[Global_industry_committee] [GPC] FW: OWASP to NIST 800-53 mapping?

Jason Li jason.li at owasp.org
Tue Feb 1 19:33:34 EST 2011


I'm not aware of any projects that do such a mapping either.

The Industry Committee regularly looks at federal standards and documents
related to AppSec - they may be able to provide some pointers?

-Jason

On Tue, Feb 1, 2011 at 8:57 PM, Brad Causey <bradcausey at owasp.org> wrote:

> Richard,
>
> Currently there is not a mapping that we are aware of. My 'other' job is in
> the financial space, and I'd be happy to work with you or your folks to
> create one.
>
>
> -Brad Causey
> CISSP, MCSE, C|EH, CIFI, CGSP
>
> http://www.owasp.org
> --
> "Si vis pacem, para bellum"
> --
>
>
>
> On Tue, Feb 1, 2011 at 2:55 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> There is a ASVS to NIST mapping, I'm not sure where it is, but that is the
>> best we have.
>>
>> Unfortunately, I've seen a lot of pushback on ASVS since it forces certain
>> activities (scan this, manual that). A catalog of basic controls would be
>> way more effective than ASVS, IMO.
>>
>> -Jim Manico
>> http://manico.net
>>
>> On Feb 1, 2011, at 1:37 PM, "Kate Hartmann" <kate.hartmann at owasp.org>
>> wrote:
>>
>> I’m hoping that someone in the GPC has an idea of what Richard is
>> referring to.
>>
>>
>>
>> Thank you.
>>
>>
>>
>> Kate Hartmann
>>
>> Operations Director
>>
>> 301-275-9403
>>
>> <http://www.owasp.org/>www.owasp.org
>>
>> Skype:  Kate.hartmann1
>>
>>
>>
>> *From:* Campbell, Richard S. [mailto:RCampbell at FDIC.gov]
>> *Sent:* Tuesday, February 01, 2011 1:29 PM
>> *To:* <kate.hartmann at owasp.org>kate.hartmann at owasp.org
>> *Subject:* OWASP to NIST 800-53 mapping?
>>
>>
>>
>> Several of our security auditors and contractors have asked if there is a
>> mapping of the OWASP programming standards to NIST 800-53. We were hoping
>> that this has been done to avoid reinventing the mapping. Who would know?
>>
>> Thanks!
>>
>> Richard Campbell
>> Federal Deposit Insurance Corporation
>> Senior Security and Enterprise Architect
>> 703 516 1135
>>
>> _______________________________________________
>> Global-projects-committee mailing list
>> Global-projects-committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>>
>>
>> _______________________________________________
>> Global-projects-committee mailing list
>> Global-projects-committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>>
>>
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20110202/623f33b0/attachment.html 


More information about the Global_industry_committee mailing list