Text-searchable mapping of NIST Cybersecurity Framework Core to 800-53 Controls

Posted November 3, 2020 | View revision history

I rent my cloak asunder in frustration when I realized I couldn’t ctrl+f the NIST Cybersecurity Framework Core for “penetration testing” or “encryption” or for anything, really, making it impossible to go from knowing security technical stuff to understanding quickly where a given control would fit into the core. So I wrestled with the 800-53 XML for a few days and got it into a format that could be javascript-searched in a webpage-table. Now I need a new cloak, but at least I have a table. I may post feature updates to the table from time to time.

Here’s all my python scripts for parsing the various NIST source files and for preparing the datasource used by the html table. Hopefully my use of python scripts will make updating the table relatively easy as new CSF or 800-53 versions are released.

Tags: security, tools

Dave Eargle is a Senior Consultant in Cybersecurity Assessment at Carve Systems. More about the author →

This page is open source. Please help improve it.

Edit