You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The mapping from NIST SSDF PO.1.2 (Identify and document all security requirements) to SP800-53 gives SC-18 Mobile Code as the only Direct mapping. This doesn't seem correct.
Expected Behaviour
I don't have extensive knowledge of 800-53, but I would think SA-8 is a closer match for instance.
The text was updated successfully, but these errors were encountered:
@aramhovsepyan SSDF and SP800 are about different worlds. SSDf PO.1.2 refers to requirement to have the process of identifying security requirements and documenting them. The SP800-53 SA-8 is NOT about that process. It IS about a set of these security requirements itself (the privacy principles. These requirements apply to the technology, whereas the SSSD requirements apply to the organisation. Makes sense?
Issue
What is the issue?
The mapping from NIST SSDF PO.1.2 (Identify and document all security requirements) to SP800-53 gives SC-18 Mobile Code as the only Direct mapping. This doesn't seem correct.
Expected Behaviour
I don't have extensive knowledge of 800-53, but I would think SA-8 is a closer match for instance.
The text was updated successfully, but these errors were encountered: