Soumettre la recherche
Mettre en ligne
NIST NVD REV 4 Security Controls Online Database Analysis
•
1 j'aime
•
1,372 vues
James W. De Rienzo
Suivre
NIST SP 800-53 Revision 4 Security Controls Data Analysis
Lire moins
Lire la suite
Données & analyses
Signaler
Partager
Signaler
Partager
1 sur 4
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
James W. De Rienzo
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4
James W. De Rienzo
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
James W. De Rienzo
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
James W. De Rienzo
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
James W. De Rienzo
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
Tala Tek NIST_rev4-final
Tala Tek NIST_rev4-final
Baan
Risk Presentation (2)
Risk Presentation (2)
Kathy_67
Recommandé
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
Map Critical Security Controls (CSC) v5.0 to NIST SP 800-53 Revision 4 (Summa...
James W. De Rienzo
Rmf step-3-control-selection-nist-sp-800-53r4
Rmf step-3-control-selection-nist-sp-800-53r4
James W. De Rienzo
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
(1a) map csc 5 to nist sp 800 53 rev 4 (security control table portrait) 2014...
James W. De Rienzo
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
(2) map csc 5 to nist sp 800 53 rev 4 (controls & enhancements) 20140804
James W. De Rienzo
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
(1b) Map CSC v5.0 to NIST SP 800 53 Revision 4 (security control table landsc...
James W. De Rienzo
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
Tala Tek NIST_rev4-final
Tala Tek NIST_rev4-final
Baan
Risk Presentation (2)
Risk Presentation (2)
Kathy_67
When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?
ISA Interchange
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
Mowaten Masry
Edwards Signaling E-FSA64RD Installation Manual
Edwards Signaling E-FSA64RD Installation Manual
JMAC Supply
DefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_Larsen
Marina Krotofil
55419663 burner-management-system
55419663 burner-management-system
Mowaten Masry
Scada Security & Penetration Testing
Scada Security & Penetration Testing
Ahmed Sherif
Sil 1 (1)1
Sil 1 (1)1
Affan Sadiq MIChemE CEng
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
Marina Krotofil
71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation
Mowaten Masry
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling Industry
Lloyd's Register Energy
Sil presentation
Sil presentation
Valeriano Barrilà
SCADA Presentation
SCADA Presentation
Eric Favetta
BTS Key Mgt
BTS Key Mgt
Mahmudul Hassan
SIL in de praktjk (functional Safety)
SIL in de praktjk (functional Safety)
ie-net ingenieursvereniging vzw
Industrial Sales Presentation
Industrial Sales Presentation
ExpertsLogicTechnolo
MKAD_black_V2
MKAD_black_V2
Marina Krotofil
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
Yehia Mamdouh
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
Emerson Exchange
BlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINAL
Marina Krotofil
presentation_sas2016_V3
presentation_sas2016_V3
Marina Krotofil
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
James W. De Rienzo
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
James W. De Rienzo
Contenu connexe
Tendances
When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?
ISA Interchange
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
Mowaten Masry
Edwards Signaling E-FSA64RD Installation Manual
Edwards Signaling E-FSA64RD Installation Manual
JMAC Supply
DefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_Larsen
Marina Krotofil
55419663 burner-management-system
55419663 burner-management-system
Mowaten Masry
Scada Security & Penetration Testing
Scada Security & Penetration Testing
Ahmed Sherif
Sil 1 (1)1
Sil 1 (1)1
Affan Sadiq MIChemE CEng
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
Marina Krotofil
71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation
Mowaten Masry
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling Industry
Lloyd's Register Energy
Sil presentation
Sil presentation
Valeriano Barrilà
SCADA Presentation
SCADA Presentation
Eric Favetta
BTS Key Mgt
BTS Key Mgt
Mahmudul Hassan
SIL in de praktjk (functional Safety)
SIL in de praktjk (functional Safety)
ie-net ingenieursvereniging vzw
Industrial Sales Presentation
Industrial Sales Presentation
ExpertsLogicTechnolo
MKAD_black_V2
MKAD_black_V2
Marina Krotofil
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
Yehia Mamdouh
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
Emerson Exchange
BlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINAL
Marina Krotofil
presentation_sas2016_V3
presentation_sas2016_V3
Marina Krotofil
Tendances
(20)
When is a SIL Rating of a Valve Required?
When is a SIL Rating of a Valve Required?
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
Edwards Signaling E-FSA64RD Installation Manual
Edwards Signaling E-FSA64RD Installation Manual
DefCon_2015_Slides_Krotofil_Larsen
DefCon_2015_Slides_Krotofil_Larsen
55419663 burner-management-system
55419663 burner-management-system
Scada Security & Penetration Testing
Scada Security & Penetration Testing
Sil 1 (1)1
Sil 1 (1)1
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
"Man-in-the-SCADA": Anatomy of Data Integrity Attacks in Industrial Control S...
71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation
Functional Safety (SIL) in the Subsea and Drilling Industry
Functional Safety (SIL) in the Subsea and Drilling Industry
Sil presentation
Sil presentation
SCADA Presentation
SCADA Presentation
BTS Key Mgt
BTS Key Mgt
SIL in de praktjk (functional Safety)
SIL in de praktjk (functional Safety)
Industrial Sales Presentation
Industrial Sales Presentation
MKAD_black_V2
MKAD_black_V2
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
SIS “Final Element” Diagnostics Including The SOV, Using A Digital Valve Cont...
BlackHat_2015_Slides_Krotofil_FINAL
BlackHat_2015_Slides_Krotofil_FINAL
presentation_sas2016_V3
presentation_sas2016_V3
En vedette
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
James W. De Rienzo
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
James W. De Rienzo
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
James W. De Rienzo
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
James W. De Rienzo
L'uso dei Social Media tra i Giuristi d'Impresa
L'uso dei Social Media tra i Giuristi d'Impresa
Segretaria24.it (Deutsche Bureau AG)
Program za cjeloživotno učenje Comenius
Program za cjeloživotno učenje Comenius
Pogled kroz prozor
Insight Appstore Optimization - Matthaus Michalik, AKM3
Insight Appstore Optimization - Matthaus Michalik, AKM3
DroidConTLV
Mantenimiento de hardware
Mantenimiento de hardware
Jimer Velasquez
Tenerife abp equipos directivos_septiembre2016_desktop
Tenerife abp equipos directivos_septiembre2016_desktop
CEPTENERIFESUR
Kids consult!
