Also, note the count of controls in the baselines, including the incremental jumps from LOW to MOD and MOD to HIGH. Note that these totals include controls and enhancements.
This blog is about understanding, auditing, and addressing risk in cloud environments. Systems and architectures are rapidly converging, hiding complexity with additional layers of abstraction. Simplicity is great for operations - as long as risks are understood and appropriately addressed.
Tuesday, March 16, 2021
Summary Statistics for NIST SP 800-53r5
Very interesting statistics, particularly around the related and cross-referenced controls. These counts are related to the Top Level controls. While certainly not an absolute flag, these counts are an interesting indicator of the importance of each of the controls.