The SOC-CMM is currently aligned with NIST CSF 1.0 and NIST CSF 1.1. Indirectly, this connects the SOC-CMM to other standards, such as: COBIT 5, ISO/IEC 27001:2013 and NIST SP 800-536. What additional alignments could be valueable to the SOC-CMM community?
Could be interesting if we could consider: https://www.cisecurity.org/controls/
The 20 controls probably are really basic, but when you go deep, you will found there are some interesting controls associated.
Hi Jquin,
Sorry for the late reply. I've never considered the CSC before. Mostly because of the fact that it's too high level. But I agree that there's more to CSC than just the high level part of it. I'm going to take a more detailed look. Even if it's not fit for mapping purposes, it may still be useful for further improving the capability side of the SOC-CMM.
Regards,
Rob.
(02-20-2019, 02:12 PM)robvanos Wrote: [ -> ]The SOC-CMM is currently aligned with NIST CSF 1.0 and NIST CSF 1.1. Indirectly, this connects the SOC-CMM to other standards, such as: COBIT 5, ISO/IEC 27001:2013 and NIST SP 800-536. What additional alignments could be valueable to the SOC-CMM community?
Imho any alignment analysis with other practice-based frameworks is rather meaningless. It would only illustrate redundancies and blanks between these frameworks.
Instead, I would recommend to cross-reference the framework with a method that describes a management system.
If you would also cross-reference the other frameworks with that same method, you would have an impartial reference point.
THAT would make 'alignment' of cross-referencing meaningful.
If you would try this with e.g. the
USM method (Unified Service Management), you would find astonishing results for all involved frameworks...