Skip to content

Add NIST SP 800-53 Mappings to the Baselines #1656

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mitchelbaker-cisa merged 21 commits into from
Jun 2, 2025
Merged

Add NIST SP 800-53 Mappings to the Baselines #1656

mitchelbaker-cisa merged 21 commits into from
Jun 2, 2025

Conversation

@adhilto
Copy link
Collaborator

@adhilto adhilto commented Mar 28, 2025
edited by mitchelbaker-cisa
Loading

🗣 Description

Add mappings to the NIST SP 800-53 Rev 5 FedRAMP High baselines. These are shown in two places:

  • In the baseline documents themselves
  • In a csv file: /PowerShell/ScubaGear/mappings/scuba-to-nist-sp-800-53-r5-fedramp-high.csv

💭 Motivation and context

Closes #940.

🧪 Testing

I ran ScubaGear to verify that the markdown changes didn't break the markdown parser.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • PR targets the correct parent branch (e.g., main or release-name) for merge.
  • Changes are limited to a single goal - eschew scope creep!
  • Changes are sized such that they do not touch excessive number of files.
  • All future TODOs are captured in issues, which are referenced in code comments.
  • These code changes follow the ScubaGear content style guide.
  • Related issues these changes resolve are linked preferably via closing keywords.
  • All relevant type-of-change labels added.
  • All relevant project fields are set.
  • All relevant repo and/or project documentation updated to reflect these changes.
  • Unit tests added/updated to cover PowerShell and Rego changes.
  • Functional tests added/updated to cover PowerShell and Rego changes.
  • All relevant functional tests passed.
  • All automated checks (e.g., linting, static analysis, unit/smoke tests) passed.

✅ Pre-merge checklist

  • PR passed smoke test check.

  • Feature branch has been rebased against changes from parent branch, as needed

    Use Rebase branch button below or use this reference to rebase from the command line.

  • Resolved all merge conflicts on branch

  • Notified merge coordinator that PR is ready for merge via comment mention

  • Demonstrate changes to the team for questions and comments.
    (Note: Only required for issues of size Medium or larger)

✅ Post-merge checklist

  • Feature branch deleted after merge to clean up repository.
  • Verified that all checks pass on parent branch (e.g., main or release-name) after merge.

@adhilto adhilto added the baseline-document Issues relating to the text in the baseline documents themselves label Mar 28, 2025
@adhilto adhilto added this to the Nemo milestone Mar 28, 2025
@adhilto adhilto requested review from ahuynhMITRE and amart241 March 28, 2025 00:38
@adhilto adhilto self-assigned this Mar 28, 2025
@adhilto adhilto linked an issue Mar 28, 2025 that may be closed by this pull request
Cross-linking M365 baselines with NIST 800-53 controls #940
Closed
4 tasks
@gdasher gdasher self-requested a review March 28, 2025 00:44
gdasher
gdasher reviewed Mar 28, 2025
View reviewed changes
Copy link
Contributor

@gdasher gdasher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High level question, feel free to follow up on slack if you like: skimming through, it looks like you were able to map most things to 800-53 controls that were in the FedRAMP High baseline. Where there any things you thought were stretches and mapped better to 800-53 controls that weren't in the FedRAMP baseline at all? When I did a super cursory version of this exercise last year I found a number of such cases but I'm curious your take after spending some more quality time with the problem.

@adhilto adhilto force-pushed the 940-cross-linking-with-800-53 branch 3 times, most recently from 4817dd7 to ca6fb79 Compare April 7, 2025 16:43
amart241
amart241 approved these changes Apr 8, 2025
View reviewed changes
Copy link
Collaborator

@amart241 amart241 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks exactly like what we had done over the past few weeks. straight forward and good to go.

@adhilto adhilto force-pushed the 940-cross-linking-with-800-53 branch from 6b11422 to 5169360 Compare April 8, 2025 19:30
ahuynhMITRE
ahuynhMITRE approved these changes Apr 25, 2025
View reviewed changes
Copy link
Contributor

@ahuynhMITRE ahuynhMITRE left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no issues with the NIST mappings! Good additions with the new mappings.md and mapping.csv to store the context and spreadsheet in GitHub.

@mitchelbaker-cisa mitchelbaker-cisa self-requested a review May 12, 2025 17:08
mitchelbaker-cisa
mitchelbaker-cisa reviewed May 22, 2025
View reviewed changes
mitchelbaker-cisa
mitchelbaker-cisa approved these changes May 22, 2025
View reviewed changes
Copy link
Collaborator

@mitchelbaker-cisa mitchelbaker-cisa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR looks good to go after syncing with main.

@adhilto adhilto force-pushed the 940-cross-linking-with-800-53 branch from a491eab to 96546e3 Compare May 23, 2025 16:07
@mitchelbaker-cisa mitchelbaker-cisa merged commit 3e5944b into main Jun 2, 2025
27 checks passed
@mitchelbaker-cisa mitchelbaker-cisa deleted the 940-cross-linking-with-800-53 branch June 2, 2025 22:35
mitchelbaker-cisa added a commit that referenced this pull request Jun 16, 2025
@adhilto @mitchelbaker-cisa
Add NIST SP 800-53 Mappings to the Baselines (#1656)
e154d24 
* Add AAD mappings

* Add Defender mappings

* Add EXO mappings

* Add Teams mappings

* Add PowerBi mappings

* Revise MS.EXO.15.3 mapping

* Change 'High Baseline' to 'FedRAMP High Baseline'

* Add PowerPlatform mappings

* Add sharepoint mappings

* Add mappings csv

* A few minor corrections

* Update README

* Correct link to spreadsheet

* Update a few sharepoint mappings

* Remove recently deleted sharepoint control from csv

* Update version number in CSV file

* Add mapping to IA-5c

* Remove MS.AAD.5.4v1 from mapping csv

* Add mapping for MS.AAD.3.9v1

* Update csv mappings for recent baseline changes

* Remove NIST mapping placed in ATT&CK mapping section

Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com>

---------

Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amart241 amart241 amart241 approved these changes

@mitchelbaker-cisa mitchelbaker-cisa mitchelbaker-cisa approved these changes

+2 more reviewers

@gdasher gdasher gdasher left review comments

@ahuynhMITRE ahuynhMITRE ahuynhMITRE approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@adhilto adhilto

Labels

baseline-document Issues relating to the text in the baseline documents themselves

Projects

None yet

Milestone

Nemo

Development

Successfully merging this pull request may close these issues.

Cross-linking M365 baselines with NIST 800-53 controls

6 participants

@adhilto @gdasher @amart241 @ahuynhMITRE @mitchelbaker-cisa