Kids consult!
consultkids
FiberCorp -Sebastián Borghello
FiberCorp -Sebastián Borghello
Eventos_PrinceCooke
Smc Zee 18july09
Smc Zee 18july09
Harsh Arun
Promendoza em binos_china2011
Promendoza em binos_china2011
Barby Del Pópolo
Repositorio de imagenes imageshack
Repositorio de imagenes imageshack
feditic
Programa Ponencias 28-09-2012
Programa Ponencias 28-09-2012
SEEIC Sociedad Española Electromedicina e Ingenieria Clinica
Revista ContactForum No. 56 Edición Noviembre - Diciembre, Personalidades de ...
Revista ContactForum No. 56 Edición Noviembre - Diciembre, Personalidades de ...
SICREA Autofinanciamiento NISSAN
Presentación la caixa jornada de financiación 14 nov 2011
Presentación la caixa jornada de financiación 14 nov 2011
FIAB
Ventajas de Mudar un Software 2D al 3D
Ventajas de Mudar un Software 2D al 3D
Intelligy
ITS 2013 Smart Truck Parking
ITS 2013 Smart Truck Parking
Christian McCarrick
Anales vol 27 2014
Anales vol 27 2014
RACVAO
En vedette
(20)
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
NIST Policy Mapped to 800-53-800-53A-controls-and-objectives (Legal Size)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
Policy. FedRAMP Security Assessment Plan (SAP) Template, Policy and Procedure...
L'uso dei Social Media tra i Giuristi d'Impresa
L'uso dei Social Media tra i Giuristi d'Impresa
Program za cjeloživotno učenje Comenius
Program za cjeloživotno učenje Comenius
Insight Appstore Optimization - Matthaus Michalik, AKM3
Insight Appstore Optimization - Matthaus Michalik, AKM3
Mantenimiento de hardware
Mantenimiento de hardware
Tenerife abp equipos directivos_septiembre2016_desktop
Tenerife abp equipos directivos_septiembre2016_desktop
Kids consult!
Kids consult!
FiberCorp -Sebastián Borghello
FiberCorp -Sebastián Borghello
Smc Zee 18july09
Smc Zee 18july09
Promendoza em binos_china2011
Promendoza em binos_china2011
Repositorio de imagenes imageshack
Repositorio de imagenes imageshack
Programa Ponencias 28-09-2012
Programa Ponencias 28-09-2012
Revista ContactForum No. 56 Edición Noviembre - Diciembre, Personalidades de ...
Revista ContactForum No. 56 Edición Noviembre - Diciembre, Personalidades de ...
Presentación la caixa jornada de financiación 14 nov 2011
Presentación la caixa jornada de financiación 14 nov 2011
Ventajas de Mudar un Software 2D al 3D
Ventajas de Mudar un Software 2D al 3D
ITS 2013 Smart Truck Parking
ITS 2013 Smart Truck Parking
Anales vol 27 2014
Anales vol 27 2014
Similaire à NIST NVD REV 4 Security Controls Online Database Analysis
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
stilliegeorgiana
I phone 5 full Schematic Diagram 820 3141-b
I phone 5 full Schematic Diagram 820 3141-b
diyfix phone
Fmea
Fmea
varadharajan nvaradharajan1971
Automated FMECA Technology for Tomorrow
Automated FMECA Technology for Tomorrow
Mads Grahl-Madsen
H2O World - PAAS: Predictive Analytics offered as a Service - Prateem Mandal
H2O World - PAAS: Predictive Analytics offered as a Service - Prateem Mandal
Sri Ambati
CSA CCM V3.0CLOUD CONTROLS MATRIX VERSION 3.0Control DomainCCM V3..docx
CSA CCM V3.0CLOUD CONTROLS MATRIX VERSION 3.0Control DomainCCM V3..docx
mydrynan
10004455533
10004455533
Oscar Daniel González Aguirre
pdfcoffee.com_otis-gen-2-regen-baa21000h-plano-7-pdf-free (1).pptx
pdfcoffee.com_otis-gen-2-regen-baa21000h-plano-7-pdf-free (1).pptx
GustavoJesus32
Dual Purpose Generator Set Maintenance Manual
Dual Purpose Generator Set Maintenance Manual
Rimsky Cheng
SmartZone 5.0
SmartZone 5.0
Joseph Auby
SUZUKI G.VITARA AT.pdf
SUZUKI G.VITARA AT.pdf
Miguel Angel Sejas Villarroel
15 - Introduction to Optimization Tools Rev A.ppt
15 - Introduction to Optimization Tools Rev A.ppt
MohamedShabana37
ECS H77H2-M4 rA.pptx
ECS H77H2-M4 rA.pptx
ssusercda6b5
iaf.pptx
iaf.pptx
ssuserdf8f621
UENR4505-00.pdf
UENR4505-00.pdf
thang tong
Honey process manager
Honey process manager
Ashok Kumar Barla
C041221821
C041221821
IOSR-JEN
Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)
Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)
Jordi Cabot
WBS is Paramount
WBS is Paramount
Glen Alleman
CSA CCM V3.0.1 CLOUD CONTROLS MATRIX VERSION 3.0.1Control DomainC.docx
CSA CCM V3.0.1 CLOUD CONTROLS MATRIX VERSION 3.0.1Control DomainC.docx
mydrynan
Similaire à NIST NVD REV 4 Security Controls Online Database Analysis
(20)
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
Project #3 IT Security Controls Baseline for Red Clay Renovations.docx
I phone 5 full Schematic Diagram 820 3141-b
I phone 5 full Schematic Diagram 820 3141-b
Fmea
Fmea
Automated FMECA Technology for Tomorrow
Automated FMECA Technology for Tomorrow
H2O World - PAAS: Predictive Analytics offered as a Service - Prateem Mandal
H2O World - PAAS: Predictive Analytics offered as a Service - Prateem Mandal
CSA CCM V3.0CLOUD CONTROLS MATRIX VERSION 3.0Control DomainCCM V3..docx
CSA CCM V3.0CLOUD CONTROLS MATRIX VERSION 3.0Control DomainCCM V3..docx
10004455533
10004455533
pdfcoffee.com_otis-gen-2-regen-baa21000h-plano-7-pdf-free (1).pptx
pdfcoffee.com_otis-gen-2-regen-baa21000h-plano-7-pdf-free (1).pptx
Dual Purpose Generator Set Maintenance Manual
Dual Purpose Generator Set Maintenance Manual
SmartZone 5.0
SmartZone 5.0
SUZUKI G.VITARA AT.pdf
SUZUKI G.VITARA AT.pdf
15 - Introduction to Optimization Tools Rev A.ppt
15 - Introduction to Optimization Tools Rev A.ppt
ECS H77H2-M4 rA.pptx
ECS H77H2-M4 rA.pptx
iaf.pptx
iaf.pptx
UENR4505-00.pdf
UENR4505-00.pdf
Honey process manager
Honey process manager
C041221821
C041221821
Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)
Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)
WBS is Paramount
WBS is Paramount
CSA CCM V3.0.1 CLOUD CONTROLS MATRIX VERSION 3.0.1Control DomainC.docx
CSA CCM V3.0.1 CLOUD CONTROLS MATRIX VERSION 3.0.1Control DomainC.docx
Plus de James W. De Rienzo
Nist sp 800_r5_baselines_&_attributes
Nist sp 800_r5_baselines_&_attributes
James W. De Rienzo
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
James W. De Rienzo
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
James W. De Rienzo
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
James W. De Rienzo
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
James W. De Rienzo
SEI CERT Podcast Series
SEI CERT Podcast Series
James W. De Rienzo
CNDSP Assessment Template
CNDSP Assessment Template
James W. De Rienzo
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
James W. De Rienzo
Information Security Fundamentals
Information Security Fundamentals
James W. De Rienzo
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual Framework
James W. De Rienzo
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
James W. De Rienzo
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
James W. De Rienzo
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
James W. De Rienzo
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
James W. De Rienzo
VDI and Application Virtualization
VDI and Application Virtualization
James W. De Rienzo
Plus de James W. De Rienzo
(15)
Nist sp 800_r5_baselines_&_attributes
Nist sp 800_r5_baselines_&_attributes
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
Risk Management Framework (RMF) STEP 4- Access Security Controls - NIST SP 80...
