[Global_industry_committee] [GPC] FW: OWASP to NIST 800-53 mapping?

Colin Watson colin.watson at owasp.org
Fri Feb 4 10:36:00 EST 2011


Jason et al

We at the Industry Committee are not aware of any such existing
mapping, but we did co-ordinate a response to Draft NIST SP 800-53
Revision 3 in early 2009 and some other NIST documents since then:

   http://www.owasp.org/index.php/Global_Industry_Committee#Completed_Items

It would certainly be good to have.

Colin

On 2 February 2011 00:33, Jason Li <jason.li at owasp.org> wrote:
> I'm not aware of any projects that do such a mapping either.
> The Industry Committee regularly looks at federal standards and documents
> related to AppSec - they may be able to provide some pointers?
> -Jason
>
> On Tue, Feb 1, 2011 at 8:57 PM, Brad Causey <bradcausey at owasp.org> wrote:
>>
>> Richard,
>>
>> Currently there is not a mapping that we are aware of. My 'other' job is
>> in the financial space, and I'd be happy to work with you or your folks to
>> create one.
>>
>>
>> -Brad Causey
>> CISSP, MCSE, C|EH, CIFI, CGSP
>>
>> http://www.owasp.org
>> --
>> "Si vis pacem, para bellum"
>> --
>>
>>
>> On Tue, Feb 1, 2011 at 2:55 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>> There is a ASVS to NIST mapping, I'm not sure where it is, but that is
>>> the best we have.
>>> Unfortunately, I've seen a lot of pushback on ASVS since it forces
>>> certain activities (scan this, manual that). A catalog of basic controls
>>> would be way more effective than ASVS, IMO.
>>>
>>> -Jim Manico
>>> http://manico.net
>>> On Feb 1, 2011, at 1:37 PM, "Kate Hartmann" <kate.hartmann at owasp.org>
>>> wrote:
>>>
>>> I’m hoping that someone in the GPC has an idea of what Richard is
>>> referring to.
>>>
>>>
>>>
>>> Thank you.
>>>
>>>
>>>
>>> Kate Hartmann
>>>
>>> Operations Director
>>>
>>> 301-275-9403
>>>
>>> www.owasp.org
>>>
>>> Skype:  Kate.hartmann1
>>>
>>>
>>>
>>> From: Campbell, Richard S. [mailto:RCampbell at FDIC.gov]
>>> Sent: Tuesday, February 01, 2011 1:29 PM
>>> To: kate.hartmann at owasp.org
>>> Subject: OWASP to NIST 800-53 mapping?
>>>
>>>
>>>
>>> Several of our security auditors and contractors have asked if there is a
>>> mapping of the OWASP programming standards to NIST 800-53. We were hoping
>>> that this has been done to avoid reinventing the mapping. Who would know?
>>>
>>> Thanks!
>>>
>>> Richard Campbell
>>> Federal Deposit Insurance Corporation
>>> Senior Security and Enterprise Architect
>>> 703 516 1135
>>>
>>> _______________________________________________
>>> Global-projects-committee mailing list
>>> Global-projects-committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>>>
>>> _______________________________________________
>>> Global-projects-committee mailing list
>>> Global-projects-committee at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>>>
>>
>>
>> _______________________________________________
>> Global-projects-committee mailing list
>> Global-projects-committee at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>>
>
>
> _______________________________________________
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_industry_committee
>
>


More information about the Global_industry_committee mailing list