Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Integrating Top-down and Bottom-up Cybersecurity Guidance using XML

Published

Author(s)

Joshua Lubell

Abstract

This paper describes a markup-based approach for synthesizing disparate information sources, and then discusses a software implementation of the approach. The implementation, developed using XForms and Extensible Stylesheet Language Transformations (XSLT), makes it easier for people to use two complementary, but differently structured, guidance specifications together: the (top- down) Cybersecurity Framework and the (bottom-up) National Institute of Standards and Technology Special Publication 800-53 security control catalog. An example scenario demonstrates how the software implementation can help a security professional select the appropriate safeguards for restricting unauthorized access to an Industrial Control System. The implementation and example show the benefits of this approach and suggest its potential application to disciplines other than cybersecurity.
Proceedings Title
Balisage Series on Markup Technologies
Conference Dates
August 2-5, 2016
Conference Location
Washington, DC
Conference Title
Balisage: The Markup Conference

Keywords

risk management, mission/business objectives, cybersecurity framework, XForms, XSLT, security control, tailored baseline, Industrial Control System, NIST SP 800-53, NIST SP 800-82
Created August 1, 2016, Updated November 10, 2018