The following documents are referenced in the Cybersecurity Fundamentals and In-Depth training classes.

UNCLASSIFIED documents with no restrictions on usage or distribution are included in the Document Library section of the CSF Training CD, or online at www.rmf.org/csf-publications.

A URL is provided for those with restrictions.  Some of these, for example, the ISO documents, must be purchased.

FISMA 2014 Title III, E-Government Act (Federal Information Security Management Act)

 Executive Order 13636 – Improving Critical Infrastructure Cybersecurity

Executive Order 13800 – Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure 

CIS Controls Version 7.1 

CIS-Controls-V7.1-Mapping-to-NIST-CSF 

HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework

ISO/IEC 27005:2011 guidelines for information security risk management. *Purchase Required* 

International Organization for Standardization (ISO) 31000:2018 “Risk Management Guidelines” *Purchase Required* 

ISA 62443-2-1:2009 & ISA 62443-3-3:2013 *Purchase Required* 

NIST Special Publication 800-53 Revision 4 

Draft NIST Special Publication 800-53 Revision 5 

COBIT 5 *Purchase Required* 

NIST IR 8183 CSF Manufacturing Profile 

NIST SP 800-171 (CUI) for Federal Systems 

NIST Handbook 162 NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements 

NIST Special Publication 800-171A Assessing Security Requirements for Controlled Unclassified Information

Draft NIST SP 800-171B, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets.

Mapping between the Cybersecurity Framework (CSF) Subcategories and the Controlled Unclassified Information (CUI) Requirements in NIST Special Publication (SP) 800-171

Draft NIST Special Publication (SP) 800-171 Revision 2, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

PCI DSS

Baldrige Cybersecurity Excellence Builder Self-Assessment

Framework for Improving Critical Infrastructure Cybersecurity

Energy Sector Cybersecurity Framework Implementation Guidance

Notional Supply Chain Risk Management Practices for Federal Information Systems

The Cybersecurity Framework 2 Implementation Guidance for Federal Agencies 

An Introduction to Privacy Engineering and Risk Management in Federal Systems

NIST PRIVACY FRAMEWORK: AN ENTERPRISE RISK MANAGEMENT TOOL