Mapping & Analysis: NIST Cybersecurity Framework to Risk Management Framework 800-53A Assessment Objectives

Sources

• Organization: National Institute of Technology (NIST)
• Data Sources:
• Cybersecurity Framework v1.1
• NIST 800-53A

NIST has provided a cross walk from the Cybersecurity Framework (CSF) to the Risk Management Framework (RMF) 800-53 security controls. The bar chart below displays these blended data sets and maps the CSF to the 800-53A assessment objectives. Here is some summary count info by CSF Function:

1. Identify (ID) = 983 assessment objectives
2. Protect (PR) = 1187 assessment objectives
3. Detect (DE) = 833 assessment objectives
4. Respond (RS) = 267 assessment objectives
5. Recover (RC) = 72 assessment objectives

Link to the corresponding table chart - here.