Enhancing Vulnerability Management with Frameworks (Part 2): 800-53, NIST CSF and a Modified SANS PIACT

In Part 1, I explored the intersection of the NIST Cybersecurity Framework (CSF) and the SANS PIACT (Prepare, Identify, Assess, Communicate, Treat) framework for vulnerability management. I identified enhancements to the PIACT framework to better capture the full lifecycle of vulnerability management and mapped 34 relevant NIST CSF controls to this modified PIACT framework. Now, in this follow-up post, we'll take the next step: mapping these 34 CSF controls to the NIST 800-53 rev 5 security controls, thereby creating a comprehensive PIACT to NIST CSF to NIST 800-53 mapping.

Here is a an image of the first few rows; for a sortable, easily accessible mapping of them all, all you have to do is subscribe!