NIST SP 800-53 is a risk management framework that provides a standard of security and privacy controls for information systems and organizations to protect organizational operations, assets, and individuals from a diverse set of threats such as hostile attacks, human errors, natural disasters, structural failures, and privacy risks. NIST SP 800-53 breaks these guidelines up into 3 minimum security controls spread across 18 different control families. NIST SP 800-53 provides the baseline for CSF, FedRamp, DISA, HIPAA, and FINRA regulatory frameworks among others.
The c1 Policy to Control Mapper application uses control families to help compliance teams easily align controls to related policies. These policies are labeled with their respective families which are then used to align to specific controls correlated to the policy’s family.
The c1 Policy-to-Control Mapper application uses NIST SP 800-53 control families to align controls to their matching policy. A custom table provides a simple way to view and manage the relationships between each control to policies. A dashboard is provided to display your overall mappings.
Policy-to-Control Mapper Includes:
-
Dashboard - Reports on key metrics for mapped controls to aligning policies
-
Custom Table - Custom table that allows users to see a listed relation between control that is aligned to a specific policy
-
Business Rule - Custom business rules that map policies to control if the control is not already mapped.
· ServiceNow
· Policy and Compliance