usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 05:53:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

Consider adding an 800-171 baseline #331

New Issue
Closed
opened 2026-01-19 18:30:05 +00:00 by michael · 2 comments
michael commented 2026-01-19 18:30:05 +00:00
Owner
Copy Link

Originally created by @cistone on GitHub.

The 800-171 is used by many organizations. Having a baseline mapped to the 171 would be helpful.
https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final

Originally created by @cistone on GitHub. The 800-171 is used by many organizations. Having a baseline mapped to the 171 would be helpful. https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
michael commented 2026-01-19 18:30:06 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

NIST 800-171 baseline has been added to the baselines in the baselines directory and nist 800-171 references have been added to the files, we are looking for feedback before we create an official release of it.

@robertgendler commented on GitHub: NIST 800-171 baseline has been added to the baselines in the baselines directory and nist 800-171 references have been added to the files, we are looking for feedback before we create an official release of it.
michael commented 2026-01-19 18:30:06 +00:00
Author
Owner
Copy Link

@blairheiserman commented on GitHub:

This is likely a tricky mapping to complete. In reviewing the crosswalk of 800-171 Appendix D to the 800-53 controls, getting direct one to one mappings which would allow the assertion of full compliance are fewer than is ideal.

Too many of the controls are one to many or many to many mappings making it difficult to clearly assert compliance. For example, 3.5.3 (page 70), maps to IA-2(1), IA-2(2), IA-2(3). This requires multiple rules to fully implement the single 800-171 control. For the directly mapped one to one mappings, this should be relatively straightforward as long as it does not also require multiple technical implementation steps. Otherwise supplemental checks would be required to capture the full scope of the control.

We invite anyone who has performed this crosswalk of technical 800-53 to 800-171 controls, and in particular the many to many relationships, to contribute to the project.

@blairheiserman commented on GitHub: This is likely a tricky mapping to complete. In reviewing the crosswalk of 800-171 Appendix D to the 800-53 controls, getting direct one to one mappings which would allow the assertion of full compliance are fewer than is ideal. Too many of the controls are one to many or many to many mappings making it difficult to clearly assert compliance. For example, 3.5.3 (page 70), maps to IA-2(1), IA-2(2), IA-2(3). This requires multiple rules to fully implement the single 800-171 control. For the directly mapped one to one mappings, this should be relatively straightforward as long as it does not also require multiple technical implementation steps. Otherwise supplemental checks would be required to capture the full scope of the control. We invite anyone who has performed this crosswalk of technical 800-53 to 800-171 controls, and in particular the many to many relationships, to contribute to the project.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#331
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?