Skip to content

Instantly share code, notes, and snippets.

@DavidHoenisch

DavidHoenisch/gist:e73be30e69a1f94c01e346188ddd8b6b

Created July 18, 2024 18:25
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save DavidHoenisch/e73be30e69a1f94c01e346188ddd8b6b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save DavidHoenisch/e73be30e69a1f94c01e346188ddd8b6b to your computer and use it in GitHub Desktop.
Download ZIP
NIST SP 800-171 to NIST SP 800-53 mappings
Raw
gistfile0.txt
{
"171 Rev": "2",
"generated": "2024-07-18 11:24:35.990610",
"mappings": [
{
"index": 0,
"NIST 800-171 Control Number": "3.1.1",
"Control Family": "Access Control",
"Control Text": "Limit system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).",
"NIST 800-53 Mapping": "AC-2, AC-3, AC-17"
},
{
"index": 1,
"NIST 800-171 Control Number": "3.1.2",
"Control Family": "Access Control",
"Control Text": "Limit system access to the types of transactions and functions that authorized users are permitted to execute.",
"NIST 800-53 Mapping": "AC-2, AC-3, AC-17"
},
{
"index": 2,
"NIST 800-171 Control Number": "3.1.3",
"Control Family": "Access Control",
"Control Text": "Control the flow of CUI in accordance with approved authorizations.",
"NIST 800-53 Mapping": "AC-4"
},
{
"index": 3,
"NIST 800-171 Control Number": "3.1.4",
"Control Family": "Access Control",
"Control Text": "Separate the duties of individuals to reduce the risk of malevolent activity without collusion.",
"NIST 800-53 Mapping": "AC-5"
},
{
"index": 4,
"NIST 800-171 Control Number": "3.1.5",
"Control Family": "Access Control",
"Control Text": "Employ the principle of least privilege, including for specific security functions and privileged accounts.",
"NIST 800-53 Mapping": "AC-6, AC-6(1), AC-6(5)"
},
{
"index": 5,
"NIST 800-171 Control Number": "3.1.6",
"Control Family": "Access Control",
"Control Text": "Use non-privileged accounts or roles when accessing nonsecurity functions.",
"NIST 800-53 Mapping": "AC-6(2)"
},
{
"index": 6,
"NIST 800-171 Control Number": "3.1.7",
"Control Family": "Access Control",
"Control Text": "Prevent non-privileged users from executing privileged functions and audit the execution of such functions in audit logs.",
"NIST 800-53 Mapping": "AC-6(9), AC-6(10)"
},
{
"index": 7,
"NIST 800-171 Control Number": "3.1.8",
"Control Family": "Access Control",
"Control Text": "Limit unsuccessful logon attempts.",
"NIST 800-53 Mapping": "AC-7"
},
{
"index": 8,
"NIST 800-171 Control Number": "3.1.9",
"Control Family": "Access Control",
"Control Text": "Provide privacy and security notices consistent with applicable CUI rules.",
"NIST 800-53 Mapping": "AC-9"
},
{
"index": 9,
"NIST 800-171 Control Number": "3.1.10",
"Control Family": "Access Control",
"Control Text": "Use session lock with pattern-hiding displays to prevent access/viewing of data after period of inactivity.",
"NIST 800-53 Mapping": "AC-11, AC-11(1)"
},
{
"index": 10,
"NIST 800-171 Control Number": "3.1.11",
"Control Family": "Access Control",
"Control Text": "Terminate (automatically) a user session after a defined condition.",
"NIST 800-53 Mapping": "AC-12"
},
{
"index": 11,
"NIST 800-171 Control Number": "3.1.12",
"Control Family": "Access Control",
"Control Text": "Monitor and control remote access sessions.",
"NIST 800-53 Mapping": "AC-17(1)"
},
{
"index": 12,
"NIST 800-171 Control Number": "3.1.13",
"Control Family": "Access Control",
"Control Text": "Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.",
"NIST 800-53 Mapping": "AC-17(2)"
},
{
"index": 13,
"NIST 800-171 Control Number": "3.1.14",
"Control Family": "Access Control",
"Control Text": "Route remote access via managed access control points.",
