Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Add "Framework: NIST 800-53" #37

Open
austinsonger opened this issue Feb 10, 2025 · 2 comments
Open

Feature Request: Add "Framework: NIST 800-53" #37

austinsonger opened this issue Feb 10, 2025 · 2 comments
Labels
Feature Public

Comments

@austinsonger
Copy link

Summary:

Request to integrate the NIST 800-53 security and privacy control framework into the Governance, Risk, and Compliance (GRC) tool to support compliance, risk assessment, and control mapping.

Problem Statement:

Currently, the tool lacks an implementation of the NIST 800-53 control framework, which is widely adopted for federal and enterprise security compliance worldwide. The absence of this framework creates a gap in managing security controls, aligning with regulatory requirements, and conducting compliance assessments against federal standards.

Proposed Solution:

  • Add NIST 800-53 as a selectable framework within the GRC tool.
  • Include the latest version (Revision 5) and any future updates for continued compliance.
  • Map controls to existing frameworks (e.g., ISO 27001, CIS, SOC 2) for cross-framework alignment.
  • Enable risk assessment capabilities using NIST 800-53 control families (e.g., Access Control, Incident Response).
  • Provide control implementation guidance aligned with NIST recommendations.
  • Allow integration with compliance reporting and audits for regulatory adherence.

Why NIST 800-53?

NIST 800-53 is one of the most detailed and comprehensive security frameworks, making it highly adaptable for use alongside other frameworks. Because of its depth, organizations can leverage it as a foundational control set, mapping it to other compliance standards (e.g., ISO 27001, PCI DSS, SOC 2). This flexibility allows users to manage multiple frameworks simultaneously with reduced redundancy.

Benefits:

  • Enhances regulatory compliance for organizations following federal security guidelines.
  • Facilitates risk management by standardizing controls with a well-recognized framework.
  • Improves audit readiness by aligning with federal and enterprise requirements.
  • Supports cross-framework mapping to reduce redundant control assessments.
  • Acts as a foundational control set for any other framework due to its detailed structure.

Priority:

  • High – Due to widespread adoption in government, defense, and regulated industries. Many frameworks worldwide uses NIST 800-53 to develop their own.

Additional Notes:

  • If applicable, align with FedRAMP, FISMA, and CMMC compliance needs.
  • Ensure framework updates are automatically reflected in the GRC tool.
@linear Linear
Copy link

linear bot commented Feb 10, 2025

COM-21 Feature Request: Add "Framework: NIST 800-53"

@carhartlewis
Copy link
Collaborator

Thanks @austinsonger - this is great. We plan to support NIST 800-53 as it's a crucial framework. We're building an extensible framework management system that will make it easy to add and maintain various compliance frameworks over time. I'll update you once our architecture is stabilized so that contributors like yourself can help expand our framework coverage beyond our initial implementations.

If you have mapped out these frameworks already, feel free to share! If you want to get involved too on the architecture stuff, it might be a good idea to join us on discord - we have a dev channel 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Public
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@austinsonger @carhartlewis