Topics Map > UW-Madison > Cybersecurity

UW-Madison - Policy Portfolio - Cybersecurity Portfolio NIST Control Mappings

For cybersecurity experts: All the policy portfolios into which cybersecurity policies are collected, showing the NIST security and privacy controls associated with each portfolio.

Cybersecurity Portfolios

Mapping of Cybersecurity Portfolios to NIST Privacy and Security Control Families

NIST Control Families

Security Control Families

Mapping of NIST Security Control Familiies to Cybersecurity Portfolios
Abbr. Control Family Name Controls in Family Cybersecurity Portfolio
AC Access Control All Identity and Access Management (IAM) Portfolio
AT Awareness and Training All Education, Training and Awareness Porfolio
AU Audit and Accountability All Monitoring and Mitigation Portfolio
CA Security Assessment and Authorization 1 to 6, 9 (end) Risk Management Portfolio
CA Security Assessment and Authorization 1, 7 to 8 Monitoring and Mitigation Portfolio
CM Configuration Management All Configuration and Maintenance Portfolio
CP Contingency Planning All Contingency Planning Portfolio
IA Identification and Authentication All Identity and Access Management (IAM) Portfolio
IR Incident Response All Monitoring and Mitigation Portfolio
MA Maintenance All Configuration and Maintenance Portfolio
MP Media Protection All Education, Training and Awareness Portfolio
PE Physical and Environmental Protection 1 to 8 Identity and Access Management (IAM) Portfolio
PE Physical and Environmental Protection 1, 9 to 20 (end) Contingency Planning Portfolio
PL Planning All Risk Management Portfolio
PM Project Management All Risk Management Portfolio
PS Personnel Security 1 to 3, 8 (end) Risk Management Portfolio
PS Personnel Security 4 to 7 Identity and Access Management (IAM) Portfolio
RA Risk Assessment All Risk Management Portfolio
SA Systems and Services Acquisition All Acquisition and Development Portfolio
SC System and Communications Protection Subject to interpretation * Configuration and Maintenance Portfolio, or
Identity and Access Management (IAM) Portfolio, or
Monitoring and Mitigation Portfolio *
SI System and Information Integrity Subject to interpretation * Configuration and Maintenance Portfolio, or
Identity and Access Management (IAM) Portfolio, or
Monitoring and Mitigation Portfolio *

Privacy Control Families

Mapping of NIST Privacy Control Familiies to Cybersecurity Portfolios
Abbr. Control Family Name Controls in Family Cybersecurity Portfolio
AP Authority and Purpose All Privacy Portfolio
AR Accountability, Audit, and Risk Management 1 to 2, 4 Risk Management Portfolio
AR Accountability, Audit, and Risk Management 3, 7 Acquisition and Development Portfolio
AR Accountability, Audit, and Risk Management 5 Education, Training and Awareness Portfolio
AR Accountability, Audit, and Risk Management 6, 8 (end) Monitoring and Mitigation Portfolio
DI Data Quality and Integrity All Privacy Portfolio
DM Data Minimization and Retention 1 to 2 Configuration and Maintenance Portfolio
DM Data Minimization and Retention 3 (end) Privacy Portfolio
IP Individual Participation and Redress All Privacy Portfolio
SE Security 1 Configuration and Maintenance Portfolio
SE Security 2 (end) Monitoring and Mitigation Portfolio
TR Transparency All Privacy Portfolio
UL Use Limitation All Privacy Portfolio

Notes

* Some SC (System and Communications Protection) and SI (System and Information Integrity) controls are difficult to characterize unambiguously. They could be viewed as a means of ensuring that access is limited to authorized persons, similar to the Identity and Access Management Portfolio, or as system or network configuration, similar to the Configuration and Maintenance Portfolio, or as a means of detecting and countering malicious activity, similar to the Monitoring and Mitigation Portfolio. When a policy or related document is associated with SC or SI controls, the overall emphasis of the document needs to be considered.



Keywords:
group list
Doc ID:
58542
Owned by:
Tim B. in IT Policy
Created:
2015-11-27
Updated:
2022-08-31
Sites:
IT Policy