Skip to content

Add FSSCC profile, FFIEC CAT, & AICPA Trust Services Criteria (SOC2), SCF; Misc fixes #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mcjon3z wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Add FSSCC profile, FFIEC CAT, & AICPA Trust Services Criteria (SOC2), SCF; Misc fixes #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
7d8506a
fsscc profile v1.0
Feb 13, 2021
d9d5ecf
FFIEC Cybersecurity Assessment Tool Domains
Feb 13, 2021
53d70a0
fix some typos in FFIEC CAT relationships
Feb 13, 2021
67669c8
Add AICPA Trust Services Criteria (SOC2/3)
Feb 14, 2021
c1ba7c2
update README
Feb 14, 2021
c9dae3c
add missing NIST 800-171 hierarchal associations
Mar 29, 2022
3b487c2
Add secure controls framework
mcjon3z Feb 22, 2023
9a716dd
add missing sequences
mcjon3z Feb 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ ID |Framework | URL | Version | Notes
`800_171_v1` | Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | [NIST 800-171](https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final) | 1 |
`owasp_10_v3` | Open Web Application Security Project (OWASP) Top Ten Proactive Controls 2018 | [OWASP Top 10](https://owasp.org/www-project-proactive-controls/) | 3 | Distinct from [OWASP Top 10 Security Risks](https://owasp.org/www-project-top-ten/)
`asvs_v4.0.1` | OWASP Application Security Verification Standard | [ASVS](https://owasp.org/www-project-application-security-verification-standard/) | 4.0.1 |
`fsscc_profile_v1.0` | Financial Services Sector Coordinating Council (FSSCC) Profile | [FSSCC](https://fsscc.org/The-Profile-FAQs) | 1.0 |
`ffiec_cat_v2017.05` | Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool | [FFIEC](https://www.ffiec.gov/cyberassessmenttool.htm) | 2017.05 (May, 2017) | Only includes maturity domains; risk profiles are excluded as they do not fit within the framework of this project
`aicpa_tsc_v2017` | AICPA Trust Services Criteria (SOC2 / SOC3) | [AICPA](https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf) | 2017 |
`scf` | Secure Controls Framework | [SCF](https://www.securecontrolsframework.com/trust-services-criteria.pdf) | 2022.3 |

### Control Format

Expand Down Expand Up @@ -168,7 +172,7 @@ The data and tools in this project can support:
* [ ] Capture equivalence and associative mappings for 800-171 to 800-53
* [ ] Capture equivalence and associative mappings for CIS CSC to NIST 800-53
* [ ] Consider ways to include adversary activity taxonomies (_e.g._, [ATT&CK](https://attack.mitre.org/), [OWASP Top 10 Security Risks](https://owasp.org/www-project-top-ten/), [CAPEC](https://capec.mitre.org/))
* [ ] Consider including additional frameworks like SOC 2, PCI/DSS, ISO 2700X, COBIT, ITIL, HIPAA/HITRUST, FedRAMP
* [ ] Consider including additional frameworks like PCI/DSS, ISO 2700X, COBIT, ITIL, HIPAA/HITRUST, FedRAMP

## License and Notice

Expand Down
7,643 changes: 6,096 additions & 1,547 deletions data/controls.csv
View file
Open in desktop

Large diffs are not rendered by default.

Loading