Does anyone know of a list that's being maintained (or at least that's been created) of mappings and add-ons folks have done to/for the framework so far? I've seen plenty floating around, but it seems like keeping track of the public ones would be helpful (I sure could use such a list right now myself).
List of Existing Mappings and Add-Ons?
Posted 12 January 2015 - 03:39 PM
Appendix A of the Energy Sector Cybersecurity Framework Implementation Guidance contains the mapping from C2M2 to the Cybersecurity Framework. The document is located here.
There are several articles referencing additional mappings. The recent UTC Journal, 4th Quarter 2014 edition, contains an article, "NIST Cybersecurity Framework Grows Up" from Nadya Bartol that references mappings from the North American Energy Reliability Corporation (NERC) Critical Infrastructure Sector (CIP) Version 3 and Version 5 to the Cybersecurity Framework. The HITRUST Alliance stated they completed a mapping between the Common Security Framework (CSF) and HIPAA to the Cybersecurity Framework per Dr. Cline; see "CSF Support for HIPAA and NIST Implementation and Compliance." I've also seen articles referencing SOC II and PCI mappings to the Framework, but I haven't been able to locate the actual mappings.
I agree this would be a great thread to include and track mappings as they are made available to the public and/or a reference list of the POCs that maintain the mappings if the mappings are controlled.
Posted 10 March 2015 - 05:46 AM
It isn't meant to be exhaustive and I don't yet know how often it will be updated, but there might be some helpful information there.
Posted 28 April 2017 - 09:50 AM
Hi Jack,Tom, Greg;
You may be familiar with our member's use of the Common Controls Hub which is not only the largest database of external regulatory requirements, but also contains comprehensive and detailed GRC configuration capabilities. Please opt-in for free at http://grcsphere.pwc...com/select-role and we will provision an account for you. Again, no charge.
We are looking forward to the release of the Mapper which supersedes all the work we have done in the past on spreadsheets, but does not obsolete our own mapping work.
For those more technically inclined, we have a graphical programming tool that offers expert system support and we are using this Member facility to build advanced NIST CSF tools for industry-driven crowdsourcing and benchmarking. We have a foundation paper on this if you're interested.
Reply to this topic
0 user(s) are reading this topic
0 users, 0 guests, 0 anonymous users