SEI CERT Podcast Series
SEI CERT Podcast Series
CNDSP Assessment Template
CNDSP Assessment Template
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
(3) Map Council on CyberSecurity's Critical Security Controls (CSC) Version 5...
Information Security Fundamentals
Information Security Fundamentals
Information Assurance, A DISA CCRI Conceptual Framework
Information Assurance, A DISA CCRI Conceptual Framework
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
Information System Sensitivity Level Impact Assessment (NIST SP 800-60v2r1)
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
RMF STEP 2: SELECT (NIST 800-53 Rev. 3 Controls, Enhancements and Supplementa...
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
VDI and Application Virtualization
VDI and Application Virtualization
Dernier
Learn How Data Science Changes Our World
Learn How Data Science Changes Our World
Eduminds Learning
6 Tips for Interpretable Topic Models _ by Nicha Ruchirawat _ Towards Data Sc...
6 Tips for Interpretable Topic Models _ by Nicha Ruchirawat _ Towards Data Sc...
Dr Arash Najmaei ( Phd., MBA, BSc)
NO1 Certified Black Magic Specialist Expert Amil baba in Lahore Islamabad Raw...
NO1 Certified Black Magic Specialist Expert Amil baba in Lahore Islamabad Raw...
Amil Baba Dawood bangali
Semantic Shed - Squashing and Squeezing.pptx
Semantic Shed - Squashing and Squeezing.pptx
Mike Bennett
Networking Case Study prepared by teacher.pptx
Networking Case Study prepared by teacher.pptx
HimangsuNath
IBEF report on the Insurance market in India
IBEF report on the Insurance market in India
ManalVerma4
What To Do For World Nature Conservation Day by Slidesgo.pptx
What To Do For World Nature Conservation Day by Slidesgo.pptx
SimranPal17
modul pembelajaran robotic Workshop _ by Slidesgo.pptx
modul pembelajaran robotic Workshop _ by Slidesgo.pptx
aleedritatuxx
FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024
FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024
Susanna-Assunta Sansone
SMOTE and K-Fold Cross Validation-Presentation.pptx
SMOTE and K-Fold Cross Validation-Presentation.pptx
HaritikaChhatwal1
Rithik Kumar Singh codealpha pythohn.pdf
Rithik Kumar Singh codealpha pythohn.pdf
rahulyadav957181
Data Analysis Project: Stroke Prediction
Data Analysis Project: Stroke Prediction
Boston Institute of Analytics
Decoding Movie Sentiments: Analyzing Reviews with Data Analysis model
Decoding Movie Sentiments: Analyzing Reviews with Data Analysis model
Boston Institute of Analytics
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Boston Institute of Analytics
The Power of Data-Driven Storytelling_ Unveiling the Layers of Insight.pptx
The Power of Data-Driven Storytelling_ Unveiling the Layers of Insight.pptx
Tasha Penwell
why-transparency-and-traceability-are-essential-for-sustainable-supply-chains...
why-transparency-and-traceability-are-essential-for-sustainable-supply-chains...
Jack Cole
Principles and Practices of Data Visualization
Principles and Practices of Data Visualization
KianJazayeri1
Real-Time AI Streaming - AI Max Princeton
Real-Time AI Streaming - AI Max Princeton
Timothy Spann
English-8-Q4-W3-Synthesizing-Essential-Information-From-Various-Sources-1.pdf
English-8-Q4-W3-Synthesizing-Essential-Information-From-Various-Sources-1.pdf
blazblazml
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
Boston Institute of Analytics
Dernier
(20)
Learn How Data Science Changes Our World
Learn How Data Science Changes Our World
6 Tips for Interpretable Topic Models _ by Nicha Ruchirawat _ Towards Data Sc...
6 Tips for Interpretable Topic Models _ by Nicha Ruchirawat _ Towards Data Sc...
NO1 Certified Black Magic Specialist Expert Amil baba in Lahore Islamabad Raw...
NO1 Certified Black Magic Specialist Expert Amil baba in Lahore Islamabad Raw...
Semantic Shed - Squashing and Squeezing.pptx
Semantic Shed - Squashing and Squeezing.pptx
Networking Case Study prepared by teacher.pptx
Networking Case Study prepared by teacher.pptx
IBEF report on the Insurance market in India
IBEF report on the Insurance market in India
What To Do For World Nature Conservation Day by Slidesgo.pptx
What To Do For World Nature Conservation Day by Slidesgo.pptx
modul pembelajaran robotic Workshop _ by Slidesgo.pptx
modul pembelajaran robotic Workshop _ by Slidesgo.pptx
FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024
FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024
SMOTE and K-Fold Cross Validation-Presentation.pptx
SMOTE and K-Fold Cross Validation-Presentation.pptx
Rithik Kumar Singh codealpha pythohn.pdf
Rithik Kumar Singh codealpha pythohn.pdf
Data Analysis Project: Stroke Prediction
Data Analysis Project: Stroke Prediction
Decoding Movie Sentiments: Analyzing Reviews with Data Analysis model
Decoding Movie Sentiments: Analyzing Reviews with Data Analysis model
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...
The Power of Data-Driven Storytelling_ Unveiling the Layers of Insight.pptx
The Power of Data-Driven Storytelling_ Unveiling the Layers of Insight.pptx
why-transparency-and-traceability-are-essential-for-sustainable-supply-chains...
why-transparency-and-traceability-are-essential-for-sustainable-supply-chains...