"NIST 800-53 Mapping": "AC-17(3)"
},
{
"index": 14,
"NIST 800-171 Control Number": "3.1.15",
"Control Family": "Access Control",
"Control Text": "Authorize remote execution of privileged commands and remote access to security-relevant information.",
"NIST 800-53 Mapping": "AC-17(4)"
},
{
"index": 15,
"NIST 800-171 Control Number": "3.1.16",
"Control Family": "Access Control",
"Control Text": "Authorize wireless access prior to allowing such connections.",
"NIST 800-53 Mapping": "AC-18"
},
{
"index": 16,
"NIST 800-171 Control Number": "3.1.17",
"Control Family": "Access Control",
"Control Text": "Protect wireless access using authentication and encryption.",
"NIST 800-53 Mapping": "AC-18(1)"
},
{
"index": 17,
"NIST 800-171 Control Number": "3.1.18",
"Control Family": "Access Control",
"Control Text": "Control connection of mobile devices.",
"NIST 800-53 Mapping": "AC-19"
},
{
"index": 18,
"NIST 800-171 Control Number": "3.1.19",
"Control Family": "Access Control",
"Control Text": "Encrypt CUI on mobile devices.",
"NIST 800-53 Mapping": "AC-19(5)"
},
{
"index": 19,
"NIST 800-171 Control Number": "3.1.20",
"Control Family": "Access Control",
"Control Text": "Verify and control/limit connections to and use of external information systems.",
"NIST 800-53 Mapping": "AC-20, AC-20(1)"
},
{
"index": 20,
"NIST 800-171 Control Number": "3.1.21",
"Control Family": "Access Control",
"Control Text": "Limit use of portable storage devices on external systems.",
"NIST 800-53 Mapping": "AC-20(2)"
},
{
"index": 21,
"NIST 800-171 Control Number": "3.1.22",
"Control Family": "Access Control",
"Control Text": "Control CUI posted or processed on publicly accessible systems.",
"NIST 800-53 Mapping": "AC-22"
},
{
"index": 22,
"NIST 800-171 Control Number": "3.2.1",
"Control Family": "Awareness and Training",
"Control Text": "Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.",
"NIST 800-53 Mapping": "AT-2, AT-3"
},
{
"index": 23,
"NIST 800-171 Control Number": "3.2.2",
"Control Family": "Awareness and Training",
"Control Text": "Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities.",
"NIST 800-53 Mapping": "AT-2, AT-3"
},
{
"index": 24,
"NIST 800-171 Control Number": "3.2.3",
"Control Family": "Awareness and Training",
"Control Text": "Provide security awareness training on recognizing and reporting potential indicators of insider threat.",
"NIST 800-53 Mapping": "AT-2(2)"
},
{
"index": 25,
"NIST 800-171 Control Number": "3.3.1",
"Control Family": "Audit and Accountability",
"Control Text": "Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful unauthorized system activity.",
"NIST 800-53 Mapping": "AU-2, AU-3, AU-3(1), AU-6, AU-12"
},
{
"index": 26,
"NIST 800-171 Control Number": "3.3.2",
"Control Family": "Audit and Accountability",
"Control Text": "Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.",
"NIST 800-53 Mapping": "AU-2, AU-3, AU-3(1), AU-6, AU-12"
},
{
"index": 27,
"NIST 800-171 Control Number": "3.3.3",
"Control Family": "Audit and Accountability",
"Control Text": "Review and update events.",
"NIST 800-53 Mapping": "AU-2(3)"
},
{
"index": 28,
"NIST 800-171 Control Number": "3.3.4",
"Control Family": "Audit and Accountability",
"Control Text": "Alert in the event of an audit process failure.",
"NIST 800-53 Mapping": "AU-5"
},
{
"index": 29,
"NIST 800-171 Control Number": "3.3.5",
"Control Family": "Audit and Accountability",
"Control Text": "Correlate audit review, analysis, and reporting processes for investigation and response to indications of suspicious, or unusual activity.",
"NIST 800-53 Mapping": "AU-6(1), AU-6(3)"
},
{
"index": 30,
"NIST 800-171 Control Number": "3.3.6",
"Control Family": "Audit and Accountability",
