@article{ART003139208},
author={Se-Eun Kim and Hyo-Beom Ahn},
title={A Study on the Importance of Control Items of NIST SP 800-53 by Mapping CVE and STIG/SRG},
journal={Journal of The Korea Society of Computer and Information},
issn={1598-849X},
year={2024},
volume={29},
number={11},
pages={173-185},
doi={10.9708/jksci.2024.29.11.173}
TY - JOUR
AU - Se-Eun Kim
AU - Hyo-Beom Ahn
TI - A Study on the Importance of Control Items of NIST SP 800-53 by Mapping CVE and STIG/SRG
JO - Journal of The Korea Society of Computer and Information
PY - 2024
VL - 29
IS - 11
PB - The Korean Society Of Computer And Information
SP - 173
EP - 185
SN - 1598-849X
AB - The U.S. federal government has established NIST SP 800-53 in response to the need for vulnerability management, and MITRE manages security vulnerabilities through CVE numbers. Although the relationship between NIST SP 800-53 and CVE is a crucial factor in vulnerability management, it is not clearly defined, making it challenging for security managers to identify control items that address the latest vulnerabilities. This study aims to analyze the relationship between NIST SP 800-53 and CVE to establish prioritization for evaluating security control items. Controls that are frequently associated with CVE should be prioritized for evaluation and improvement. The study derived the relevance between NIST SP 800-53 security controls through mapping CVE to STIG/SRG and used SecBERT, CyBERT, and RankT5 models to automate this mapping. The results confirmed the need to prioritize the improvement of specific security controls.
KW - Vulnerability Management;NIST SP 800-53;CVE;Security Control;Automation Mapping
DO - 10.9708/jksci.2024.29.11.173
ER -
Se-Eun Kim and Hyo-Beom Ahn. (2024). A Study on the Importance of Control Items of NIST SP 800-53 by Mapping CVE and STIG/SRG. Journal of The Korea Society of Computer and Information, 29(11), 173-185.
Se-Eun Kim and Hyo-Beom Ahn. 2024, "A Study on the Importance of Control Items of NIST SP 800-53 by Mapping CVE and STIG/SRG", Journal of The Korea Society of Computer and Information, vol.29, no.11 pp.173-185. Available from: doi:10.9708/jksci.2024.29.11.173
Se-Eun Kim, Hyo-Beom Ahn "A Study on the Importance of Control Items of NIST SP 800-53 by Mapping CVE and STIG/SRG" Journal of The Korea Society of Computer and Information 29.11 pp.173-185 (2024) : 173.
Se-Eun Kim, Hyo-Beom Ahn. A Study on the Importance of Control Items of NIST SP 800-53 by Mapping CVE and STIG/SRG. 2024; 29(11), 173-185. Available from: doi:10.9708/jksci.2024.29.11.173
Se-Eun Kim and Hyo-Beom Ahn. "A Study on the Importance of Control Items of NIST SP 800-53 by Mapping CVE and STIG/SRG" Journal of The Korea Society of Computer and Information 29, no.11 (2024) : 173-185.doi: 10.9708/jksci.2024.29.11.173
Se-Eun Kim; Hyo-Beom Ahn. A Study on the Importance of Control Items of NIST SP 800-53 by Mapping CVE and STIG/SRG. Journal of The Korea Society of Computer and Information, 29(11), 173-185. doi: 10.9708/jksci.2024.29.11.173
Se-Eun Kim; Hyo-Beom Ahn. A Study on the Importance of Control Items of NIST SP 800-53 by Mapping CVE and STIG/SRG. Journal of The Korea Society of Computer and Information. 2024; 29(11) 173-185. doi: 10.9708/jksci.2024.29.11.173
Se-Eun Kim, Hyo-Beom Ahn. A Study on the Importance of Control Items of NIST SP 800-53 by Mapping CVE and STIG/SRG. 2024; 29(11), 173-185. Available from: doi:10.9708/jksci.2024.29.11.173
Se-Eun Kim and Hyo-Beom Ahn. "A Study on the Importance of Control Items of NIST SP 800-53 by Mapping CVE and STIG/SRG" Journal of The Korea Society of Computer and Information 29, no.11 (2024) : 173-185.doi: 10.9708/jksci.2024.29.11.173
