This document describes the National Institute of Standards and Technology’s (NIST’s) approach to mapping the elements of documentary standards, regulations, frameworks, and guidelines to a particular NIST publication, such as Cybersecurity Framework (CSF) Subcategories or SP 800-53r5 controls. This approach is to be used to map relationships involving NIST cybersecurity and privacy publications that will be submitted via the NIST National Online Informative References (OLIR) process and hosted on NIST’s online Cybersecurity and Privacy Reference Tool (CPRT). The approach provides flexibility to capture relationships for various levels of concepts and in different degrees of detail in human-consumable, machine-readable formats. The approach has been informed by concept system and terminology standards, as well as experience with what information the security and privacy community would find most valuable.
This document describes the National Institute of Standards and Technology’s (NIST’s) approach to mapping the elements of documentary standards, regulations, frameworks, and guidelines to a particular NIST publication, such as Cybersecurity Framework (CSF) Subcategories or SP 800-53r5 controls. This...
See full abstract
This document describes the National Institute of Standards and Technology’s (NIST’s) approach to mapping the elements of documentary standards, regulations, frameworks, and guidelines to a particular NIST publication, such as Cybersecurity Framework (CSF) Subcategories or SP 800-53r5 controls. This approach is to be used to map relationships involving NIST cybersecurity and privacy publications that will be submitted via the NIST National Online Informative References (OLIR) process and hosted on NIST’s online Cybersecurity and Privacy Reference Tool (CPRT). The approach provides flexibility to capture relationships for various levels of concepts and in different degrees of detail in human-consumable, machine-readable formats. The approach has been informed by concept system and terminology standards, as well as experience with what information the security and privacy community would find most valuable.
Hide full abstract