Date Published: May 2017
Comments Due: June 30, 2017 (public comment period is CLOSED)
Email Questions to:
nistir8170@nist.gov
[Updated 6/27/17: A spreadsheet is now available that maps SP 800-53 Rev. 4 controls to subcategories of the Cybersecurity Framework (v1.0).]
Draft NISTIR 8170 provides guidance on how the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) can be used in the U.S. Federal Government in conjunction with the current and planned suite of NIST security and privacy risk management publications. The specific guidance was derived from current Cybersecurity Framework use. To provide federal agencies with examples of how the Cybersecurity Framework can augment the current versions of NIST security and privacy risk management publications, this guidance uses common federal information security vocabulary and processes.
NIST will engage with agencies to add content based on agency implementation, refine current guidance and identify additional guidance to provide the information that is most helpful to agencies. Feedback will also help to determine which Cybersecurity Framework concepts are incorporated into future versions of the suite of NIST security and privacy risk management publications. NIST would like feedback that addresses the following questions:
None selected
Publication:
Draft NISTIR 8170 (pdf)
Supplemental Material:
Mapping SP 800-53 Rev. 4 controls to subcategories of NIST CSF v1.0 (xlsx)
Related NIST Publications:
Document History:
05/12/17: IR 8170 (Draft)
03/19/20: IR 8170 (Final)
Executive Order 13636, Federal Information Security Modernization Act