CSF Publications

LAWS AND EXECUTIVE ORDERS

Executive Order 13636 – Improving Critical Infrastructure Cybersecurity

Executive Order 13800 – Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

INTERNATIONAL STANDARDS ORGANIZATION (ISO)

ISO/IEC 27005:2011 guidelines for information security risk management. *Purchase Required* International Organization for Standardization (ISO) 31000:2018 “Risk Management Guidelines” *Purchase Required*

NIST SPECIAL PUBLICATIONS (SP)

NIST Special Publication 800-53 Revision 4

NIST Special Publication 800-53 Revision 5

NISTIR 8183 Revision 1 Cybersecurity Framework Version 1.1 Manufacturing Profile

NIST SP 800-171 (CUI) for Federal Systems

NIST Handbook 162 NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements

NIST SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171

Mapping between the Cybersecurity Framework (CSF) Subcategories and the Controlled Unclassified Information (CUI) Requirements in NIST Special Publication (SP) 800-171

NIST Special Publication 800-171 Revision 2: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

CIS-Controls-V7.1-Mapping-to-NIST-CSF

HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework

Baldrige Cybersecurity Excellence Builder Self-Assessment

Secure-Controls-Framework-SCFv2023.2-to-CSF-V1.1 Informative Reference Details

C2M2-v2.1-to-CSF-Framework-v1.1 Informative Reference Details

NIST PRIVACY FRAMEWORK: AN ENTERPRISE RISK MANAGEMENT TOOL

An Introduction to Privacy Engineering and Risk Management in Federal Systems

Approaches for Federal Agencies to Use the Cybersecurity Framework

Notional Supply Chain Risk Management Practices for Federal Information Systems

CENTER FOR INTERNET SECURITY

CIS Controls Version 7.1

MISCELLANEOUS

ISA 62443-2-1:2009 & ISA 62443-3-3:2013 *Purchase Required* COBIT 5 *Purchase Required*

Energy Sector Cybersecurity Framework Implementation Guidance

See also:

Recent Posts / View All Posts

Cybersecurity Framework is Getting an Update!

Kathryn Daily | Uncategorized | No Comments

By, Kathryn Daily, CISSP, CGRC, RDRP Over a decade ago NIST published the Cybersecurity Framework as a base set of standards, guidelines, and best practices to manage cybersecurity risks for critical infrastructure. While it is currently voluntary for critical infrastructure, Executive Order 13800, May 11, 2017, required federal agencies to,…

RMF and Toilet Tissue

Kathryn Daily | Uncategorized | No Comments

by Lon J. Berman, CISSP, RDRP The year 2020 will be remembered for lots of things, not the least of which was the “great toilet tissue shortage.” Who can forget running from store to store, only to be confronted with empty shelves? 2020 was also the year the term “supply…

RMF Knowledge Service Update: It’s back!

Kathryn Daily | Uncategorized | No Comments

As of 4:30 eastern time, I was able to login to RMF Knowledge Service. Hopefully it's back for good.