CSF Publications

LAWS AND EXECUTIVE ORDERS

Executive Order 13636 – Improving Critical Infrastructure Cybersecurity

Executive Order 13800 – Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

INTERNATIONAL STANDARDS ORGANIZATION (ISO)

ISO/IEC 27005:2011 guidelines for information security risk management. *Purchase Required* International Organization for Standardization (ISO) 31000:2018 “Risk Management Guidelines” *Purchase Required*

NIST SPECIAL PUBLICATIONS (SP)

NIST Special Publication 800-53 Revision 4

NIST Special Publication 800-53 Revision 5

NISTIR 8183 Revision 1 Cybersecurity Framework Version 1.1 Manufacturing Profile

NIST SP 800-171 (CUI) for Federal Systems

NIST Handbook 162 NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements

NIST SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171

Mapping between the Cybersecurity Framework (CSF) Subcategories and the Controlled Unclassified Information (CUI) Requirements in NIST Special Publication (SP) 800-171

NIST Special Publication 800-171 Revision 2: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

CIS-Controls-V7.1-Mapping-to-NIST-CSF

HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework

Baldrige Cybersecurity Excellence Builder Self-Assessment

Secure-Controls-Framework-SCFv2023.2-to-CSF-V1.1 Informative Reference Details

C2M2-v2.1-to-CSF-Framework-v1.1 Informative Reference Details

NIST PRIVACY FRAMEWORK: AN ENTERPRISE RISK MANAGEMENT TOOL

An Introduction to Privacy Engineering and Risk Management in Federal Systems

Approaches for Federal Agencies to Use the Cybersecurity Framework

Notional Supply Chain Risk Management Practices for Federal Information Systems

CENTER FOR INTERNET SECURITY

CIS Controls Version 7.1

MISCELLANEOUS

ISA 62443-2-1:2009 & ISA 62443-3-3:2013 *Purchase Required* COBIT 5 *Purchase Required*

Energy Sector Cybersecurity Framework Implementation Guidance

See also:

Recent Posts / View All Posts

RMF Alignment with the ISC2 CGRC Exam

Kathryn Daily | Uncategorized | No Comments

By Kathryn Daily, CISSP, CGRC (Formerly CAP), RDRP BAI’s training programs were developed with the information systems professional in mind. NIST’s Risk Management Framework is one of the most widely used governance, risk and compliance frameworks in the nation and forms the core of the ISC2 CGRC Exam Content (for…

Which Security Controls Are Required? A Definitive Answer

Kathryn Daily | Uncategorized | No Comments

By Amanda Lowell, Security+CE, RDRP Folks frequently reach out to BAI to ask, “Which security controls are required for X kind of DoD system?” It’s a valid question that can also be indicative of a common misconception. The short answer is, you will have certain control overlays for your information…

RMF vs CSF: Which is better?

Kathryn Daily | Uncategorized | No Comments

By Kathryn Daily, CISSP, CGRC, RDRP I know it’s a catchy headline, but it’s the wrong question to ask. NIST RMF and CSF are two totally different animals with a different purpose. NIST RMF is primarily focused on managing overall organizational risk, providing a structured approach…