GRC: NIST CSF Use Case Accelerator. NIST CSF v1.1 or v2.0?

Valqe · ‎07-19-2024

Greetings,

I have installed "GRC: NIST CSF Use Case Accelerator" (sn_irm_nist_csf) plugin and from what I can see, the security controls that were brought over are of NIST CSF 1.1 version.

Was wondering how can I update this plugin to have access to control objectives for NIST CSF version 2.0?
I installed latest plugin version 18.1.0, but no result on the content of NIST CSF control objectives when it comes to NIST CSF Versino 2.0.

I appreciate your comments and guidance.

Thank you

Valqe · ‎08-19-2024

Thank you so much @Connor Levien I appreciate your response.

I see that "GRC: NIST CSF Use Case Accelerator" version 19.0.1 is available and I just updated it.
However I am little confused. I don't see there NIST CSF 2.0 control objectives 😞

Am I missing something?

I see that : Authority Document "NIST CSF v2.0" is there:

Also citations within NIST CST v.20 authority document are visible:

But looking at citation to control objective relationship I see a record, but there is no reference to a NIST CSF v.2.0 control objective

and when I try to hover over control objective from screenshot above I get this

I appreciate your help and guidance.

Thanks in advance

V.

P.S.1 Is there a way to only see NIST CSF 2.0 related control objectives?

Connor Levien · ‎08-19-2024

Hey @Valqe, I have just checked and installed this in my instance and have noticed the same issue of the control objective to citation mapping being blank.

I have made the product team aware but I would suggest raising a support ticket as there may be a hot fix already available.

To find all the NIST CSF 2.0 related control objectives you can simply search for Control objectives in the filter navigator and it should show you the NIST CSF Control objective navigation item which will take you to a prebuilt list of control objectives filtered for NIST CSF 2.0