"Control Text": "Provide audit reduction and report generation to support on-demand analysis and reporting.",
"NIST 800-53 Mapping": "AU-7"
},
{
"index": 31,
"NIST 800-171 Control Number": "3.3.7",
"Control Family": "Audit and Accountability",
"Control Text": "Provide system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.",
"NIST 800-53 Mapping": "AU-8, AU-8(1)"
},
{
"index": 32,
"NIST 800-171 Control Number": "3.3.8",
"Control Family": "Audit and Accountability",
"Control Text": "Protect audit information and audit tools from unauthorized access, modification, and deletion.",
"NIST 800-53 Mapping": "AU-9"
},
{
"index": 33,
"NIST 800-171 Control Number": "3.3.9",
"Control Family": "Audit and Accountability",
"Control Text": "Limit management of audit functionality to a subset of privileged users.",
"NIST 800-53 Mapping": "AU-9(4)"
},
{
"index": 34,
"NIST 800-171 Control Number": "3.4.1",
"Control Family": "Configuration Management",
"Control Text": "Establish and maintain baseline configurations and inventories of organizational information systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.",
"NIST 800-53 Mapping": "CM-2, CM-6, CM-8, CM-8(1)"
},
{
"index": 35,
"NIST 800-171 Control Number": "3.4.2",
"Control Family": "Configuration Management",
"Control Text": "Establish and enforce security configuration settings for information technology products employed in organizational systems.",
"NIST 800-53 Mapping": "CM-2, CM-6, CM-8, CM-8(1)"
},
{
"index": 36,
"NIST 800-171 Control Number": "3.4.3",
"Control Family": "Configuration Management",
"Control Text": "Track, review, approve/ or disapprove, and audit log changes to orgaizational systems.",
"NIST 800-53 Mapping": "CM-3"
},
{
"index": 37,
"NIST 800-171 Control Number": "3.4.4",
"Control Family": "Configuration Management",
"Control Text": "Analyze the security impact of changes prior to implementation.",
"NIST 800-53 Mapping": "CM-4"
},
{
"index": 38,
"NIST 800-171 Control Number": "3.4.5",
"Control Family": "Configuration Management",
"Control Text": "Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems.",
"NIST 800-53 Mapping": "CM-5"
},
{
"index": 39,
"NIST 800-171 Control Number": "3.4.6",
"Control Family": "Configuration Management",
"Control Text": "Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.",
"NIST 800-53 Mapping": "CM-7"
},
{
"index": 40,
"NIST 800-171 Control Number": "3.4.7",
"Control Family": "Configuration Management",
"Control Text": "Restrict, disable, prevent the use of nonessential programs, functions, ports, protocols, and services.",
"NIST 800-53 Mapping": "CM-7(1), CM-7(2)"
},
{
"index": 41,
"NIST 800-171 Control Number": "3.4.8",
"Control Family": "Configuration Management",
"Control Text": "Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.",
"NIST 800-53 Mapping": "CM-7(4), CM-7(5)"
},
{
"index": 42,
"NIST 800-171 Control Number": "3.4.9",
"Control Family": "Configuration Management",
"Control Text": "Control and monitor user-installed software.",
"NIST 800-53 Mapping": "CM-11"
},
{
"index": 43,
"NIST 800-171 Control Number": "3.5.1",
"Control Family": "Identification and Authentication",
"Control Text": "Identify system users, processes acting on behalf of users, devices.",
"NIST 800-53 Mapping": "IA-2, IA-5"
},
{
"index": 44,
"NIST 800-171 Control Number": "3.5.2",
"Control Family": "Identification and Authentication",
"Control Text": "Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational systems.",
"NIST 800-53 Mapping": "IA-2, IA-5"
},
{
"index": 45,
"NIST 800-171 Control Number": "3.5.3",
"Control Family": "Identification and Authentication",
"Control Text": "Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.",
