From 551430676a9708e7b68657e23931ffe7d0e9596c Mon Sep 17 00:00:00 2001 From: Joshua Lubell Date: Fri, 1 Sep 2017 14:10:24 -0400 Subject: [PATCH] version 0.11 --- bt.xml | 3503 +++++++++++++++++++--------------------------------- index.html | 2 +- 2 files changed, 1239 insertions(+), 2266 deletions(-) diff --git a/bt.xml b/bt.xml index e744188..361602e 100644 --- a/bt.xml +++ b/bt.xml @@ -1,2276 +1,1249 @@ - - - - - - - - Baseline Tailor - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - AC-1 - - - - - - - 0.10 - - - - - - - 2017/08/31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - false - - http://nvd.nist.gov/800-53/Rev4 - - - - - - - - - - - - - true - - - - - - - - - - - - - - - false - - - - - - - - Guidance here. - - - - - - - - - - - 1 2 3 - - - - - - - - - - - 1 2 3 - - - - - - - - - - - false - - - - - - - - - - - - - - - - - - - - - - - - - - - - Control impact higher than lowest control enhancement impact. - - Control Enhancement impact lower than control impact. - - CM-7(4) impact as high or higher than CM-7(5) impact. Blacklisting and whitelisting - cannot be applied simultaneously, and whitelisting is more restrictive than blacklisting. - - - Control Enhancement must have LOW, MODERATE, or HIGH impact if adding supplemental - guidance. - - - Cross-reference to Control Enhancement without added supplemental guidance. - - - - - - - - - - - - - - - - - - - - - - - - - Controls from all families - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ACCESS CONTROL - - Rationale here. - - - - ACCESS CONTROL POLICY AND PROCEDURES - - 1 - - - - false - - Selected - - Selected - - Selected - - Guidance here. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + Baseline Tailor + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + AC-1 + + + + 0.11 + + + + 2017/09/01 + + + + + + + + + + + + + + + false + http://nvd.nist.gov/800-53/Rev4 + + + + + + + true + + + + + + + + false + + + + Guidance here. + + + + + + 1 2 3 + + + + + + 1 2 3 + + + + + + false + + + + + + + + + + + + + + + Control impact higher than lowest control enhancement impact. + Control Enhancement impact lower than control impact. + CM-7(4) impact as high or higher than CM-7(5) impact. Blacklisting and whitelisting cannot be applied simultaneously, and whitelisting is more restrictive than blacklisting. + Control Enhancement must have LOW, MODERATE, or HIGH impact if adding supplemental guidance. + Cross-reference to Control Enhancement without added supplemental guidance. + + + + + + + + + + + + + Controls from all families + + + + + + + + + + + + + + + + + + + + + + + ACCESS CONTROL + Rationale here. + + ACCESS CONTROL POLICY AND PROCEDURES + 1 + + false + Selected + Selected + Selected + Guidance here. + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- needle and thread image - Baseline Tailor - Version - - - - - User Guide (PDF) | - License | - Security Content and Tools - - -

- - - - - - -
- - - - Preferences - - Change user preferences. - - - - - -
- -
- - - -
- - - - needle and thread Security Control Editor tab: - - - - -
- -
- - - - factory NIST SP 800-82 (Revision 2) Industrial Control Systems overlay: - - - - -
- -
- - - - OK - - Accept selections. - - - - - -
- -
- -
-
- - -
- - - - Security Control Editor - - - - - - - - Cyber Framework Browser - - - - - - - - Cross References - - - - - - - - Framework Profile - - - - - -
- - - - - - -
- - - - - - - - - - - - - -
- -
- - - - Framework core function:
- - - - IDENTIFY (ID) - - ID - - - - - - PROTECT (PR) - - PR - - - - - - DETECT (DE) - - DE - - - - - - RESPOND (RS) - - RS - - - - - - RECOVER (RC) - - RC - - - - - - - - - - - -
- -
- -
- - - - - - - - - - - - - - - -
- - - - Category:
- - - - - - - - - - - - - - - -

- - - - : - - - - -
- - - - - - Subcategory:
- - - - - - - - - -

- - - - : - - -
- - - - - - - Remove subcategory - - - from the Framework Profile. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Add subcategory - - - to the Framework Profile. - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
- -
- -

- Informative References to NIST SP 800-53: -

- - - - - - - - - family - - - - - Open security control family - - - in a new browser tab. - - - - - - - - - - - - - - - - - - - - - - - - + +
- - - - - - - Open security control - - - definition in a new browser tab. - - - - - - - - - - - - - - - - - - factory - - Open NIST SP 800-82 ICS Overlay tailoring for security control definition in a new - browser tab. - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

+ needle and thread image + Baseline Tailor + Version + + + + User Guide (PDF) | + License | + Security Content and Tools + +

+ + + +
+ + Preferences + Change user preferences. + + +
+
+ +
+ + +needle and thread Security Control Editor tab: + +
+
+ + +factory NIST SP 800-82 (Revision 2) Industrial Control Systems overlay: + +
+
+ + OK + Accept selections. + + +
+
+
+
+ +
+ + Security Control Editor + + + + Cyber Framework Browser + + + + Cross References + + + + Framework Profile + + +
+ + + +
+ + + + + + +
+
+ + Framework core function:
+
+ + IDENTIFY (ID) + ID + + + PROTECT (PR) + PR + + + DETECT (DE) + DE + + + RESPOND (RS) + RS + + + RECOVER (RC) + RC + + + + + +
+
+
+ + + + + + + +
+ + Category:
+
+ + + + + + + +
+
+ + + : + + +
+ + + Subcategory:
+
+ + + + +
+
+ + + : + + +
+ + + + Remove subcategory + + from the Framework Profile. + + + + + + + + + + + + + + + + + Add subcategory + + to the Framework Profile. + + + + + + + + + + + + + +
+
+
+

+ Informative References to NIST SP 800-53:

+ + + + + family + + + Open security control family + + in a new browser tab. + + + + + + + + + + + + - - - - - - - -
+ + + + Open security control + + definition in a new browser tab. + + + + + + + + + +factory + + Open NIST SP 800-82 ICS Overlay tailoring for security control definition in a new browser tab. + - - - - - - - - - - - - - - - - link - - - Show Framework Core subcategories referencing - - - . - - - - - - - - - - - - - - - - - - - needle and thread - - - - Tailor security control. - - - - - - - - - - - - - - - -
- -
- - - - - - - - Open security control catalog in a new browser tab. - - - - - - - (except - - - ) - - - - - -
- -
- -
- - - - -
- - - - Check/uncheck the subcategory box to add to or remove the subcategory from the profile. - Click the subcategory button to show its Framework Core information. - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - XML representation: - - - - - - - - - -
- -
- -
- - - - -
- - - - - - - - - - - - - - - - -
- - - - Baselines: - - - - - - - LOW - - 1 - - - - - - MODERATE - - 2 - - - - - - HIGH - - 3 - - - - - - N/A - - 4 - - - - - - - - - Defaults - - Check LOW, MODERATE, and HIGH boxes. - - - - - - - - - - - - Priorities: - - - - - - - P0 - - 4 - - - - - - P1 - - 1 - - - - - - P2 - - 2 - - - - - - P3 - - 3 - - - - - - - - - Defaults - - Check P1, P2, and P3 boxes. - - - - - - - - - - - - Restrict controls to Framework Profile informative references: - -

- - - - - Control family:
- - - - - - - - - -
-

- - - - - Control:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-

- - - - - Framework Core Subcategories Referencing - - - - - - - Show Framework Core subcategories referencing - - - . - - - - - - - - - - - - - -
- -
- -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
CONTROL
NUMBER -
CONTROL NAME
Control Enhancement Name
-
BASELINE
IMPACT -
ADDED
SUPPLE-
MENTAL
GUIDANCE -
CONTROL BASELINES
LOWMODERATEHIGH
- -
- - - - - - - Open security control - - - definition in a new browser tab. - - - - - - - - - - factory - - - Open NIST SP 800-82 ICS Overlay tailoring for security control - - - definition in a new browser tab. - - - - - - - -
- - - -
- - - ( - - - ) - -
- -
- -
- -
- - - - - - - -
- - - -
- - -
- -
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- - - -
- - - -
- -
- -
- -
- - - -
- - - -
- - - -
- -
- -
- -
- - - -
- - - -
- - - -
- -
- -
- - - - XML representation: - - - - - - - - - - - - -
- - - - Additional Supplemental Guidance:
- -
- -
- - - - -
- - - - - Control Enhancement ( - - - ) Additional Supplemental Guidance:
- -
- - - - - - - -
- -
- -
- - -
- - - - Rationale for changing the baseline:
- -
- -
- - -
- -
- -
- - - - -
- - - Framework Core subcategories referencing control - - - :
- - - - - - - - - - - Show Framework Core - - - definition. - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
- -
- -
- + + + + +
+
+
+ + + + Open security control catalog in a new browser tab. + + + + (except + + ) + + +
+
+
+ + +
+ + Check/uncheck the subcategory box to add to or remove the subcategory from the profile. Click the subcategory button to show its Framework Core information. + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + XML representation: + + + + +
+
+
- -
- -
- -

- PLEASE NOTE: This is an experimental website. NIST does not endorse the views expressed, - or necessarily concur with the information presented on these sites. Further, NIST - does not endorse any commercial products that may be mentioned on these sites. All - the material on this website is in the public domain and is intended for unrestricted - use by interested parties, including any text, diagrams, or images, unless indicated - explicitly. -

