I ran across this again today working on an internal project for VMware. We are a team of likeminded professionals who enjoy quality work and sharing with the community to raise the bar for everyone.
What struck me when I reopened this workbook is remembering the many very, *very* long days. Mapping is an incomplete science, filled with subjective relationships. However, starting from scratch, using homegrown tools and my own reading through the controls, I remapped as accurately as I could the relationship between the PCI DSS and the body of controls established by NIST SP 800-53r5.
We have our own internal agendas and projects related to this work. However, the data here can help someone else struggling with the volume of frameworks and managing the complex relationships between all of them.
I stand by the mapping as 90% correct. I've learned through the years there are usually ways to improve the accuracy of subjective data. Please let me know if you find an error! Use as you see fit. Look for 2023 PCI DSSv4 to NIST 800-53r5 on davischr2/Cloud-Documents (github.com) or Blog Downloads (compliancequickstart.com).
#pci #pcicompliance #nist #sp80053r5
Cross Posted on LinkedIn: PCI DSS to SP 800-53r5 | LinkedIn