Is there a spreadsheet/matrix that shows a mapping of a control to a tool/product or technology that could assist with meeting that control? For example, NIST 800-53 control AU-6(3) speaks to correlation of audit logs. A SIEM tool (i.e. Splunk) would be to facilitate (not guarantee) compliance with this control.

I think this would be great in providing guidance to folks who are either struggling to find a feasible solution for certain controls or perhaps pursuing a manual approach (i.e. using spreadsheets to track assets rather than leveraging a CMDB to track all assets).

Share This Discussion

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.