U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST IR 8477 (Initial Public Draft)

Mapping Relationships Between Documentary Standards, Regulations, Frameworks, and Guidelines: Developing Cybersecurity and Privacy Concept Mappings

Date Published: August 17, 2023
Comments Due: October 6, 2023
Email Comments to: mapping@nist.gov

Author(s)

Karen Scarfone (Scarfone Cybersecurity), Murugiah Souppaya (NIST), Michael Fagan (NIST)

Announcement

Understanding how the elements of diverse sources of cybersecurity and privacy content are related to each other is an ongoing challenge for people in nearly every organization. This document explains NIST’s proposed approach for identifying and documenting relationships between concepts such as controls, requirements, recommendations, outcomes, technologies, functions, processes, techniques, roles, and skills.

NIST intends for the approach to be used for mapping relationships involving NIST cybersecurity and privacy publications that will be submitted to NIST’s National Online Informative References (OLIR) Program for hosting in NIST’s online Cybersecurity and Privacy Reference Tool (CPRT). This will include mapping the equivalent of the NIST Cybersecurity Framework’s (CSF) 1.1 Informative References in support of CSF 2.0.

By following this approach, NIST and others in the cybersecurity and privacy standards community can jointly establish a single concept system over time that links cybersecurity and privacy concepts from many sources into a cohesive, consistent set of relationship mappings. The mappings can then be used by different audiences to better describe the interrelated aspects of the global cybersecurity and privacy corpus.

The public comment period for this draft is open through October 6, 2023. Submit your comments to mapping@nist.gov.

Abstract

Keywords

concept mapping; crosswalk; cybersecurity; mapping; privacy; relationship; terminology science
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8477.ipd
Download URL

Supplemental Material:
None available

Document History:
08/17/23: IR 8477 (Draft)

Topics

Security and Privacy

controls, general security & privacy, security programs & operations

Applications

cybersecurity framework

Laws and Regulations

E-Government Act