GRC: NIST CSF Use Case Accelerator. NIST CSF v1.1 or v2.0?

Valqe · ‎07-19-2024

Greetings,

I have installed "GRC: NIST CSF Use Case Accelerator" (sn_irm_nist_csf) plugin and from what I can see, the security controls that were brought over are of NIST CSF 1.1 version.

Was wondering how can I update this plugin to have access to control objectives for NIST CSF version 2.0?
I installed latest plugin version 18.1.0, but no result on the content of NIST CSF control objectives when it comes to NIST CSF Versino 2.0.

I appreciate your comments and guidance.

Thank you

Prasanna_Patil · ‎07-23-2024

Hi @Valqe I think ServiceNow contains only Version 1.1. Version 2.0 is yet to come may be.

Please hit like and Mark Helpful if you liked it
Regards,
Prasanna

Community Alums · ‎08-19-2024

Hi @Valqe ,

The plugin "NIST CSF Use Case Accelerator" does not automatically relate the Citations for Authority document to control objective level, you have to do it manually unfortunately.

You can Navigate to Control Objectives, then add source field to the list and group by source and look for NIST CSF:

Then, you can manually add the associated citations of the Authority document "NIST CSF v2.0" to Control objectives:

Community Alums · ‎08-20-2024

Hi @Valqe ,

Connor Levien · ‎07-25-2024

@Valqe the update to the CSF accelerator is coming in the Washington release. Once the Washington release is available the plugin should be updated and you can update your plugin to get access to the 2.0 content