows 2000 Professional System SP 800-43
Guidelines on Securing Public Web Servers SP 800-44 Version 2
Guidelines on Electronic Mail Security SP 800-45 Version 2
Guide to Enterprise Telework and Remote Access Security SP 800-46 Rev. 1
Security Guide for Interconnecting Information Technology Systems SP 800-47
Guide to Securing Legacy IEEE 802.11 Wireless Networks SP 800-48 Rev. 1
Federal S/MIME V3 Client Profile SP 800-49
Building an Information Technology Security Awareness and Training Progra SP 800-50
Guide to Using Vulnerability Naming Schemes SP 800-51 Rev. 1
Guidelines for the Selection and Use of Transport Layer Security (TLS) Imple SP 800-52
Guide for Assessing the Security Controls in Federal Information Systems anSP 800-53 A Rev. 1
Recommended Security Controls for Federal Information Systems and Organ SP 800-53 Rev. 3
Sec
urity
Funct
ion V
erific
atio
n
Soft
war
e, F
irm
war
e, a
nd I
nfo
rmat
ion I
nte
grity
Spam
Pro
tect
ion
Withdra
wn
Info
rmat
ion I
nput
Val
idat
ion
Err
or
Han
dlin
g
Info
rmat
ion H
andlin
g a
nd R
eten
tion
Pred
icta
ble
Fai
lure
Pre
vention
Non–Pe
rsis
tence
Info
rmat
ion O
utp
ut
Filter
ing
Mem
ory
Pro
tect
ion
Fail–
Saf
e Pr
oce
dure
s
Pro
gra
m M
anagem
ent
Info
rmat
ion S
ecurity
Pro
gra
m P
lan
Sen
ior
Info
rmat
ion S
ecurity
Offic
er
Info
rmat
ion S
ecurity
Res
ourc
es
Plan
of Act
ion a
nd M
ilest
ones
Pro
cess
Info
rmat
ion S
yste
m I
nve
nto
ry
Info
rmat
ion S
ecurity
Mea
sure
s of Pe
rform
ance
Ente
rprise
Arc
hitec
ture
Critica
l In
fras
truct
ure
Pla
n
Ris
k M
anag
emen
t Str
ateg
y
Sec
urity
Auth
oriza
tion P
roce
ss
Mis
sion
/Busi
nes
s Pr
oces
s D
efin
itio
n
Isid
er T
hre
at P
rogra
m
Info
rmat
ion S
ecurity
Work
forc
e
Tes
ting,
Tra
inin
g,
& M
onitoring
Con
tact
s w
ith S
ecurity
Gro
ups
and A
ssoc
iation
s
Thre
at A
war
enes
s Pr
ogra
m
SI–
06
SI–
07
SI–
08
SI–
09
SI–
10
SI–
11
SI–
12
SI–
13
SI–
14
SI–
15
SI–
16
SI–
17 PM
PM–01
PM–02
PM–03
PM–04
PM–05
PM–06
PM–07
PM–08
PM–09
PM–10
PM–11
PM–12
PM–13
PM–14
PM–15
PM–16
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 65 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
DRAFT Security and Privacy Controls for Federal Information Systems and O SP 800-53 Rev. 4
Border Gateway Protocol Security SP 800-54
Performance Measurement Guide for Information Security SP 800-55 Rev. 1
Recommendation for Pair-Wise Key Establishment Schemes Using Discrete L SP 800-56 A
Recommendation for Pair-Wise Key Establishment Schemes Using Integer Fa SP 800-56 B
Recommendation for Key Derivation through Extraction-then-Expansion SP 800-56 C
Recommendation for Key Management SP 800-57
DRAFT Recommendation for Key Management: Part 1: General SP 800-57 Part 1
Security Considerations for Voice Over IP Systems SP 800-58
Guideline for Identifying an Information System as a National Security Syste SP 800-59
Guide for Mapping Types of Information and Information Systems to Securit SP 800-60 Rev. 1
Computer Security Incident Handling Guide SP 800-61 Rev. 1
DRAFT Computer Security Incident Handling Guide SP 800-61 Rev. 2
Electronic Authentication Guideline SP 800-63 Rev. 1
Electronic Authentication Guideline 00-63 Version 1.0.2
Security Considerations in the System Development Life Cycle SP 800-64 Rev. 2
Integrating IT Security into the Capital Planning and Investment Control Pro SP 800-65
DRAFT Recommendations for Integrating Information Security into the Capit SP 800-65 Rev. 1
An Introductory Resource Guide for Implementing the Health Insurance Port SP 800-66 Rev 1
Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Ciph SP 800-67 Rev. 1
Guide to Securing Microsoft Windows XP Systems for IT Professionals SP 800-68 Rev. 1
Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security SP 800-69
National Checklist Program for IT Products: Guidelines for Checklist Users an SP 800-70 Rev. 2
Sec
urity
Funct
ion V
erific
atio
n
Soft
war
e, F
irm
war
e, a
nd I
nfo
rmat
ion I
nte
grity
Spam
Pro
tect
ion
Withdra
wn
Info
rmat
ion I
nput
Val
idat
ion
Err
or
Han
dlin
g
Info
rmat
ion H
andlin
g a
nd R
eten
tion
Pred
icta
ble
Fai
lure
Pre
vention
Non–Pe
rsis
tence
Info
rmat
ion O
utp
ut
Filter
ing
Mem
ory
Pro
tect
ion
Fail–
Saf
e Pr
oce
dure
s
Pro
gra
m M
anagem
ent
Info
rmat
ion S
ecurity
Pro
gra
m P
lan
Sen
ior
Info
rmat
ion S
ecurity
Offic
er
Info
rmat
ion S
ecurity
Res
ourc
es
Plan
of Act
ion a
nd M
ilest
ones
Pro
cess
Info
rmat
ion S
yste
m I
nve
nto
ry
Info
rmat
ion S
ecurity
Mea
sure
s of Pe
rform
ance
Ente
rprise
Arc
hitec
ture
Critica
l In
fras
truct
ure
Pla
n
Ris
k M
anag
emen
t Str
ateg
y
Sec
urity
Auth
oriza
tion P
roce
ss
Mis
sion
/Busi
nes
s Pr
oces
s D
efin
itio
n
Isid
er T
hre
at P
rogra
m
Info
rmat
ion S
ecurity
Work
forc
e
Tes
ting,
Tra
inin
g,
& M
onitoring
Con
tact
s w
ith S
ecurity
Gro
ups
and A
ssoc
iation
s
Thre
at A
war
enes
s Pr
ogra
m
SI–
06
SI–
07
SI–
08
SI–
09
SI–
10
SI–
11
SI–
12
SI–
13
SI–
14
SI–
15
SI–
16
SI–
17 PM
PM–01
PM–02
PM–03
PM–04
PM–05
PM–06
PM–07
PM–08
PM–09
PM–10
PM–11
PM–12
PM–13
PM–14
PM–15
PM–16
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 66 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guidelines on PDA Forensics SP 800-72
Interfaces for Personal Identity Verification (4 Parts) SP 800-73 -3
Biometric Data Specification for Personal Identity Verification SP 800-76 -1
DRAFT Biometric Data Specification for Personal Identity Verification SP 800-76 -2
Guide to IPsec VPNs SP 800-77
Cryptographic Algorithms and Key Sizes for Personal Identification Verificatio SP 800-78 -3
Guidelines for the Accreditation of Personal Identity Verification (PIV) Card I SP 800-79 -1
Secure Domain Name System (DNS) Deployment Guide SP 800-81 Rev. 1
Guide to Industrial Control Systems (ICS) Security SP 800-82
Guide to Malware Incident Prevention and Handling SP 800-83
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities SP 800-84
PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 SP 800-85 A-2
PIV Data Model Test Guidelines SP 800-85 B
DRAFT PIV Data Model Conformance Test Guidelines SP 800-85 B-1
Guide to Integrating Forensic Techniques into Incident Response SP 800-86
Codes for Identification of Federal and Federally-Assisted Organizations SP 800-87 Rev 1
Guidelines for Media Sanitization SP 800-88
Recommendation for Obtaining Assurances for Digital Signature Applications SP 800-89
Recommendation for Random Number Generation Using Deterministic Rando SP 800-90 A
Guide to Computer Security Log Management SP 800-92
Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800-94
Guide to Secure Web Services SP 800-95
PIV Card to Reader Interoperability Guidelines SP 800-96
Sec
urity
Funct
ion V
erific
atio
n
Soft
war
e, F
irm
war
e, a
nd I
nfo
rmat
ion I
nte
grity
Spam
Pro
tect
ion
Withdra
wn
Info
rmat
ion I
nput
Val
idat
ion
Err
or
Han
dlin
g
Info
rmat
ion H
andlin
g a
nd R
eten
tion
Pred
icta
ble
Fai
lure
Pre
vention
Non–Pe
rsis
tence
Info
rmat
ion O
utp
ut
Filter
ing
Mem
ory
Pro
tect
ion
Fail–
Saf
e Pr
oce
dure
s
Pro
gra
m M
anagem
ent
Info
rmat
ion S
ecurity
Pro
gra
m P
lan
Sen
ior
Info
rmat
ion S
ecurity
Offic
er
Info
rmat
ion S
ecurity
Res
ourc
es
Plan
of Act
ion a
nd M
ilest
ones
Pro
cess
Info
rmat
ion S
yste
m I
nve
nto
ry
Info
rmat
ion S
ecurity
Mea
sure
s of Pe
rform
ance
Ente
rprise
Arc
hitec
ture
Critica
l In
