I hope sharing this effort might be useful in some small way....
Attached Spreadsheet reflects current documentation of SP-800-53r4 controls with
CNSSI-1253 Profile of low/low/low.
Entries have been color-coded (Red -> elements called out in scap-security-guide as
"Procedural") (Green -> N/A to Operating System). No Overlays have been
included, nor have I paid any attention to Privacy requirements.
The remaining entries reflect what is believed to be relevant entries for Profile
"nist-cl-il-al" (ssg-rhel6-ds.xml). These entries would also appear to support
ssg-rhel7-ds.xml. Some "nist-cl-il-al" appear to have shifted into
"medium" category, while some are no longer applicable according to current
documentation.
Would it be useful to extend Profile to med/med/med and produce low/low/low Profile via
tailoring?
https://docs.google.com/spreadsheets/d/1TXDI4M_ecxOAhj7KDIydiqaeuwlnACKLp...