# NIST 800-218 The [National Institute of Standards and Technology (NIST)](https://www.nist.gov/about-nist) operated by the US Department of Commerce provides technology control guidance and measurement frameworks for [[cybersecurity]] to stimulate innovation. ## Capability Scope | **NIST 800-218 Category** | **Capability Scope** | | ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Prepare the Organization (PO) | [[Code Management]]<br>[[Device Management]]<br>[[Policy Management]]<br>[[Standards Management]]<br>[[Test Plan Management]]<br>[[Third Party Management]]<br>[[Threat Mitigation]]<br>[[Training]] | | Protect Software (PS) | [[Backup and Recovery]]<br>[[Code Management]]<br>[[Identity and Access Management]] | | Produce Well-Secured Software (PW) | [[Assurance Reporting]]<br>[[Code Management]]<br>[[Data Management]]<br>[[Defense Modeling]]<br>[[Policy Management]]<br>[[Resilience Testing]]<br>[[Standards Management]]<br>[[Test Plan Management]]<br>[[Training]] | | Respond to Vulnerabilities (RV) | [[Assurance Reporting]]<br>[[Failure Tracing]]<br>[[Remediation Management]] | ## Detailed Capability Scope | # | Capability Scope | | ------------------------ | ----------------------------------------------------------- | | PO.1 | L2: [[Standards Management]]<br />L2: [[Policy Management]] | | PO.4<br />PO.8 | L2: [[Test Plan Management]] | | PO.3<br />PO.5<br />PS.1 | L1: [[Threat Mitigation]] | | PW.1 | L2: [[Attack Surface Enumeration]] | | PW.2 | L1: [[Control Verification]] | | PW.4<br />PW.6 | L1: [[Control Development]] | | PW.7 | L2: [[Resilience Testing]] | | PW.9 | L2: [[Threshold Management]] | | RV.1 | L1: [[Adversary Research]] | | RV.2.1 | L2: [[Risk Prioritization]] | | RV2.2 | L2: [[Remediation Management]] | | RV.3 | L2: [[Forensic Analysis]] | ## Inspiration & Resources + [SP 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities | CSRC (nist.gov)](https://csrc.nist.gov/pubs/sp/800/218/final) + [The BSA Framework for Secure Software](https://www.bsa.org/files/reports/bsa_framework_secure_software_update_2020.pdf) ## Release Notes + [[WIP - Q3 2024 Release#Map NIST 800-218 to Cybersecurity Capabilities]] ## [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.