Date Published: August 17, 2023
Comments Due:
Email Questions to:
Author(s)
Karen Scarfone (Scarfone Cybersecurity), Murugiah Souppaya (NIST), Michael Fagan (NIST)
Announcement
Understanding how the elements of diverse sources of cybersecurity and privacy content are related to each other is an ongoing challenge for people in nearly every organization. This document explains NIST’s proposed approach for identifying and documenting relationships between concepts such as controls, requirements, recommendations, outcomes, technologies, functions, processes, techniques, roles, and skills.
NIST intends for the approach to be used for mapping relationships involving NIST cybersecurity and privacy publications that will be submitted to NIST’s National Online Informative References (OLIR) Program for hosting in NIST’s online Cybersecurity and Privacy Reference Tool (CPRT). This will include mapping the equivalent of the NIST Cybersecurity Framework’s (CSF) 1.1 Informative References in support of CSF 2.0.
By following this approach, NIST and others in the cybersecurity and privacy standards community can jointly establish a single concept system over time that links cybersecurity and privacy concepts from many sources into a cohesive, consistent set of relationship mappings. The mappings can then be used by different audiences to better describe the interrelated aspects of the global cybersecurity and privacy corpus.
The public comment period for this draft is open through October 6, 2023. Submit your comments to mapping@nist.gov.
This document describes an approach that NIST would use and other parties could use for mapping the elements of documentary standards, regulations, frameworks, and guidelines to NIST publications, such as CSF Subcategories or SP 800-53r5 controls. NIST intends for this approach to be used for future mappings involving NIST cybersecurity and privacy publications that will be submitted via the NIST National Online Informative References (OLIR) process for hosting on NIST’s online Cybersecurity and Privacy Reference Tool (CPRT). By following this approach, NIST and others in the cybersecurity and privacy standards community can jointly establish a single concept system over time that links cybersecurity and privacy concepts from many sources into a cohesive, consistent set of relationship mappings within the NIST CPRT. The approach is informed by concept system and terminology standards, as well as experience with what information the cybersecurity and privacy community would find most valuable.
This document describes an approach that NIST would use and other parties could use for mapping the elements of documentary standards, regulations, frameworks, and guidelines to NIST publications, such as CSF Subcategories or SP 800-53r5 controls. NIST intends for this approach to be used for future...
See full abstract
This document describes an approach that NIST would use and other parties could use for mapping the elements of documentary standards, regulations, frameworks, and guidelines to NIST publications, such as CSF Subcategories or SP 800-53r5 controls. NIST intends for this approach to be used for future mappings involving NIST cybersecurity and privacy publications that will be submitted via the NIST National Online Informative References (OLIR) process for hosting on NIST’s online Cybersecurity and Privacy Reference Tool (CPRT). By following this approach, NIST and others in the cybersecurity and privacy standards community can jointly establish a single concept system over time that links cybersecurity and privacy concepts from many sources into a cohesive, consistent set of relationship mappings within the NIST CPRT. The approach is informed by concept system and terminology standards, as well as experience with what information the cybersecurity and privacy community would find most valuable.
Hide full abstract
Keywords
concept mapping; crosswalk; cybersecurity; mapping; privacy; relationship; terminology science
Control Families
None selected