Principles and Practices of Data Visualization
Principles and Practices of Data Visualization
Real-Time AI Streaming - AI Max Princeton
Real-Time AI Streaming - AI Max Princeton
English-8-Q4-W3-Synthesizing-Essential-Information-From-Various-Sources-1.pdf
English-8-Q4-W3-Synthesizing-Essential-Information-From-Various-Sources-1.pdf
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
Data Analysis Project : Targeting the Right Customers, Presentation on Bank M...
NIST NVD REV 4 Security Controls Online Database Analysis
1.
NIST NVD 800
Rev4 Data Analysis Page 1 of 4 Priority 256 100% P3 12 4.7% P2 36 14.1% P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2 P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count (blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2 FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H AC AC-1 ACCESS CONTROL POLICY AND PROCEDURES P1 AC-1 AC-1 AC-1 1 1 1 1 1 1 AC AC-2 ACCOUNT MANAGEMENT P1 AC-2 AC-2 (1) (2) (3) (4) AC-2 (1) (2) (3) (4) (5) (11) (12) (13) 1 5 9 1 1 1 4 8 (1) (1) (2) (2) (3) (3) (4) (4) (5) (11) (12) (13) AC AC-3 ACCESS ENFORCEMENT P1 AC-3 AC-3 AC-3 1 1 1 1 1 1 AC AC-4 INFORMATION FLOW ENFORCEMENT P1 AC-4 AC-4 1 1 1 1 AC AC-5 SEPARATION OF DUTIES P1 AC-5 AC-5 1 1 1 1 AC AC-6 LEAST PRIVILEGE P1 AC-6 (1) (2) (5) (9) (10) AC-6 (1) (2) (3) (5) (9) (10) 6 7 1 1 5 6 (1) (1) (2) (2) (5) (3) (9) (5) (10) (9) (10) AC AC-7 UNSUCCESSFUL LOGON ATTEMPTS P2 AC-7 AC-7 AC-7 1 1 1 1 1 1 AC AC-8 SYSTEM USE NOTIFICATION P1 AC-8 AC-8 AC-8 1 1 1 1 1 1 AC AC-9 PREVIOUS LOGON (ACCESS) NOTIFICATION P0 AC AC-10 CONCURRENT SESSION CONTROL P3 AC-10 1 1 AC AC-11 SESSION LOCK P3 AC-11 (1) AC-11 (1) 2 2 1 1 1 1 (1) (1) AC AC-12 SESSION TERMINATION P2 AC-12 AC-12 1 1 1 1 AC AC-13 SUPERVISION AND REVIEW - ACCESS CONTROL (blank) AC AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION P3 AC-14 AC-14 AC-14 1 1 1 1 1 1 AC AC-15 AUTOMATED MARKING (blank) AC AC-16 SECURITY ATTRIBUTES P0 AC AC-17 REMOTE ACCESS P1 AC-17 AC-17 (1) (2) (3) (4) AC-17 (1) (2) (3) (4) 1 5 5 1 1 1 4 4 (1) (1) (2) (2) (3) (3) (4) (4) AC AC-18 WIRELESS ACCESS P1 AC-18 AC-18 (1) AC-18 (1) (4) (5) 1 2 4 1 1 1 1 3 (1) (1) (4) (5) AC AC-19 ACCESS CONTROL FOR MOBILE DEVICES P1 AC-19 AC-19 (5) AC-19 (5) 1 2 2 1 1 1 1 1 (5) (5) AC AC-20 USE OF EXTERNAL INFORMATION SYSTEMS P1 AC-20 AC-20 (1) (2) AC-20 (1) (2) 1 3 3 1 1 1 2 2 (1) (1) (2) (2) AC AC-21 INFORMATION SHARING P2 AC-21 AC-21 1 1 1 1 AC AC-22 PUBLICLY ACCESSIBLE CONTENT P3 AC-22 AC-22 AC-22 1 1 1 1 1 1 AC AC-23 DATA MINING PROTECTION P0 AC AC-24 ACCESS CONTROL DECISIONS P0 AC AC-25 REFERENCE MONITOR P0 AT AT-1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES P1 AT-1 AT-1 AT-1 1 1 1 1 1 1 AT AT-2 SECURITY AWARENESS TRAINING P1 AT-2 AT-2 (2) AT-2 (2) 1 2 2 1 1 1 1 1 (2) (2) AT AT-3 ROLE-BASED SECURITY TRAINING P1 AT-3 AT-3 AT-3 1 1 1 1 1 1 AT AT-4 SECURITY TRAINING RECORDS P3 AT-4 AT-4 AT-4 1 1 1 1 1 1 AT AT-5 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS (blank) AU AU-1 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES P1 AU-1 AU-1 AU-1 1 1 1 1 1 1 AU AU-2 AUDIT EVENTS P1 AU-2 AU-2 (3) AU-2 (3) 1 2 2 1 1 1 1 1 (3) (3) AU AU-3 CONTENT OF AUDIT RECORDS P1 AU-3 AU-3 (1) AU-3 (1) (2) 1 2 3 1 1 1 1 2 (1) (1) (2) AU AU-4 AUDIT STORAGE CAPACITY P1 AU-4 AU-4 AU-4 1 1 1 1 1 1 AU AU-5 RESPONSE TO AUDIT PROCESSING FAILURES P1 AU-5 AU-5 AU-5 (1) (2) 1 1 3 1 1 1 2 (1) (2) AU AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING P1 AU-6 AU-6 (1) (3) AU-6 (1) (3) (5) (6) 1 3 5 1 1 1 2 4 (1) (1) (3) (3) (5) (6) AU AU-7 AUDIT REDUCTION AND REPORT GENERATION P2 AU-7 (1) AU-7 (1) 2 2 