I hope sharing this effort might be useful in some small way.... Attached Spreadsheet reflects current documentation of SP-800-53r4 controls with CNSSI-1253 Profile of low/low/low. Entries have been color-coded (Red -> elements called out in scap-security-guide as "Procedural") (Green -> N/A to Operating System). No Overlays have been included, nor have I paid any attention to Privacy requirements.
The remaining entries reflect what is believed to be relevant entries for Profile "nist-cl-il-al" (ssg-rhel6-ds.xml). These entries would also appear to support ssg-rhel7-ds.xml. Some "nist-cl-il-al" appear to have shifted into "medium" category, while some are no longer applicable according to current documentation. Would it be useful to extend Profile to med/med/med and produce low/low/low Profile via tailoring? https://docs.google.com/spreadsheets/d/1TXDI4M_ecxOAhj7KDIydiqaeuwlnACKLpYzP07uqQJk/edit?usp=sharing -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
