Security Engineering (SE) Workbench

Security Control Explorer Exercises

Initialize the tool by loading the tool or resetting the filters
Review the Table Header Instructional information and click the Show/Hide button to Hide the Instructions
Observe the column filter pulldown menus, visible columns, the text search field, and the data rows and cells.
Observe the options within the Column Visibility function.
Observe the options within the Select Data function.
Observe the options within the Export Data function.
Scroll down to the bottom of the page and note the number of entries in the NIST SP800-53 data.

Reset the filters or reload the tool
Use the pulldown menu labeled "Impact Baselines" to review each of the Security Controls Baselines identified by NIST SP800-53R5.
- High Impact
- Moderate Impact
- Low Impact
- Privacy Impact
Scroll to the bottom of the page and note the number of security controls for in each Impact Baseline
Use the Select Data button to highlight all the Controls for the Low Impact Baseline
Use the Export Data button to create a spreadsheet (CSV) file containing the Low Impact Controls

Reset the filters or reload the tool
Use the pulldown menu labeled "Impact Baselines" to select the "Moderate Impact" Baseline.
Use the pulldown menu labeled "Control Type" to show the Management Controls in the Moderate Impact Baseline.
Optionally, use the Export Data button to create a PDF containing the Management Controls in the Moderate Impact Baseline.

Reset the filters or reload the tool
Use the pulldown menu labeled "Impact Baselines" to select the "Low Impact" Baseline.
Use the Column Visibility Button to add the ISO27001 Control Mapping data to the display
Scroll through the display and note the mapping between the NIST and ISO controls
Use the pulldown menu for ISO Control Mapping and select the entry "none" to reveal the NIST controls that do not have a direct ISO mapping.

Reset the filters or reload the tool
use the Text Search Field to find the security controls associated with the term "firewall"
Optionally, Select Data button to highlight all the Controls associated with "firewall"
Optionally, use the Export Data button to create a Print file for the Controls associated with "firewall"

Reset the filters or reload the tool
Use the pulldown menu to find the security controls associated with the Cyber Security Framework capability "Identity Management, Authentication and Access Control"
Download and access the Federal Information Processing Standard (FIPS) manual associated with cryptography (FIPS-140) by selecting finding control "SC-13: CRYPTOGRAPHIC PROTECTION" and selecting the associated reference document

Reset the filters or reload the tool
Use one of the following methods to select attacks of interest from the data in the tool.

Use cursor to highlight individual items
Use filters to select groups of items, for example, select a Controls Baseline, such as "Low, Moderate, High or Privacy", or select a Control type, such as "Management, Operational, or Technical". Afterward, use the "Select Data" button and "Select Filtered Data"

Create the Assessment Worksheet by Accessing the Assessment CSV button within the Export Data Function
Open the downloaded CSV file in a local Spreadsheet program
Format the downloaded spreadsheet by:
- Set row 1 to Bold text to highlight the column headers
- Select the entire spreadsheet and enable text wrap.
- Select and stretch the column identifiers A thru L to show to spreadsheet content
- Optionally set cell alignment at top
- Save the changes to a local file
- Work with the file to assign and track work items

LAST UPDATE: 14 April 2022