Text-searchable mapping of NIST Cybersecurity Framework Core to 800-53 Controls

Posted November 3, 2020 | View revision history

I rent my cloak asunder in frustration when I realized I couldn’t ctrl+f the NSF CSF core for “penetration testing” or “encryption” or for anything, really, making it impossible to go from knowing security technical stuff to understanding quickly where a given control would fit into the core. So I wrestled with the 800-53 XML for a few days and got it into a format that could be javascript-searched in a webpage-table. Now I need a new cloak, but at least I have a table. I may post feature updates to the table from time to time.

Here’s all my python scripts for parsing the various NIST source files and for preparing the datasource used by the html table. Hopefully my use of python scripts will make updating the table relatively easy as new CSF or 800-53 versions are released.


David Eargle is an Assistant Professor at the University of Colorado Boulder in the Leeds School of Business. He earned his Ph.D. degree in Information Systems from the University of Pittsburgh. His research interests include human-computer interaction and information security. He has coauthored several articles in these areas using neurophysiological and other methodologies in outlets such as the Journal of the Association for Information Systems, the European Journal of Information Systems, the International Conference on Information Systems, and the Hawaii International Conference on System Sciences), along with the Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI). More about the author →

This page is open source. Please help improve it.