1 1 1 1 (1) (1) AU AU-8 TIME STAMPS P1 AU-8 AU-8 (1) AU-8 (1) 1 2 2 1 1 1 1 1 (1) (1) AU AU-9 PROTECTION OF AUDIT INFORMATION P1 AU-9 AU-9 (4) AU-9 (2) (3) (4) 1 2 4 1 1 1 1 3 (4) (2) (3) (4) AU AU-10 NON-REPUDIATION P2 AU-10 1 1 AU AU-11 AUDIT RECORD RETENTION P3 AU-11 AU-11 AU-11 1 1 1 1 1 1 AU AU-12 AUDIT GENERATION P1 AU-12 AU-12 AU-12 (1) (3) 1 1 3 1 1 1 2 (1) (3) AU AU-13 MONITORING FOR INFORMATION DISCLOSURE P0 AU AU-14 SESSION AUDIT P0 AU AU-15 ALTERNATE AUDIT CAPABILITY P0 AU AU-16 CROSS-ORGANIZATIONAL AUDITING P0 CA CA-1 SECURITY ASSESSMENT AND AUTHORIZATION POLICY AND PROCEDURES P1 CA-1 CA-1 CA-1 1 1 1 1 1 1 CA CA-2 SECURITY ASSESSMENTS P2 CA-2 CA-2 (1) CA-2 (1) (2) 1 2 3 1 1 1 1 2 (1) (1) (2) CA CA-3 SYSTEM INTERCONNECTIONS P1 CA-3 CA-3 (5) CA-3 (5) 1 2 2 1 1 1 1 1 (5) (5) CA CA-4 SECURITY CERTIFICATION (blank) CA CA-5 PLAN OF ACTION AND MILESTONES P3 CA-5 CA-5 CA-5 1 1 1 1 1 1 CA CA-6 SECURITY AUTHORIZATION P2 CA-6 CA-6 CA-6 1 1 1 1 1 1 CA CA-7 CONTINUOUS MONITORING P2 CA-7 CA-7 (1) CA-7 (1) 1 2 2 1 1 1 1 1 (1) (1) CA CA-8 PENETRATION TESTING P2 CA-8 1 1 CA CA-9 INTERNAL SYSTEM CONNECTIONS P2 CA-9 CA-9 CA-9 1 1 1 1 1 1 CM CM-1 CONFIGURATION MANAGEMENT POLICY AND PROCEDURES P1 CM-1 CM-1 CM-1 1 1 1 1 1 1 CM CM-2 BASELINE CONFIGURATION P1 CM-2 CM-2 (1) (3) (7) CM-2 (1) (2) (3) (7) 1 4 5 1 1 1 3 4 (1) (1) (3) (2) (7) (3) (7) CM CM-3 CONFIGURATION CHANGE CONTROL P1 CM-3 (2) CM-3 (1) (2) 2 3 1 1 1 2 (2) (1) (2) CM CM-4 SECURITY IMPACT ANALYSIS P2 CM-4 CM-4 CM-4 (1) 1 1 2 1 1 1 1 (1) CM CM-5 ACCESS RESTRICTIONS FOR CHANGE P1 CM-5 CM-5 (1) (2) (3) 1 4 1 1 3 (1) (2) (3) CM CM-6 CONFIGURATION SETTINGS P1 CM-6 CM-6 CM-6 (1) (2) 1 1 3 1 1 1 2 (1) (2) CM CM-7 LEAST FUNCTIONALITY P1 CM-7 CM-7 (1) (2) (4) CM-7 (1) (2) (5) 1 4 4 1 1 1 3 3 (1) (1) (2) (2) (4) (5) CM CM-8 INFORMATION SYSTEM COMPONENT INVENTORY P1 CM-8 CM-8 (1) (3) (5) CM-8 (1) (2) (3) (4) (5) 1 4 6 1 1 1 3 5 (1) (1) (3) (2) (5) (3) (4) (5) CM CM-9 CONFIGURATION MANAGEMENT PLAN P1 CM-9 CM-9 1 1 1 1
2.
NIST NVD 800
Rev4 Data Analysis Page 2 of 4 Priority 256 100% P3 12 4.7% P2 36 14.1% P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2 P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count (blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2 FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H CM CM-10 SOFTWARE USAGE RESTRICTIONS P2 CM-10 CM-10 CM-10 1 1 1 1 1 1 CM CM-11 USER-INSTALLED SOFTWARE P1 CM-11 CM-11 CM-11 1 1 1 1 1 1 CP CP-1 CONTINGENCY PLANNING POLICY AND PROCEDURES P1 CP-1 CP-1 CP-1 1 1 1 1 1 1 CP CP-2 CONTINGENCY PLAN P1 CP-2 CP-2 (1) (3) (8) CP-2 (1) (2) (3) (4) (5) (8) 1 4 7 1 1 1 3 6 (1) (1) (3) (2) (8) (3) (4) (5) (8) CP CP-3 CONTINGENCY TRAINING P2 CP-3 CP-3 CP-3 (1) 1 1 2 1 1 1 1 (1) CP CP-4 CONTINGENCY PLAN TESTING P2 CP-4 CP-4 (1) CP-4 (1) (2) 1 2 3 1 1 1 1 2 (1) (1) (2) CP CP-5 CONTINGENCY PLAN UPDATE (blank) CP CP-6 ALTERNATE STORAGE SITE P1 CP-6 (1) (3) CP-6 (1) (2) (3) 3 4 1 1 2 3 (1) (1) (3) (2) (3) CP CP-7 ALTERNATE PROCESSING SITE P1 CP-7 (1) (2) (3) CP-7 (1) (2) (3) (4) 4 5 1 1 3 4 (1) (1) (2) (2) (3) (3) (4) CP CP-8 TELECOMMUNICATIONS SERVICES P1 CP-8 (1) (2) CP-8 (1) (2) (3) (4) 3 5 1 1 2 4 (1) (1) (2) (2) (3) (4) CP CP-9 INFORMATION SYSTEM BACKUP P1 CP-9 CP-9 (1) CP-9 (1) (2) (3) (5) 1 2 5 1 1 1 1 4 (1) (1) (2) (3) (5) CP CP-10 INFORMATION SYSTEM RECOVERY AND RECONSTITUTION P1 CP-10 CP-10 (2) CP-10 (2) (4) 1 2 3 1 1 1 1 2 (2) (2) (4) CP CP-11 ALTERNATE COMMUNICATIONS PROTOCOLS P0 CP CP-12 SAFE MODE P0 CP CP-13 ALTERNATIVE SECURITY MECHANISMS P0 IA IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES P1 IA-1 IA-1 IA-1 1 1 1 1 1 