You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Regarding NIST 800-53 in OpenCRE I noticed that the mapping is created only on the control level so it does not include control enhancements e.g., AC-2 is linked to 724-770 but AC-2(5) "Inactivity logout" is not linked to any other though it could be linked to 065-782 "Ensure session timeout (soft/hard)".
Is there a plan to create a NIST 800-53 mapping at this level in the future, or would you be open to contributions regarding this granularity? I mean it's surely more maintenance and in general mapping at the right abstraction layer between different frameworks is not a trivial question but I think it would make sense to match up sub-controls/control enhancements this way due to the fact that NIST 800-53 is a widely used framework.
The text was updated successfully, but these errors were encountered:
Regarding NIST 800-53 in OpenCRE I noticed that the mapping is created only on the control level so it does not include control enhancements e.g., AC-2 is linked to 724-770 but AC-2(5) "Inactivity logout" is not linked to any other though it could be linked to 065-782 "Ensure session timeout (soft/hard)".
Is there a plan to create a NIST 800-53 mapping at this level in the future, or would you be open to contributions regarding this granularity? I mean it's surely more maintenance and in general mapping at the right abstraction layer between different frameworks is not a trivial question but I think it would make sense to match up sub-controls/control enhancements this way due to the fact that NIST 800-53 is a widely used framework.
The text was updated successfully, but these errors were encountered: