An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Integrating Top-down and Bottom-up Cybersecurity Guidance using XML
Published
Author(s)
Joshua Lubell
Abstract
This paper describes a markup-based approach for synthesizing disparate information sources, and then discusses a software implementation of the approach. The implementation, developed using XForms and Extensible Stylesheet Language Transformations (XSLT), makes it easier for people to use two complementary, but differently structured, guidance specifications together: the (top- down) Cybersecurity Framework and the (bottom-up) National Institute of Standards and Technology Special Publication 800-53 security control catalog. An example scenario demonstrates how the software implementation can help a security professional select the appropriate safeguards for restricting unauthorized access to an Industrial Control System. The implementation and example show the benefits of this approach and suggest its potential application to disciplines other than cybersecurity.