1 IA IA-2 IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) P1 IA-2 (1) (12) IA-2 (1) (2) (3) (8) (11) (12) IA-2 (1) (2) (3) (4) (8) (9) (11) (12) 3 7 9 1 1 1 2 6 8 (1) (1) (1) (12) (2) (2) (3) (3) (8) (4) (11) (8) (12) (9) (11) (12) IA IA-3 DEVICE IDENTIFICATION AND AUTHENTICATION P1 IA-3 IA-3 1 1 1 1 IA IA-4 IDENTIFIER MANAGEMENT P1 IA-4 IA-4 IA-4 1 1 1 1 1 1 IA IA-5 AUTHENTICATOR MANAGEMENT P1 IA-5 (1) (11) IA-5 (1) (2) (3) (11) IA-5 (1) (2) (3) (11) 3 5 5 1 1 1 2 4 4 (1) (1) (1) (11) (2) (2) (3) (3) (11) (11) IA IA-6 AUTHENTICATOR FEEDBACK P2 IA-6 IA-6 IA-6 1 1 1 1 1 1 IA IA-7 CRYPTOGRAPHIC MODULE AUTHENTICATION P1 IA-7 IA-7 IA-7 1 1 1 1 1 1 IA IA-8 IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) P1 IA-8 (1) (2) (3) (4) IA-8 (1) (2) (3) (4) IA-8 (1) (2) (3) (4) 5 5 5 1 1 1 4 4 4 (1) (1) (1) (2) (2) (2) (3) (3) (3) (4) (4) (4) IA IA-9 SERVICE IDENTIFICATION AND AUTHENTICATION P0 IA IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATION P0 IA IA-11 RE-AUTHENTICATION P0 IR IR-1 INCIDENT RESPONSE POLICY AND PROCEDURES P1 IR-1 IR-1 IR-1 1 1 1 1 1 1 IR IR-2 INCIDENT RESPONSE TRAINING P2 IR-2 IR-2 IR-2 (1) (2) 1 1 3 1 1 1 2 (1) (2) IR IR-3 INCIDENT RESPONSE TESTING P2 IR-3 (2) IR-3 (2) 2 2 1 1 1 1 (2) (2) IR IR-4 INCIDENT HANDLING P1 IR-4 IR-4 (1) IR-4 (1) (4) 1 2 3 1 1 1 1 2 (1) (1) (4) IR IR-5 INCIDENT MONITORING P1 IR-5 IR-5 IR-5 (1) 1 1 2 1 1 1 1 (1) IR IR-6 INCIDENT REPORTING P1 IR-6 IR-6 (1) IR-6 (1) 1 2 2 1 1 1 1 1 (1) (1) IR IR-7 INCIDENT RESPONSE ASSISTANCE P2 IR-7 IR-7 (1) IR-7 (1) 1 2 2 1 1 1 1 1 (1) (1) IR IR-8 INCIDENT RESPONSE PLAN P1 IR-8 IR-8 IR-8 1 1 1 1 1 1 IR IR-9 INFORMATION SPILLAGE RESPONSE P0 IR IR-10 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM P0 MA MA-1 SYSTEM MAINTENANCE POLICY AND PROCEDURES P1 MA-1 MA-1 MA-1 1 1 1 1 1 1 MA MA-2 CONTROLLED MAINTENANCE P2 MA-2 MA-2 MA-2 (2) 1 1 2 1 1 1 1 (2) MA MA-3 MAINTENANCE TOOLS P3 MA-3 (1) (2) MA-3 (1) (2) (3) 3 4 1 1 2 3 (1) (1) (2) (2) (3) MA MA-4 NONLOCAL MAINTENANCE P2 MA-4 MA-4 (2) MA-4 (2) (3) 1 2 3 1 1 1 1 2 (2) (2) (3) MA MA-5 MAINTENANCE PERSONNEL P2 MA-5 MA-5 MA-5 (1) 1 1 2 1 1 1 1 (1) MA MA-6 TIMELY MAINTENANCE P2 MA-6 MA-6 1 1 1 1 MP MP-1 MEDIA PROTECTION POLICY AND PROCEDURES P1 MP-1 MP-1 MP-1 1 1 1 1 1 1 MP MP-2 MEDIA ACCESS P1 MP-2 MP-2 MP-2 1 1 1 1 1 1 MP MP-3 MEDIA MARKING P2 MP-3 MP-3 1 1 1 1 MP MP-4 MEDIA STORAGE P1 MP-4 MP-4 1 1 1 1 MP MP-5 MEDIA TRANSPORT P1 MP-5 (4) MP-5 (4) 2 2 1 1 1 1 (4) (4) MP MP-6 MEDIA SANITIZATION P1 MP-6 MP-6 MP-6 (1) (2) (3) 1 1 4 1 1 1 3 (1) (2) (3) MP MP-7 MEDIA USE P1 MP-7 MP-7 (1) MP-7 (1) 1 2 2 1 1 1 1 1 (1) (1) MP MP-8 MEDIA DOWNGRADING P0 PE PE-1 PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY AND PROCEDURES P1 PE-1 PE-1 PE-1 1 1 1 1 1 1 PE PE-2 PHYSICAL ACCESS AUTHORIZATIONS P1 PE-2 PE-2 PE-2 1 1 1 1 1 1 PE PE-3 PHYSICAL ACCESS CONTROL P1 PE-3 PE-3 PE-3 (1) 1 1 2 1 1 1 1 (1) PE PE-4 ACCESS CONTROL FOR TRANSMISSION MEDIUM P1 PE-4 PE-4 1 1 1 1 PE PE-5 ACCESS CONTROL FOR OUTPUT DEVICES P2 PE-5 PE-5 1 1 1 1 PE PE-6 MONITORING PHYSICAL ACCESS P1 PE-6 PE-6 (1) PE-6 (1) (4) 1 2 3 1 1 1 1 2 (1) (1) (4) PE PE-7 VISITOR CONTROL (blank) PE PE-8 VISITOR ACCESS RECORDS P3 PE-8 PE-8 PE-8 (1) 1 1 2 1 1 1 1 (1) PE PE-9 POWER EQUIPMENT AND CABLING P1 PE-9 PE-9 1 1 1 1 PE PE-10 EMERGENCY SHUTOFF P1 PE-10 PE-10 1 1 1 1 PE PE-11 EMERGENCY POWER P1 PE-11 PE-11 (1) 1 2 1 1 1 (1) PE PE-12 EMERGENCY LIGHTING P1 PE-12 PE-12 PE-12 1 1 1 1 1 1 PE PE-13 FIRE PROTECTION P1 PE-13 PE-13 (3) PE-13 (1) (2) (3) 1 2 4 1 1 1 1 3 (3) (1) (2) (3) PE PE-14 TEMPERATURE AND HUMIDITY CONTROLS P1 PE-14 PE-14 PE-14 1 1 1 1 1 1
3.