"NIST 800-53 Mapping": "IA-2(1), IA-2(2), IA-2(3)"
},
{
"index": 46,
"NIST 800-171 Control Number": "3.5.4",
"Control Family": "Identification and Authentication",
"Control Text": "Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.",
"NIST 800-53 Mapping": "IA-2(8), IA-2(9)"
},
{
"index": 47,
"NIST 800-171 Control Number": "3.5.5",
"Control Family": "Identification and Authentication",
"Control Text": "Prevent reuse of identifiers for a defined period.",
"NIST 800-53 Mapping": "IA-4"
},
{
"index": 48,
"NIST 800-171 Control Number": "3.5.6",
"Control Family": "Identification and Authentication",
"Control Text": "Disable identifiers after a defined period of inactivity.",
"NIST 800-53 Mapping": "IA-4"
},
{
"index": 49,
"NIST 800-171 Control Number": "3.5.7",
"Control Family": "Identification and Authentication",
"Control Text": "Enforce a minimum password complexity and change of characters when new passwords are created.",
"NIST 800-53 Mapping": "IA-5(1)"
},
{
"index": 50,
"NIST 800-171 Control Number": "3.5.8",
"Control Family": "Identification and Authentication",
"Control Text": "Prohibit password reuse for a specified number of generations.",
"NIST 800-53 Mapping": "IA-5(1)"
},
{
"index": 51,
"NIST 800-171 Control Number": "3.5.9",
"Control Family": "Identification and Authentication",
"Control Text": "Allow temporary password use for system logons with an immediate change to a permanent password.",
"NIST 800-53 Mapping": "IA-5(1)"
},
{
"index": 52,
"NIST 800-171 Control Number": "3.5.10",
"Control Family": "Identification and Authentication",
"Control Text": "Store and transmit only cryptographically-protected of passwords.",
"NIST 800-53 Mapping": "IA-5(1)"
},
{
"index": 53,
"NIST 800-171 Control Number": "3.5.11",
"Control Family": "Identification and Authentication",
"Control Text": "Obscure feedback of authentication information.",
"NIST 800-53 Mapping": "IA-5(1)"
},
{
"index": 54,
"NIST 800-171 Control Number": "3.6.1",
"Control Family": "Incident Response",
"Control Text": "Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.",
"NIST 800-53 Mapping": "IR-2, IR-4, IR-5, IR-6, IR-7"
},
{
"index": 55,
"NIST 800-171 Control Number": "3.6.2",
"Control Family": "Incident Response",
"Control Text": "Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.",
"NIST 800-53 Mapping": "IR-2, IR-4, IR-5, IR-6, IR-7"
},
{
"index": 56,
"NIST 800-171 Control Number": "3.6.3",
"Control Family": "Incident Response",
"Control Text": "Test the organizational incident response capability.",
"NIST 800-53 Mapping": "IR-3, IR-3(2)"
},
{
"index": 57,
"NIST 800-171 Control Number": "3.7.1",
"Control Family": "Maintenance",
"Control Text": "Perform maintenance on organizational systems.",
"NIST 800-53 Mapping": "MA-2, MA-3, MA-3(1), MA-3(2)"
},
{
"index": 58,
"NIST 800-171 Control Number": "3.7.2",
"Control Family": "Maintenance",
"Control Text": "Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.",
"NIST 800-53 Mapping": "MA-2, MA-3, MA-3(1), MA-3(2)"
},
{
"index": 59,
"NIST 800-171 Control Number": "3.7.3",
"Control Family": "Maintenance",
"Control Text": "Ensure equipment removed for off-site maintenance is sanitized of any CUI.",
"NIST 800-53 Mapping": "MA-2"
},
{
"index": 60,
"NIST 800-171 Control Number": "3.7.4",
"Control Family": "Maintenance",
"Control Text": "Check media containing diagnostic and test programs for malicious code before the media are used in the organizational systems.",
"NIST 800-53 Mapping": "MA-3(2)"
},
{
"index": 61,
"NIST 800-171 Control Number": "3.7.5",
"Control Family": "Maintenance",
"Control Text": "Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.",
