Security Engineering (SE) Workbench


Return to the SE-Workbench Project Page

Security Control Explorer Exercises

1. Explore the Security Control Analysis Tool

  1. Initialize the tool by loading the tool or resetting the filters
  2. Review the Table Header Instructional information and click the Show/Hide button to Hide the Instructions
  3. Observe the column filter pulldown menus, visible columns, the text search field, and the data rows and cells.
  4. Observe the options within the Column Visibility function.
  5. Observe the options within the Select Data function.
  6. Observe the options within the Export Data function.
  7. Scroll down to the bottom of the page and note the number of entries in the NIST SP800-53 data.

2. Explore Security Controls Baselines

  1. Reset the filters or reload the tool
  2. Use the pulldown menu labeled "Impact Baselines" to review each of the Security Controls Baselines identified by NIST SP800-53R5.
    • High Impact
    • Moderate Impact
    • Low Impact
    • Privacy Impact
  3. Scroll to the bottom of the page and note the number of security controls for in each Impact Baseline
  4. Use the Select Data button to highlight all the Controls for the Low Impact Baseline
  5. Use the Export Data button to create a spreadsheet (CSV) file containing the Low Impact Controls

3. Explore the Management Controls within the Moderate Impact Security Controls Baselines

  1. Reset the filters or reload the tool
  2. Use the pulldown menu labeled "Impact Baselines" to select the "Moderate Impact" Baseline.
  3. Use the pulldown menu labeled "Control Type" to show the Management Controls in the Moderate Impact Baseline.
  4. Optionally, use the Export Data button to create a PDF containing the Management Controls in the Moderate Impact Baseline.

4. Explore the ISO27001 Controls associated with the Low Impact Baseline

  1. Reset the filters or reload the tool
  2. Use the pulldown menu labeled "Impact Baselines" to select the "Low Impact" Baseline.
  3. Use the Column Visibility Button to add the ISO27001 Control Mapping data to the display
  4. Scroll through the display and note the mapping between the NIST and ISO controls
  5. Use the pulldown menu for ISO Control Mapping and select the entry "none" to reveal the NIST controls that do not have a direct ISO mapping.

5. Explore the NIST Controls associated with the term "firewall"

  1. Reset the filters or reload the tool
  2. use the Text Search Field to find the security controls associated with the term "firewall"
  3. Optionally, Select Data button to highlight all the Controls associated with "firewall"
  4. Optionally, use the Export Data button to create a Print file for the Controls associated with "firewall"

6. Explore the NIST Controls associated use of cryptography for Identity Management

  1. Reset the filters or reload the tool
  2. Use the pulldown menu to find the security controls associated with the Cyber Security Framework capability "Identity Management, Authentication and Access Control"
  3. Download and access the Federal Information Processing Standard (FIPS) manual associated with cryptography (FIPS-140) by selecting finding control "SC-13: CRYPTOGRAPHIC PROTECTION" and selecting the associated reference document

7. Create a Security Controls Assessment Worksheet

  1. Reset the filters or reload the tool
  2. Use one of the following methods to select attacks of interest from the data in the tool.
    • Use cursor to highlight individual items
    • Use filters to select groups of items, for example, select a Controls Baseline, such as "Low, Moderate, High or Privacy", or select a Control type, such as "Management, Operational, or Technical". Afterward, use the "Select Data" button and "Select Filtered Data"
  3. Create the Assessment Worksheet by Accessing the Assessment CSV button within the Export Data Function
  4. Open the downloaded CSV file in a local Spreadsheet program
  5. Format the downloaded spreadsheet by:
    • Set row 1 to Bold text to highlight the column headers
    • Select the entire spreadsheet and enable text wrap.
    • Select and stretch the column identifiers A thru L to show to spreadsheet content
    • Optionally set cell alignment at top
    • Save the changes to a local file
    • Work with the file to assign and track work items


top of the page

Copyright © 2022 Jim Whitmore.

LAST UPDATE: 14 April 2022