GithubHelp home page GithubHelp logo

Comments (4)

42mst avatar 42mst commented on June 12, 2024 1

@ab-smith
Yes makes sense. Are you planning to do it on a subset first? There are also ready-to-use mappings. I will list a couple of them in here:
NIS2 - ISO 2.pdf
sp800-53r4-to-r5-comparison-workbook.xlsx
Zuordnung_ISO_und_IT_Grundschutz.pdf
27002 2013 2022 Controls Mapping.xlsx
C5_2020_Referenztabelle.xlsx
Copy of CCF-VER2.xlsx
CyFun mapping Public_v20231106.xlsx

Doing this in combination with the #240 will be a gamechanger.

from ciso-assistant-community.

ab-smith avatar ab-smith commented on June 12, 2024 1

Hey, we will use the existing mappings as a starting point and keep the same approach of letting the community review and enrich them

from ciso-assistant-community.

42mst avatar 42mst commented on June 12, 2024

@ab-smith
As already mentioned in the discussion sector: What about this case;

Do you think this documentation/data-model.md model is sufficient enough in the long run?

Initial situation:

ISO27001 <-> NIST
ISO27001 <-> CCB
Client A is currently NIST compliant

Goal:

Client A needs to implement the latest CCB requirements to be NIS2 compliant.

Current Model:

Currently that means in your model that each control needs to be mapped against each other control which would create a huge overhead.
Maybe ( I´m not sure about that) it would make more sense to have a - let´s say - top level framework, like the ISO27001
All controls need to be mapped to that
To achieve the described goal you would have/need to implement a transitive relationship between the frameworks and by that the controls
--> NIST <-> ISO27001 <-> CCB
By that the top-level framework will always be the connecting element.

from ciso-assistant-community.

ab-smith avatar ab-smith commented on June 12, 2024

Hey, sorry @42mst I missed your comment on this one. As a matter of fact, what we are building currently is pretty close to what you're describing using a graph representation; for instance:

image

we will set the filled arrows, and the dashed ones will be deduced.

makes sense?

from ciso-assistant-community.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.