I ran across
this again today working on an internal project for VMware. We are a team of
likeminded professionals who enjoy quality work and sharing with the community
to raise the bar for everyone.
What struck me
when I reopened this workbook is remembering the many very, *very* long days.
Mapping is an incomplete science, filled with subjective relationships.
However, starting from scratch, using homegrown tools and my own reading
through the controls, I remapped as accurately as I could the relationship
between the PCI DSS and the body of controls established by NIST SP 800-53r5.
We have our own
internal agendas and projects related to this work. However, the data here can
help someone else struggling with the volume of frameworks and managing the
complex relationships between all of them.
I stand by the
mapping as 90% correct. I've learned through the years there are usually ways
to improve the accuracy of subjective data. Please let me know if you find an
error! Use as you see fit. Look for 2023 PCI DSSv4 to NIST 800-53r5 on davischr2/Cloud-Documents
(github.com) or Blog Downloads (compliancequickstart.com).
#pci #pcicompliance
#nist #sp80053r5
Cross Posted on LinkedIn: PCI DSS to SP 800-53r5 | LinkedIn