NIST NVD 800
Rev4 Data Analysis Page 3 of 4 Priority 256 100% P3 12 4.7% P2 36 14.1% P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2 P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count (blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2 FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H PE PE-15 WATER DAMAGE PROTECTION P1 PE-15 PE-15 PE-15 (1) 1 1 2 1 1 1 1 (1) PE PE-16 DELIVERY AND REMOVAL P2 PE-16 PE-16 PE-16 1 1 1 1 1 1 PE PE-17 ALTERNATE WORK SITE P2 PE-17 PE-17 1 1 1 1 PE PE-18 LOCATION OF INFORMATION SYSTEM COMPONENTS P3 PE-18 1 1 PE PE-19 INFORMATION LEAKAGE P0 PE PE-20 ASSET MONITORING AND TRACKING P0 PL PL-1 SECURITY PLANNING POLICY AND PROCEDURES P1 PL-1 PL-1 PL-1 1 1 1 1 1 1 PL PL-2 SYSTEM SECURITY PLAN P1 PL-2 PL-2 (3) PL-2 (3) 1 2 2 1 1 1 1 1 (3) (3) PL PL-3 SYSTEM SECURITY PLAN UPDATE (blank) PL PL-4 RULES OF BEHAVIOR P2 PL-4 PL-4 (1) PL-4 (1) 1 2 2 1 1 1 1 1 (1) (1) PL PL-5 PRIVACY IMPACT ASSESSMENT (blank) PL PL-6 SECURITY-RELATED ACTIVITY PLANNING (blank) PL PL-7 SECURITY CONCEPT OF OPERATIONS P0 PL PL-8 INFORMATION SECURITY ARCHITECTURE P1 PL-8 PL-8 1 1 1 1 PL PL-9 CENTRAL MANAGEMENT P0 PM PM-1 INFORMATION SECURITY PROGRAM PLAN (blank) PM PM-2 SENIOR INFORMATION SECURITY OFFICER (blank) PM PM-3 INFORMATION SECURITY RESOURCES (blank) PM PM-4 PLAN OF ACTION AND MILESTONES PROCESS (blank) PM PM-5 INFORMATION SYSTEM INVENTORY (blank) PM PM-6 INFORMATION SECURITY MEASURES OF PERFORMANCE (blank) PM PM-7 ENTERPRISE ARCHITECTURE (blank) PM PM-8 CRITICAL INFRASTRUCTURE PLAN (blank) PM PM-9 RISK MANAGEMENT STRATEGY (blank) PM PM-10 SECURITY AUTHORIZATION PROCESS (blank) PM PM-11 MISSION/BUSINESS PROCESS DEFINITION (blank) PM PM-12 INSIDER THREAT PROGRAM (blank) PM PM-13 INFORMATION SECURITY WORKFORCE (blank) PM PM-14 TESTING, TRAINING, AND MONITORING (blank) PM PM-15 CONTACTS WITH SECURITY GROUPS AND ASSOCIATIONS (blank) PM PM-16 THREAT AWARENESS PROGRAM (blank) PS PS-1 PERSONNEL SECURITY POLICY AND PROCEDURES P1 PS-1 PS-1 PS-1 1 1 1 1 1 1 PS PS-2 POSITION RISK DESIGNATION P1 PS-2 PS-2 PS-2 1 1 1 1 1 1 PS PS-3 PERSONNEL SCREENING P1 PS-3 PS-3 PS-3 1 1 1 1 1 1 PS PS-4 PERSONNEL TERMINATION P1 PS-4 PS-4 PS-4 (2) 1 1 2 1 1 1 1 (2) PS PS-5 PERSONNEL TRANSFER P2 PS-5 PS-5 PS-5 1 1 1 1 1 1 PS PS-6 ACCESS AGREEMENTS P3 PS-6 PS-6 PS-6 1 1 1 1 1 1 PS PS-7 THIRD-PARTY PERSONNEL SECURITY P1 PS-7 PS-7 PS-7 1 1 1 1 1 1 PS PS-8 PERSONNEL SANCTIONS P3 PS-8 PS-8 PS-8 1 1 1 1 1 1 RA RA-1 RISK ASSESSMENT POLICY AND PROCEDURES P1 RA-1 RA-1 RA-1 1 1 1 1 1 1 RA RA-2 SECURITY CATEGORIZATION P1 RA-2 RA-2 RA-2 1 1 1 1 1 1 RA RA-3 RISK ASSESSMENT P1 RA-3 RA-3 RA-3 1 1 1 1 1 1 RA RA-4 RISK ASSESSMENT UPDATE (blank) RA RA-5 VULNERABILITY SCANNING P1 RA-5 RA-5 (1) (2) (5) RA-5 (1) (2) (4) (5) 1 4 5 1 1 1 3 4 (1) (1) (2) (2) (5) (4) (5) RA RA-6 TECHNICAL SURVEILLANCE COUNTERMEASURES SURVEY P0 SA SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES P1 SA-1 SA-1 SA-1 1 1 1 1 1 1 SA SA-2 ALLOCATION OF RESOURCES P1 SA-2 SA-2 SA-2 1 1 1 1 1 1 SA SA-3 SYSTEM DEVELOPMENT LIFE CYCLE P1 SA-3 SA-3 SA-3 1 1 1 1 1 1 SA SA-4 ACQUISITION PROCESS P1 SA-4 (10) SA-4 (1) (2) (9) (10) SA-4 (1) (2) (9) (10) 2 5 5 1 1 1 1 4 4 (10) (1) (1) (2) (2) (9) (9) (10) (10) SA SA-5 INFORMATION SYSTEM DOCUMENTATION P2 SA-5 SA-5 SA-5 1 1 1 1 1 1 SA SA-6 SOFTWARE USAGE RESTRICTIONS (blank) SA SA-7 USER-INSTALLED SOFTWARE (blank) SA SA-8 SECURITY ENGINEERING PRINCIPLES P1 SA-8 SA-8 1 1 1 1 SA SA-9 EXTERNAL INFORMATION SYSTEM SERVICES P1 SA-9 SA-9 (2) SA-9 (2) 1 2 2 1 1 1 1 1 (2) (2) SA SA-10 DEVELOPER CONFIGURATION MANAGEMENT P1 SA-10 SA-10 1 1 1 1 SA SA-11 DEVELOPER SECURITY TESTING AND EVALUATION P1 SA-11 SA-11 1 1 1 1 SA SA-12 SUPPLY CHAIN PROTECTION P1 SA-12 1 1 SA SA-13 TRUSTWORTHINESS P0 SA SA-14 CRITICALITY ANALYSIS P0 SA SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS P2 SA-15 1 1 SA SA-16 DEVELOPER-PROVIDED TRAINING P2 SA-16 1 1 SA SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN P1 SA-17 1 1 SA SA-18 TAMPER RESISTANCE AND DETECTION P0 SA SA-19 COMPONENT AUTHENTICITY P0
4.