- -

This website represents components defined in the NIST Framework for Improving Critical - Infrastructure Cybersecurity and security controls and associated assessment procedures - defined in NIST SP 800-53 Revision 4 Recommended Security Controls for Federal Information - Systems and Organizations. For any discrepancies noted in the content between this - website and the latest published NIST Cybersecurity Framework or Special Publication - SP 800-53 Revision 4, please defer to the official published documents that are posted - on http://csrc.nist.gov. -

- -

Certain commercial equipment, instruments, materials, systems, software, and trade - names may be identified throughout this site in order to specify or identify technologies - adequately. Such identification is not intended to imply recommendation or endorsement - by NIST or any other party, nor is it intended to imply that the systems or products - identified are necessarily the best available for the purpose. All data and other - information posted on this site is provided as a public service and is provided 'AS - IS.' NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, - WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY. -

- -

By selecting external links, you will be leaving NIST webspace. Links to other websites - are provided because they may have information that would be of interest to you. No - inferences should be drawn on account of other sites being referenced, or not, from - this page. There may be other websites that are more appropriate for your purpose. -

-
Privacy Policy | Security Notice | Accessibility Statement | Send feedback - -
+ +
+ + + + + + + + +
+ + Baselines: + + + + LOW + 1 + + + MODERATE + 2 + + + HIGH + 3 + + + N/A + 4 + + + + + Defaults + Check LOW, MODERATE, and HIGH boxes. + + + + + + Priorities: + + + + P0 + 4 + + + P1 + 1 + + + P2 + 2 + + + P3 + 3 + + + + + Defaults + Check P1, P2, and P3 boxes. + + + + + + Restrict controls to Framework Profile informative references: + +
+
+ + + Control family:
+
+ + + + +
+
+
+ + + Control:
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + Framework Core Subcategories Referencing + + + + Show Framework Core subcategories referencing + + . + + + + + + +
+
+

+ + + + + + + + + + + + + + + - - - - \ No newline at end of file + + + + + + + + + + + + + + + + + + + + + + + +
CONTROL
NUMBER
CONTROL NAME
+
Control Enhancement Name
+
BASELINE
IMPACT
ADDED
SUPPLE-
MENTAL
GUIDANCE
CONTROL BASELINES
LOWMODERATEHIGH
+
+ + + + Open security control + + definition in a new browser tab. + + + + + +factory + + + Open NIST SP 800-82 ICS Overlay tailoring for security control + + definition in a new browser tab. + + + +
+ +
+ + ( + + ) +
+
+
+
+ + + + +
+ +
+ + + +
+
+
+ + + + + + + + + + + + + + + +
+ +
+ +
+ +
+
+
+
+ +
+ +
+ +
+
+
+
+ +
+ +
+ +
+
+
+ + XML representation: + + + + + + +
+ + Additional Supplemental Guidance:
+
+
+
+ + +
+ + + Control Enhancement ( + + ) Additional Supplemental Guidance: +
+
+ + + +
+
+
+ +
+ + Rationale for changing the baseline:
+
+
+
+ +
+

+
+ + +
+ + Framework Core subcategories referencing control + + : +
+ + + + + + Show Framework Core + + definition. + + + + + + + + + + + + + + +
+
+
+
+ + +
+
+

+PLEASE NOTE: This is an experimental website. NIST does not endorse the views expressed, or necessarily concur with the information presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. All the material on this website is in the public domain and is intended for unrestricted use by interested parties, including any text, diagrams, or images, unless indicated explicitly.

+

This website represents components defined in the NIST Framework for Improving Critical Infrastructure Cybersecurity and security controls and associated assessment procedures defined in NIST SP 800-53 Revision 4 Recommended Security Controls for Federal Information Systems and Organizations. For any discrepancies noted in the content between this website and the latest published NIST Cybersecurity Framework or Special Publication SP 800-53 Revision 4, please defer to the official published documents that are posted on http://csrc.nist.gov.

+

Certain commercial equipment, instruments, materials, systems, software, and trade names may be identified throughout this site in order to specify or identify technologies adequately. Such identification is not intended to imply recommendation or endorsement by NIST or any other party, nor is it intended to imply that the systems or products identified are necessarily the best available for the purpose. All data and other information posted on this site is provided as a public service and is provided 'AS IS.' NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY.

+

By selecting external links, you will be leaving NIST webspace. Links to other websites are provided because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose.

+
+Privacy Policy | Security Notice | Accessibility Statement | Send feedback +
+ + + + diff --git a/index.html b/index.html index 4d10eda..508a4b0 100644 --- a/index.html +++ b/index.html @@ -4,7 +4,7 @@ Security Content and Tools -