"NIST 800-53 Mapping": "MA-4"
},
{
"index": 62,
"NIST 800-171 Control Number": "3.7.6",
"Control Family": "Maintenance",
"Control Text": "Supervise the maintenance activities of maintenance personnel without required access authorization.",
"NIST 800-53 Mapping": "MA-5"
},
{
"index": 63,
"NIST 800-171 Control Number": "3.8.1",
"Control Family": "Media Protection",
"Control Text": "Protect (i.e., physically control and securely store) system media containing CUI, both paper and digital.",
"NIST 800-53 Mapping": "MP-2, MP-4, MP-6"
},
{
"index": 64,
"NIST 800-171 Control Number": "3.8.2",
"Control Family": "Media Protection",
"Control Text": "Limit access to CUI on information system media to authorized users.",
"NIST 800-53 Mapping": "MP-2, MP-4, MP-6"
},
{
"index": 65,
"NIST 800-171 Control Number": "3.8.3",
"Control Family": "Media Protection",
"Control Text": "Sanitize or destroy information system media containing CUI before disposal or release for reuse.",
"NIST 800-53 Mapping": "MP-2, MP-4, MP-6"
},
{
"index": 66,
"NIST 800-171 Control Number": "3.8.4",
"Control Family": "Media Protection",
"Control Text": "Mark media with necessary CUI markings and distribution limitations.",
"NIST 800-53 Mapping": "MP-3"
},
{
"index": 67,
"NIST 800-171 Control Number": "3.8.5",
"Control Family": "Media Protection",
"Control Text": "Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas.",
"NIST 800-53 Mapping": "MP-5"
},
{
"index": 68,
"NIST 800-171 Control Number": "3.8.6",
"Control Family": "Media Protection",
"Control Text": "Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards.",
"NIST 800-53 Mapping": "MP-5(4)"
},
{
"index": 69,
"NIST 800-171 Control Number": "3.8.7",
"Control Family": "Media Protection",
"Control Text": "Control the use of removable media on system components.",
"NIST 800-53 Mapping": "MP-7"
},
{
"index": 70,
"NIST 800-171 Control Number": "3.8.8",
"Control Family": "Media Protection",
"Control Text": "Prohibit the use of portable storage devices when such devices have no identifiable owner.",
"NIST 800-53 Mapping": "MP-7(1)"
},
{
"index": 71,
"NIST 800-171 Control Number": "3.8.9",
"Control Family": "Media Protection",
"Control Text": "Protect the confidentiality of backup CUI at storage locations.",
"NIST 800-53 Mapping": "CP-9"
},
{
"index": 72,
"NIST 800-171 Control Number": "3.9.1",
"Control Family": "Personnel Security",
"Control Text": "Screen individuals prior to authorizing access to organizational systems containing CUI.",
"NIST 800-53 Mapping": "PS-3, PS-4, PS-5"
},
{
"index": 73,
"NIST 800-171 Control Number": "3.9.2",
"Control Family": "Personnel Security",
"Control Text": "Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers.",
"NIST 800-53 Mapping": "PS-3, PS-4, PS-5"
},
{
"index": 74,
"NIST 800-171 Control Number": "3.10.1",
"Control Family": "Physical Protection",
"Control Text": "Limit physical access to organizational systems, equipment, and the respective operating environments to authorized individuals.",
"NIST 800-53 Mapping": "PE-2, PE-5, PE-6"
},
{
"index": 75,
"NIST 800-171 Control Number": "3.10.2",
"Control Family": "Physical Protection",
"Control Text": "Protect and monitor the physical facility and support infrastructure for organizational systems.",
"NIST 800-53 Mapping": "PE-2, PE-5, PE-6"
},
{
"index": 76,
"NIST 800-171 Control Number": "3.10.3",
"Control Family": "Physical Protection",
"Control Text": "Escort visitors and monitor visitor activity.",
"NIST 800-53 Mapping": "PE-3"
},
{
"index": 77,
"NIST 800-171 Control Number": "3.10.4",
"Control Family": "Physical Protection",
"Control Text": "Maintain audit logs of physical access.",
"NIST 800-53 Mapping": "PE-3"
},
{
"index": 78,
