Mapping & Analysis: NIST Privacy Framework to Risk Management Framework 800-53A Assessment Objectives

NIST has provided a cross walk from the Privacy Framework (PF) to the Risk Management Framework (RMF) 800-53 security controls. The bar chart below displays these blended data sets and maps the PF to the 800-53A assessment objectives. Here is some summary count info by CSF Function:

  1. Identify (ID) = 306 assessment objectives
  2. Govern (GV) = 851 assessment objectives
  3. Control (CT) = 515 assessment objectives
  4. Communicate (CM) = 263 assessment objectives
  5. Protect (PR) = 1016 assessment objectives
Link to the corresponding table chart - here.