Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/trevorbryant/awesome-controls

A collection of awesome security controls mapping for solutions across frameworks.
https://github.com/trevorbryant/awesome-controls

List: awesome-controls

Last synced: 3 months ago
JSON representation

A collection of awesome security controls mapping for solutions across frameworks.

Host: GitHub
URL: https://github.com/trevorbryant/awesome-controls
Owner: trevorbryant
License: mit
Created: 2019-12-06T02:47:17.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2020-06-01T17:13:14.000Z (over 4 years ago)
Last Synced: 2024-04-11T19:10:24.689Z (7 months ago)
Homepage:
Size: 48.8 KB
Stars: 45
Watchers: 8
Forks: 9
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: contributing.md
- License: LICENSE

Awesome Lists containing this project

ultimate-awesome - awesome-controls - A collection of awesome security controls mapping for solutions across frameworks. (Other Lists / PowerShell Lists)

README

        # Awesome Controls

[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

A collection of awesome security controls mapping for solutions across frameworks.

Before contributing, please review the [Contribution Guidelines](https://github.com/trevorbryant/awesome-controls/blob/master/contributing.md).

 - [Awesome Controls](#awesome-controls)

   - [Center for Internet Security](#center-for-internet-security)

   - [HIPAA](#hipaa)

   - [MITRE ATT&CK](#mitre-att&ck)   

   - [National Institute of Standards and Technology](#national-institute-of-standards-and-technology)

     - [Cybersecurity Framework](#cybersecurity-framework)

     - [National Initiative for Cybersecurity Education](#national-initiative-for-cybersecurity-education)     

     - [Risk Management Framework](#risk-management-framework)

## Center for Internet Security

[Center for Internet Security Overview](https://www.cisecurity.org/about-us/)

 - [20 CIS Controls & Resources](https://www.cisecurity.org/controls/) - The top 20 critical security controls as recommended by CIS.

 - [Tanium](https://info.tanium.com/l/286192/2017-02-01/3xf4/286192/3443/CIS_Critical_Security_Conntrols_Checklist.pdf) - Tanium solutions and modules aligning to the CIS controls.

 - [Qualys](http://www.cog-security.com/wp-content/uploads/2016/12/Qualys-SANS-Top-20-CSC-Mapping.pdf) - Qualys correlating the CIS Critical Security Controls 2016 from NIST CSF.

## HIPAA

[HIPAA Security Rule Overview](https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html)

 - [IBM](https://www.ibm.com/downloads/cas/YA367DR0) - IBM solutions and modules mapping to the HIPAA framework.

 - [HIPAA](https://www.hhs.gov/sites/default/files/nist-csf-to-hipaa-security-rule-crosswalk-02-22-2016-final.pdf) - HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework.

## MITRE ATT&CK

[MITRE ATT&CK Design and Philosophy](https://www.mitre.org/publications/technical-papers/mitre-attack-design-and-philosophy)

 - [Evaluations](https://attackevals.mitre.org/) - MITRE evaluates cybersecurity products using an open methodology based on the ATT&CK™ framework.

## National Institute of Standards and Technology

### Cybersecurity Framework

[Cybersecurity Framework Overview](https://www.nist.gov/cyberframework)

 - [Aruba](https://www.arubanetworks.com/assets/wp/WP_SecuritySolutionsNIST.pdf) - Aruba 360 Secure Fabric mapping other frameworks to overall NIST CSF.

 - [Avecto](https://avectoweb.blob.core.windows.net/cms/1502/whitepaper-nist-cybersec-framework.pdf) - Avecto white paper to secure user privileges.

 - [AWS](https://d1.awsstatic.com/whitepapers/compliance/AWS_Services_and_Customer_Responsibility_Matrix_for_Alignment_to_the_CSF.fca4b7f5c7282cc221dee72732624a0389aa2596.xlsx) - Evaluate and align the NIST CSF and the many AWS Cloud offerings public and commercial.

 - [Cisco](https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKSEC-1021.pdf) - Detailed presentation from Cisco LIVE! on Cisco's portfolio to CSF satisfaction.

 - [Concurrency](https://www.concurrency.com/getmedia/4d4161fe-0f74-45ad-a33b-bd921c1238ba/Concurrency-NIST-(NCF)-and-GDPR-to-Microsoft-Technologies-Map.aspx) - Concurrency correlates Microsoft technologies to NIST CSF, RMF, ISO, and GDPR.

 - [FFIEC Cybersecurity Assessment Tool](https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_App_B_Map_to_NIST_CSF_June_2015_PDF4.pdf) - FFIEC Cybersecurity Assessment Tool to organizational implementation of the NIST CSF.