"NIST 800-171 Control Number": "3.10.5",
"Control Family": "Physical Protection",
"Control Text": "Control and manage physical access devices.",
"NIST 800-53 Mapping": "PE-3"
},
{
"index": 79,
"NIST 800-171 Control Number": "3.10.6",
"Control Family": "Physical Protection",
"Control Text": "Enforce safeguarding measures for CUI at alternate work sites.",
"NIST 800-53 Mapping": "PE-17"
},
{
"index": 80,
"NIST 800-171 Control Number": "3.11.1",
"Control Family": "Risk Assessment",
"Control Text": "Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI.",
"NIST 800-53 Mapping": "RA-3"
},
{
"index": 81,
"NIST 800-171 Control Number": "3.11.2",
"Control Family": "Risk Assessment",
"Control Text": "Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.",
"NIST 800-53 Mapping": "RA-5, RA-5(5)"
},
{
"index": 82,
"NIST 800-171 Control Number": "3.11.3",
"Control Family": "Risk Assessment",
"Control Text": "Remediate vulnerabilities in accordance with risk assessments.",
"NIST 800-53 Mapping": "RA-5"
},
{
"index": 83,
"NIST 800-171 Control Number": "3.12.1",
"Control Family": "Security Assessment",
"Control Text": "Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.",
"NIST 800-53 Mapping": "CA-2, CA-5, CA-7"
},
{
"index": 84,
"NIST 800-171 Control Number": "3.12.2",
"Control Family": "Security Assessment",
"Control Text": "Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.",
"NIST 800-53 Mapping": "CA-2, CA-5, CA-7"
},
{
"index": 85,
"NIST 800-171 Control Number": "3.12.3",
"Control Family": "Security Assessment",
"Control Text": "Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.",
"NIST 800-53 Mapping": "CA-2, CA-5, CA-7"
},
{
"index": 86,
"NIST 800-171 Control Number": "3.12.4",
"Control Family": "Security Assessment",
"Control Text": "Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. ",
"NIST 800-53 Mapping": "PL-2"
},
{
"index": 87,
"NIST 800-171 Control Number": "3.13.1",
"Control Family": "System and Communications Protection",
"Control Text": "Monitor, control, and protect l communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.",
"NIST 800-53 Mapping": "SC-7, SA-8"
},
{
"index": 88,
"NIST 800-171 Control Number": "3.13.2",
"Control Family": "System and Communications Protection",
"Control Text": "Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.",
"NIST 800-53 Mapping": "SC-7, SA-8"
},
{
"index": 89,
"NIST 800-171 Control Number": "3.13.3",
"Control Family": "System and Communications Protection",
"Control Text": "Separate user functionality from information system management functionality.",
"NIST 800-53 Mapping": "SC-2"
},
{
"index": 90,
"NIST 800-171 Control Number": "3.13.4",
"Control Family": "System and Communications Protection",
"Control Text": "Prevent unauthorized and unintended information transfer via shared system resources.",
"NIST 800-53 Mapping": "SC-4"
},
{
"index": 91,
"NIST 800-171 Control Number": "3.13.5",
"Control Family": "System and Communications Protection",
"Control Text": "Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.",
"NIST 800-53 Mapping": "SC-7, SA-8"
},
{
"index": 92,
"NIST 800-171 Control Number": "3.13.6",
"Control Family": "System and Communications Protection",
"Control Text": "Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).",
"NIST 800-53 Mapping": "SC-7(5)"
},
{
"index": 93,
"NIST 800-171 Control Number": "3.13.7",
"Control Family": "System and Communications Protection",
"Control Text": "Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).",
"NIST 800-53 Mapping": "SC-7(7)"
},
{
"index": 94,
"NIST 800-171 Control Number": "3.13.8",
"Control Family": "System and Communications Protection",
"Control Text": "Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards.",
