Jake Korona

NIST 800-53 Control Mappings in SQL Query Export

Blog Post created by Jake Korona Employee on Aug 11, 2016

In July, we added National Institute of Standards and Technology (NIST) Special Publication 800-53r4 controls mappings to version 2.0.2 of the reporting data model for SQL Query Export reports. NIST 800-53 is a publication that develops a set of security controls standards that are designed to aid organizations in protecting themselves from an array of threats.

 

What does this mean for you? Well, now you can measure your compliance against these controls by writing SQL queries. For example, say you want to know how many assets fail or comply with a certain control:

SELECT ncm.control_name,
       SUM(fr.noncompliant_assets) AS noncompliant_assets,
       SUM(fr.compliant_assets) AS compliant_assets
FROM fact_policy_rule fr
   JOIN dim_policy_rule_cce_platform_nist_control_mapping ncm ON ncm.rule_id = fr.rule_id AND ncm.rule_scope = fr.scope
WHERE ncm.control_name LIKE ‘AC-%’
GROUP BY ncm.control_name
ORDER BY ncm.control_name ASC

 

Screen Shot 2016-08-01 at 2.07.36 PM.jpg

 

Or this example shows how you can list your least compliant policy rules (most failed assets) and which CCEs and controls they map to:

SELECT p.title AS policy_name,
       dpr.title AS rule_name,
       ncm.cce_item_id,
       ncm.control_name,
       fr.noncompliant_assets,
       fr.compliant_assets
FROM fact_policy_rule fr
   JOIN dim_policy_rule dpr USING (rule_id, scope, policy_id)
   JOIN dim_policy p USING (policy_id, scope)
   JOIN dim_policy_rule_cce_platform_nist_control_mapping ncm ON ncm.rule_id = fr.rule_id AND ncm.rule_scope = fr.scope
ORDER BY fr.noncompliant_assets DESC

 

Screen Shot 2016-08-01 at 1.52.02 PM.jpg

You can learn more about SQL Query Export here and Nexpose's built-in policy reports here.

Outcomes