 - [ForcePoint](https://www.forcepoint.com/sites/default/files/resources/files/solution_brief_nist_framework_en.pdf) - Forcepoint’s Human Point System high level mapping to NIST CSF.

 - [ForeScout](https://www.forescout.com/company/resources/improving-nist-csf-maturity-with-the-forescout-platform/) - CSF mapping across solutions provided by ForeScout.

 - [McAfee](https://www.mcafee.com/enterprise/en-us/assets/guides/restricted/gd-nist-cybersecurity-framework-mapping.pdf)- McAfee mapping CSF to solutions and partner solutions.

 - [Microsoft](http://download.microsoft.com/download/B/1/8/B18F4C7D-5CBA-4E68-A437-31F1E908ACBA/Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdf) - Microsoft mapping of cybersecurity offerings across NIST CSF, CIS, and ISO27001:2013 frameworks.

 - [NIST](https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf) - NIST mapping of CSF categories to NIST SP 800-53 controls.

 - [NIST CSF and HITRUST CSF Mapping](https://www.us-cert.gov/sites/default/files/c3vp/framework_guidance/HPH_Framework_Implementation_Guidance.pdf) - Table is based on initial mappings of the controls in the 2015 CSF v7 release to the NIST CSF subcategories.

 - [Mapping PCI DSS v3.2.1 to the NIST Cybersecurity Framework v1.1](https://www.pcisecuritystandards.org/pdfs/Mapping-PCI-DSS-to-NIST-Framework.pdf) - The resultant mapping shows where the NIST Framework and PCI DSS contribute to the same security outcomes.

 - [Sentinel One](https://go.sentinelone.com/rs/327-MNM-087/images/NIST_WP.pdf) - Breakdown of SentinelOne addressing each of the five function within the NIST Framework

Core.

 - [Tanium](https://info.tanium.com/l/286192/2017-12-14/pwz19/286192/43692/Tanium_and_NIST_Framework_Web.pdf) - Tanium solutions and modules addressing NIST CSF.

 - [Titus](https://www.titus.com/nist-cybersecurity) - Titus solutions aligning with the Identify, Detect, and Respond functions of the Framework.

### National Initiative for Cybersecurity Education

[NICE Framework Overview](https://www.nist.gov/itl/applied-cybersecurity/nice/nice-cybersecurity-workforce-framework-resource-center)

 - [Certifications](https://www.nist.gov/document/illustrativemappingofcertificationstoniceframeworkversion10xlsx) - Illustrative mapping of certifications as created by the Health and Human Services Office of Information Security (OIS).

 - [NICCS](https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework) - A taxonomy and common lexicon to describe cybersecurity work, and workers, regardless of where, or for whom, the work is performed.

### Risk Management Framework

[Risk Management Framework Overview](https://csrc.nist.gov/projects/risk-management/risk-management-framework-(RMF)-Overview)

 - [Carbon Black](https://cdn.www.carbonblack.com/wp-content/uploads/2017/04/NIST-Special-Publication-800-53-Mapping-1.pdf) - Security and privacy controls for Federal information systems and organizations mapping for Carbon Black.

 - [Concurrency](https://www.concurrency.com/getmedia/4d4161fe-0f74-45ad-a33b-bd921c1238ba/Concurrency-NIST-(NCF)-and-GDPR-to-Microsoft-Technologies-Map.aspx) - Concurrency correlates Microsoft technologies to NIST CSF, RMF, ISO, and GDPR

.

 - [ForeScout](https://www.forescout.com/company/resources/nist-risk-management-framework-and-forescout-counteract-datasheet/) - RMF controls mapping for ForeScout CounterACT.

 - [RedSeal](https://www.redseal.net/files/Compliance%20Datasheets/NIST%20Compliance%20with%20RedSeal.pdf) - RedSeal’s cybersecurity capabilities closely align with many of the controls in NIST 800-53r4.

 - [PNNL](https://www.pnnl.gov/main/publications/external/technical_reports/PNNL-28347.pdf) - Overview of the Risk Management Framework (RMF) codified in NIST Special Publication (SP) 800-37r1 for the Federal Energy Management Program (FEMP).

 - [OpenShift](https://openshift-compliance-guide.readthedocs.io/en/latest/controls.html#control) - RedHat's OpenShift security control satisfaction per capability and tenant relationship.

 - [SIMP](https://simp.readthedocs.io/en/master/security_mapping/controls/nist80053rev4/800-53-controls.html) - Onyx Point's System Integrity Management Platform (SIMP) security controls satisfaction per capability.

 - [VMWare](https://blogs.vmware.com/cloud-foundation/2019/08/08/compliance-kit-nist-800-53/) - VMWare compliance kit mapping control satisfaction by configuration hardening and applicability.