fras
truct
ure
Pla
n
Ris
k M
anag
emen
t Str
ateg
y
Sec
urity
Auth
oriza
tion P
roce
ss
Mis
sion
/Busi
nes
s Pr
oces
s D
efin
itio
n
Isid
er T
hre
at P
rogra
m
Info
rmat
ion S
ecurity
Work
forc
e
Tes
ting,
Tra
inin
g,
& M
onitoring
Con
tact
s w
ith S
ecurity
Gro
ups
and A
ssoc
iation
s
Thre
at A
war
enes
s Pr
ogra
m
SI–
06
SI–
07
SI–
08
SI–
09
SI–
10
SI–
11
SI–
12
SI–
13
SI–
14
SI–
15
SI–
16
SI–
17 PM
PM–01
PM–02
PM–03
PM–04
PM–05
PM–06
PM–07
PM–08
PM–09
PM–10
PM–11
PM–12
PM–13
PM–14
PM–15
PM–16
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 67 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-97
Guidelines for Securing Radio Frequency Identification (RFID) Systems SP 800-98
Information Security Handbook: A Guide for Managers SP 800-100
Guidelines on Cell Phone Forensics SP 800-101
Recommendation for Digital Signature Timeliness SP 800-102
DRAFT An Ontology of Identity Credentials, Part I: Background and Formula SP 800-103
A Scheme for PIV Visual Card Topography SP 800-104
Randomized Hashing for Digital Signatures SP 800-106
Recommendation for Applications Using Approved Hash Algorithms SP 800-107
DRAFT Recommendation for Applications Using Approved Hash Algorithms SP 800-107 Revised
Recommendation for Key Derivation Using Pseudorandom Functions SP 800-108
Guide to Storage Encryption Technologies for End User Devices SP 800-111
Guide to SSL VPNs SP 800-113
User's Guide to Securing External Devices for Telework and Remote Access SP 800-114
Technical Guide to Information Security Testing and Assessment SP 800-115
A Recommendation for the Use of PIV Credentials in Physical Access Control SP 800-116
Guide to Adopting and Using the Security Content Automation Protocol (SCA SP 800-117
DRAFT Guide to Adopting and Using the Security Content Automation Protoc SP 800-117 Rev. 1
DRAFT Guide to Enterprise Password Management SP 800-118
Guidelines for the Secure Deployment of IPv6 SP 800-119
Recommendation for EAP Methods Used in Wireless Network Access Authent SP 800-120
Guide to Bluetooth Security SP 800-121 Rev. 1
Guide to Protecting the Confidentiality of Personally Identifiable Information SP 800-122
Sec
urity
Funct
ion V
erific
atio
n
Soft
war
e, F
irm
war
e, a
nd I
nfo
rmat
ion I
nte
grity
Spam
Pro
tect
ion
Withdra
wn
Info
rmat
ion I
nput
Val
idat
ion
Err
or
Han
dlin
g
Info
rmat
ion H
andlin
g a
nd R
eten
tion
Pred
icta
ble
Fai
lure
Pre
vention
Non–Pe
rsis
tence
Info
rmat
ion O
utp
ut
Filter
ing
Mem
ory
Pro
tect
ion
Fail–
Saf
e Pr
oce
dure
s
Pro
gra
m M
anagem
ent
Info
rmat
ion S
ecurity
Pro
gra
m P
lan
Sen
ior
Info
rmat
ion S
ecurity
Offic
er
Info
rmat
ion S
ecurity
Res
ourc
es
Plan
of Act
ion a
nd M
ilest
ones
Pro
cess
Info
rmat
ion S
yste
m I
nve
nto
ry
Info
rmat
ion S
ecurity
Mea
sure
s of Pe
rform
ance
Ente
rprise
Arc
hitec
ture
Critica
l In
fras
truct
ure
Pla
n
Ris
k M
anag
emen
t Str
ateg
y
Sec
urity
Auth
oriza
tion P
roce
ss
Mis
sion
/Busi
nes
s Pr
oces
s D
efin
itio
n
Isid
er T
hre
at P
rogra
m
Info
rmat
ion S
ecurity
Work
forc
e
Tes
ting,
Tra
inin
g,
& M
onitoring
Con
tact
s w
ith S
ecurity
Gro
ups
and A
ssoc
iation
s
Thre
at A
war
enes
s Pr
ogra
m
SI–
06
SI–
07
SI–
08
SI–
09
SI–
10
SI–
11
SI–
12
SI–
13
SI–
14
SI–
15
SI–
16
SI–
17 PM
PM–01
PM–02
PM–03
PM–04
PM–05
PM–06
PM–07
PM–08
PM–09
PM–10
PM–11
PM–12
PM–13
PM–14
PM–15
PM–16
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 68 of 69
Print Date: 3/1/2014, 12:02 PM Mapping of Critical Security Controls (CSC) v4.1 to NIST SP 800‐53 Revision 4 HMAP_53r4_to_CSCv4.1_&_NIST_PUBS
MapNISTSpecialPublication(SP)800–53Revision4toCriticalSecurityControls(CSC)Version4.1andNIST800SeriesSpecialPublications.
CriticalSecurityControls CSC? T
ota
l
Guide to General Server Security SP 800-123
Guidelines on Cell Phone and PDA Security SP 800-124
Guide to Security for Full Virtualization Technologies SP 800-125
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 1
The Technical Specification for the Security Content Automation Protocol (SC SP 800-126 Rev. 2
Guide to Securing WiMAX Wireless Communications SP 800-127
Guide for Security-Focused Configuration Management of Information Syste SP 800-128
DRAFT A Framework for Designing Cryptographic Key Management Systems SP 800-130
Transitions: Recommendation for Transitioning the Use of Cryptographic Alg SP 800-131 A
DRAFT Transitions: Validation of Transitioning Cryptographic Algorithm and SP 800-131 B
DRAFT Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 SP 800-131 C
Recommendation for Password-Based Key Derivation Part 1: Storage Applica SP 800-132
DRAFT Recommendation for Cryptographic Key Generation SP 800-133
Recommendation for Existing Application-Specific Key Derivation Functions SP 800-135 Rev. 1
Information Security Continuous Monitoring for Federal Information Systems SP 800-137
Practical Combinatorial Testing SP 800-142
Guidelines on Security and Privacy in Public Cloud Computing SP 800-144
A NIST Definition of Cloud Computing SP 800-145
Cloud Computing Synopsis and Recommendations SP 800-146
Basic Input/Output System (BIOS) Protection Guidelines SP 800-147
Guidelines for Securing Wireless Local Area Networks (WLANs) SP 800-153
DRAFT BIOS Integrity Measurement Guidelines SP 800-155
Sec
urity
Funct
ion V
erific
atio
n
Soft
war
e, F
irm
war
e, a
nd I
nfo
rmat
ion I
nte
grity
Spam
Pro
tect
ion
Withdra
wn
Info
rmat
ion I
nput
Val
idat
ion
Err
or
Han
dlin
g
Info
rmat
ion H
andlin
g a
nd R
eten
tion
Pred
icta
ble
Fai
lure
Pre
vention
Non–Pe
rsis
tence
Info
rmat
ion O
utp
ut
Filter
ing
Mem
ory
Pro
tect
ion
Fail–
Saf
e Pr
oce
dure
s
Pro
gra
m M
anagem
ent
Info
rmat
ion S
ecurity
Pro
gra
m P
lan
Sen
ior
Info
rmat
ion S
ecurity
Offic
er
Info
rmat
ion S
ecurity
Res
ourc
es
Plan
of Act
ion a
nd M
ilest
ones
Pro
cess
Info
rmat
ion S
yste
m I
nve
nto
ry
Info
rmat
ion S
ecurity
Mea
sure
s of Pe
rform
ance
Ente
rprise
Arc
hitec
ture
Critica
l In
fras
truct
ure
Pla
n
Ris
k M
anag
emen
t Str
ateg
y
Sec
urity
Auth
oriza
tion P
roce
ss
Mis
sion
/Busi
nes
s Pr
oces
s D
efin
itio
n
Isid
er T
hre
at P
rogra
m
Info
rmat
ion S
ecurity
Work
forc
e
Tes
ting,
Tra
inin
g,
& M
onitoring
Con
tact
s w
ith S
ecurity
Gro
ups
and A
ssoc
iation
s
Thre
at A
war
enes
s Pr
ogra
m
SI–
06
SI–
07
SI–
08
SI–
09
SI–
10
SI–
11
SI–
12
SI–
13
SI–
14
SI–
15
SI–
16
SI–
17 PM
PM–01
PM–02
PM–03
PM–04
PM–05
PM–06
PM–07
PM–08
PM–09
PM–10
PM–11
PM–12
PM–13
PM–14
PM–15
PM–16
Critical Security Controls v4 1 Mapped to NIST 800‐53 rev4‐Final_R6.xlsx Page 69 of 69