"NIST 800-53 Mapping": "SC-8, SC-8(1)"
},
{
"index": 95,
"NIST 800-171 Control Number": "3.13.9",
"Control Family": "System and Communications Protection",
"Control Text": "Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.",
"NIST 800-53 Mapping": "SC-10"
},
{
"index": 96,
"NIST 800-171 Control Number": "3.13.10",
"Control Family": "System and Communications Protection",
"Control Text": "Establish and manage cryptographic keys for cryptography employed in the organizational systems.",
"NIST 800-53 Mapping": "SC-12"
},
{
"index": 97,
"NIST 800-171 Control Number": "3.13.11",
"Control Family": "System and Communications Protection",
"Control Text": "Employ FIPS-validated cryptography when used to protect the confidentiality of CUI.",
"NIST 800-53 Mapping": "SC-13"
},
{
"index": 98,
"NIST 800-171 Control Number": "3.13.12",
"Control Family": "System and Communications Protection",
"Control Text": "Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.",
"NIST 800-53 Mapping": "SC-15"
},
{
"index": 99,
"NIST 800-171 Control Number": "3.13.13",
"Control Family": "System and Communications Protection",
"Control Text": "Control and monitor the use of mobile code.",
"NIST 800-53 Mapping": "SC-18"
},
{
"index": 100,
"NIST 800-171 Control Number": "3.13.14",
"Control Family": "System and Communications Protection",
"Control Text": "Control and monitor the use of Voice over Internet Protocol (VoIP) technologies.",
"NIST 800-53 Mapping": "SC-19"
},
{
"index": 101,
"NIST 800-171 Control Number": "3.13.15",
"Control Family": "System and Communications Protection",
"Control Text": "Protect the authenticity of communications sessions.",
"NIST 800-53 Mapping": "SC-23"
},
{
"index": 102,
"NIST 800-171 Control Number": "3.13.16",
"Control Family": "System and Communications Protection",
"Control Text": "Protect the confidentiality of CUI at rest.",
"NIST 800-53 Mapping": "SC-28"
},
{
"index": 103,
"NIST 800-171 Control Number": "3.14.1",
"Control Family": "System and Information Integrity",
"Control Text": "Identify, report, and correct system flaws in a timely manner.",
"NIST 800-53 Mapping": "SI-2, SI-3, SI-5"
},
{
"index": 104,
"NIST 800-171 Control Number": "3.14.2",
"Control Family": "System and Information Integrity",
"Control Text": "Provide protection from malicious code at designated locations within organizational systems.",
"NIST 800-53 Mapping": "SI-2, SI-3, SI-5"
},
{
"index": 105,
"NIST 800-171 Control Number": "3.14.3",
"Control Family": "System and Information Integrity",
"Control Text": "Monitor system security alerts and advisories and take actions in response.",
"NIST 800-53 Mapping": "SI-2, SI-3, SI-5"
},
{
"index": 106,
"NIST 800-171 Control Number": "3.14.4",
"Control Family": "System and Information Integrity",
"Control Text": "Update malicious code protection mechanisms when new releases are available.",
"NIST 800-53 Mapping": "SI-3"
},
{
"index": 107,
"NIST 800-171 Control Number": "3.14.5",
"Control Family": "System and Information Integrity",
"Control Text": "Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed.",
"NIST 800-53 Mapping": "SI-3"
},
{
"index": 108,
"NIST 800-171 Control Number": "3.14.6",
"Control Family": "System and Information Integrity",
"Control Text": "Monitor organizational systems including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.",
"NIST 800-53 Mapping": "SI-4, SI-4(4)"
},
{
"index": 109,
"NIST 800-171 Control Number": "3.14.7",
"Control Family": "System and Information Integrity",
"Control Text": "Identify unauthorized use of organizational systems.",
"NIST 800-53 Mapping": "SI-4"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment