This is the first part of the patch which adds NIST 800-53
to the references folder.
This will enable us to programmatically display fragments of 800-53 alongside
our guidance content (e.g. policy tables), and also with DISA FSO's CCIs, which
are rewritten/separated fragments from 800-53, to provide context and
comprehensibility.
---
RHEL6/references/nist-800-53-rev3.xml | 8270 +++++++++++++++++++++++++++++++++
1 files changed, 8270 insertions(+), 0 deletions(-)
create mode 100644 RHEL6/references/nist-800-53-rev3.xml
diff --git a/RHEL6/references/nist-800-53-rev3.xml
b/RHEL6/references/nist-800-53-rev3.xml
new file mode 100644
index 0000000..db4a868
--- /dev/null
+++ b/RHEL6/references/nist-800-53-rev3.xml
@@ -0,0 +1,8270 @@
+<?xml version="1.0" encoding="UTF-8"
standalone="yes"?>
+<ns3:controls
xmlns="http://scap.nist.gov/schema/sp800-53/1.0"
xmlns:ns2="http://www.w3.org/1999/xhtml"
xmlns:ns3="http://scap.nist.gov/schema/sp800-53/feed/1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
pub_date="2012-09-17T10:54:22.360-04:00"
xsi:schemaLocation="http://scap.nist.gov/schema/sp800-53/1.0
http://nvd.nist.gov/schema/sp800-53/feed/1.0/sp800-53-feed_1.0.xsd">
+ <ns3:control>
+ <control-class>Technical</control-class>
+ <family>Access Control</family>
+ <number>AC-1</number>
+ <title>Access Control Policy and Procedures</title>
+ <priority>P1</priority>
+ <description>
+ <ns2:div>
+ <ns2:p class="align_left">The organization develops,
disseminates, and reviews/updates [<ns2:em>Assignment: organization-defined
frequency</ns2:em>]:</ns2:p>
+ <ns2:p class="align_left"/>
+ </ns2:div>
+ </description>
+ <supplemental-guidance>
+ <ns2:div>
+ <ns2:p class="align_left">This control is intended to
produce the policy and procedures that are required for the effective implementation of
selected security controls and control enhancements in the access control family. The
policy and procedures are consistent with applicable federal laws, Executive Orders,
directives, policies, regulations, standards, and guidance. Existing organizational
policies and procedures may make the need for additional specific policies and procedures
unnecessary. The access control policy can be included as part of the general information
security policy for the organization. Access control procedures can be developed for the
security program in general and for a particular information system, when required. The
organizational risk management strategy is a key factor in the development of the access
control policy. Related control: PM-9.</ns2:p>
+ </ns2:div>
+ </supplemental-guidance>