This is the first part of the patch which adds NIST 800-53 to the references folder.
This will enable us to programmatically display fragments of 800-53 alongside our guidance content (e.g. policy tables), and also with DISA FSO's CCIs, which are rewritten/separated fragments from 800-53, to provide context and comprehensibility. --- RHEL6/references/nist-800-53-rev3.xml | 8270 +++++++++++++++++++++++++++++++++ 1 files changed, 8270 insertions(+), 0 deletions(-) create mode 100644 RHEL6/references/nist-800-53-rev3.xml diff --git a/RHEL6/references/nist-800-53-rev3.xml b/RHEL6/references/nist-800-53-rev3.xml new file mode 100644 index 0000000..db4a868 --- /dev/null +++ b/RHEL6/references/nist-800-53-rev3.xml @@ -0,0 +1,8270 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<ns3:controls xmlns="http://scap.nist.gov/schema/sp800-53/1.0"; xmlns:ns2="http://www.w3.org/1999/xhtml"; xmlns:ns3="http://scap.nist.gov/schema/sp800-53/feed/1.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; pub_date="2012-09-17T10:54:22.360-04:00" xsi:schemaLocation="http://scap.nist.gov/schema/sp800-53/1.0 http://nvd.nist.gov/schema/sp800-53/feed/1.0/sp800-53-feed_1.0.xsd";> + <ns3:control> + <control-class>Technical</control-class> + <family>Access Control</family> + <number>AC-1</number> + <title>Access Control Policy and Procedures</title> + <priority>P1</priority> + <description> + <ns2:div> + <ns2:p class="align_left">The organization develops, disseminates, and reviews/updates [<ns2:em>Assignment: organization-defined frequency</ns2:em>]:</ns2:p> + <ns2:p class="align_left"/> + </ns2:div> + </description> + <supplemental-guidance> + <ns2:div> + <ns2:p class="align_left">This control is intended to produce the policy and procedures that are required for the effective implementation of selected security controls and control enhancements in the access control family. The policy and procedures are consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. Existing organizational policies and procedures may make the need for additional specific policies and procedures unnecessary. The access control policy can be included as part of the general information security policy for the organization. Access control procedures can be developed for the security program in general and for a particular information system, when required. The organizational risk management strategy is a key factor in the development of the access control policy. Related control: PM-9.</ns2:p> + </ns2:div> + </supplemental-guidance> _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
