Comments (4)
@ab-smith
Yes makes sense. Are you planning to do it on a subset first? There are also ready-to-use mappings. I will list a couple of them in here:
NIS2 - ISO 2.pdf
sp800-53r4-to-r5-comparison-workbook.xlsx
Zuordnung_ISO_und_IT_Grundschutz.pdf
27002 2013 2022 Controls Mapping.xlsx
C5_2020_Referenztabelle.xlsx
Copy of CCF-VER2.xlsx
CyFun mapping Public_v20231106.xlsx
Doing this in combination with the #240 will be a gamechanger.
from ciso-assistant-community.
Hey, we will use the existing mappings as a starting point and keep the same approach of letting the community review and enrich them
from ciso-assistant-community.
@ab-smith
As already mentioned in the discussion sector: What about this case;
Do you think this documentation/data-model.md model is sufficient enough in the long run?
Initial situation:
ISO27001 <-> NIST
ISO27001 <-> CCB
Client A is currently NIST compliant
Goal:
Client A needs to implement the latest CCB requirements to be NIS2 compliant.
Current Model:
Currently that means in your model that each control needs to be mapped against each other control which would create a huge overhead.
Maybe ( I´m not sure about that) it would make more sense to have a - let´s say - top level framework, like the ISO27001
All controls need to be mapped to that
To achieve the described goal you would have/need to implement a transitive relationship between the frameworks and by that the controls
--> NIST <-> ISO27001 <-> CCB
By that the top-level framework will always be the connecting element.
from ciso-assistant-community.
Hey, sorry @42mst I missed your comment on this one. As a matter of fact, what we are building currently is pretty close to what you're describing using a graph representation; for instance:
we will set the filled arrows, and the dashed ones will be deduced.
makes sense?
from ciso-assistant-community.
Related Issues (20)
- Problème export et preuve et mesure associé HOT 10
- Problem with login HOT 2
- Use the annotations for controls suggestion
- Bad rendering of risk matrix legends in risk assessment report HOT 3
- Make all requirement nodes potentially assessable
- Possibility to choose the columns to be displayed in a table and in a report
- Risk scenario data is reloaded when creating an applied control from within the page HOT 2
- Private self signed certificate from our own PKI HOT 6
- Add/fix the Requirement assessments page HOT 3
- Make all requirement nodes under another node as not applicable, at once
- Unexpected error occured while upgrading a still present library HOT 6
- Ldap integration? HOT 3
- Erreur d'export d'audit / Error on audit export -- community edition; HOT 3
- Error 500 when the session expires HOT 2
- Error with migrations HOT 5
- Cannot clone the repo HOT 1
- Intermittent cases of getaddrinfo failing between frontend and backend HOT 8
- Requirement assessment page, can't delete the applied control if there's only one item HOT 1
- Add a field "Guidance" to the Audit control form HOT 1
- Ability to clone an existing audit HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ciso-assistant-community.