NIST NVD 800
Rev4 Data Analysis Page 4 of 4 Priority 256 100% P3 12 4.7% P2 36 14.1% P1 122 47.7% 137 82 44 11 93 71 49 18 20 19 14 11 7 9 2 5 1 4 3 2 P0 54 21.1% Combined Count Control Count Enhance Count Level 1 Count Level 2 Count Level 3 Count Level 4 Count Level 5 Count Level 6 Count Level 7 Count Level 8 Count (blank) 32 12.5% 124 261 343 115 159 170 9 102 173 4 53 71 3 23 42 1 15 26 1 8 17 2 7 1 5 3 2 FAMILY ID SECURITY CONTROL TITLE P Low Mod High L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H L M H SA SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS P0 SA SA-21 DEVELOPER SCREENING P0 SA SA-22 UNSUPPORTED SYSTEM COMPONENTS P0 SC SC-1 SYSTEM AND COMMUNICATIONS PROTECTION POLICY AND PROCEDURES P1 SC-1 SC-1 SC-1 1 1 1 1 1 1 SC SC-2 APPLICATION PARTITIONING P1 SC-2 SC-2 1 1 1 1 SC SC-3 SECURITY FUNCTION ISOLATION P1 SC-3 1 1 SC SC-4 INFORMATION IN SHARED RESOURCES P1 SC-4 SC-4 1 1 1 1 SC SC-5 DENIAL OF SERVICE PROTECTION P1 SC-5 SC-5 SC-5 1 1 1 1 1 1 SC SC-6 RESOURCE AVAILABILITY P0 SC SC-7 BOUNDARY PROTECTION P1 SC-7 SC-7 (3) (4) (5) (7) SC-7 (3) (4) (5) (7) (8) (18) (21) 1 5 8 1 1 1 4 7 (3) (3) (4) (4) (5) (5) (7) (7) (8) (18) (21) SC SC-8 TRANSMISSION CONFIDENTIALITY AND INTEGRITY P1 SC-8 (1) SC-8 (1) 2 2 1 1 1 1 (1) (1) SC SC-9 TRANSMISSION CONFIDENTIALITY (blank) SC SC-10 NETWORK DISCONNECT P2 SC-10 SC-10 1 1 1 1 SC SC-11 TRUSTED PATH P0 SC SC-12 CRYPTOGRAPHIC KEY ESTABLISHMENT AND MANAGEMENT P1 SC-12 SC-12 SC-12 (1) 1 1 2 1 1 1 1 (1) SC SC-13 CRYPTOGRAPHIC PROTECTION P1 SC-13 SC-13 SC-13 1 1 1 1 1 1 SC SC-14 PUBLIC ACCESS PROTECTIONS (blank) SC SC-15 COLLABORATIVE COMPUTING DEVICES P1 SC-15 SC-15 SC-15 1 1 1 1 1 1 SC SC-16 TRANSMISSION OF SECURITY ATTRIBUTES P0 SC SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES P1 SC-17 SC-17 1 1 1 1 SC SC-18 MOBILE CODE P2 SC-18 SC-18 1 1 1 1 SC SC-19 VOICE OVER INTERNET PROTOCOL P1 SC-19 SC-19 1 1 1 1 SC SC-20 SECURE NAME / ADDRESS RESOLUTION SERVICE (AUTHORITATIVE SOURCE) P1 SC-20 SC-20 SC-20 1 1 1 1 1 1 SC SC-21 SECURE NAME / ADDRESS RESOLUTION SERVICE (RECURSIVE OR CACHING RESOLVER) P1 SC-21 SC-21 SC-21 1 1 1 1 1 1 SC SC-22 ARCHITECTURE AND PROVISIONING FOR NAME / ADDRESS RESOLUTION SERVICE P1 SC-22 SC-22 SC-22 1 1 1 1 1 1 SC SC-23 SESSION AUTHENTICITY P1 SC-23 SC-23 1 1 1 1 SC SC-24 FAIL IN KNOWN STATE P1 SC-24 1 1 SC SC-25 THIN NODES P0 SC SC-26 HONEYPOTS P0 SC SC-27 PLATFORM-INDEPENDENT APPLICATIONS P0 SC SC-28 PROTECTION OF INFORMATION AT REST P1 SC-28 SC-28 1 1 1 1 SC SC-29 HETEROGENEITY P0 SC SC-30 CONCEALMENT AND MISDIRECTION P0 SC SC-31 COVERT CHANNEL ANALYSIS P0 SC SC-32 INFORMATION SYSTEM PARTITIONING P0 SC SC-33 TRANSMISSION PREPARATION INTEGRITY (blank) SC SC-34 NON-MODIFIABLE EXECUTABLE PROGRAMS P0 SC SC-35 HONEYCLIENTS P0 SC SC-36 DISTRIBUTED PROCESSING AND STORAGE P0 SC SC-37 OUT-OF-BAND CHANNELS P0 SC SC-38 OPERATIONS SECURITY P0 SC SC-39 PROCESS ISOLATION P1 SC-39 SC-39 SC-39 1 1 1 1 1 1 SC SC-40 WIRELESS LINK PROTECTION P0 SC SC-41 PORT AND I/O DEVICE ACCESS P0 SC SC-42 SENSOR CAPABILITY AND DATA P0 SC SC-43 USAGE RESTRICTIONS P0 SC SC-44 DETONATION CHAMBERS P0 SI SI-1 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES P1 SI-1 SI-1 SI-1 1 1 1 1 1 1 SI SI-2 FLAW REMEDIATION P1 SI-2 SI-2 (2) SI-2 (1) (2) 1 2 3 1 1 1 1 2 (2) (1) (2) SI SI-3 MALICIOUS CODE PROTECTION P1 SI-3 SI-3 (1) (2) SI-3 (1) (2) 1 3 3 1 1 1 2 2 (1) (1) (2) (2) SI SI-4 INFORMATION SYSTEM MONITORING P1 SI-4 SI-4 (2) (4) (5) SI-4 (2) (4) (5) 1 4 4 1 1 1 3 3 (2) (2) (4) (4) (5) (5) SI SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES P1 SI-5 SI-5 SI-5 (1) 1 1 2 1 1 1 1 (1) SI SI-6 SECURITY FUNCTION VERIFICATION P1 SI-6 1 1 SI SI-7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY P1 SI-7 (1) (7) SI-7 (1) (2) (5) (7) (14) 3 6 1 1 2 5 (1) (1) (7) (2) (5) (7) (14) SI SI-8 SPAM PROTECTION P2 SI-8 (1) (2) SI-8 (1) (2) 3 3 1 1 2 2 (1) (1) (2) (2) SI SI-9 INFORMATION INPUT RESTRICTIONS (blank) SI SI-10 INFORMATION INPUT VALIDATION P1 SI-10 SI-10 1 1 1 1 SI SI-11 ERROR HANDLING P2 SI-11 SI-11 1 1 1 1 SI SI-12 INFORMATION HANDLING AND RETENTION P2 SI-12 SI-12 SI-12 1 1 1 1 1 1 SI SI-13 PREDICTABLE FAILURE PREVENTION P0 SI SI-14 NON-PERSISTENCE P0 SI SI-15 INFORMATION OUTPUT FILTERING P0 SI SI-16 MEMORY PROTECTION P1 SI-16 SI-16 1 1 1 1 SI SI-17 FAIL-SAFE PROCEDURES P0
Télécharger maintenant