faulkdev
faulkdev
@schrolla, what is the status of the SCuBA to 800-53 mapping? Slide 10 of the SCuBA overview at [https://csrc.nist.gov/csrc/media/Presentations/2024/cisa-s-scuba-overview/5-CISAs_SCuBA_Overview-Mamika_Huynh.pdf](https://csrc.nist.gov/csrc/media/Presentations/2024/cisa-s-scuba-overview/5-CISAs_SCuBA_Overview-Mamika_Huynh.pdf) states [emphasis added]: > When developing the baselines, users would ask...
@schrolla, We're standing by, here. In the interim, perhaps CISA could update their public information on SCuBA removing the the statement that CISA has performed a mapping to FedRAMP High...
We respectfully disagree with a CIS mapping being of more value than the [CISA-advertised mapping to 800-53r5 / FedRAMP High](https://csrc.nist.gov/csrc/media/Presentations/2024/cisa-s-scuba-overview/5-CISAs_SCuBA_Overview-Mamika_Huynh.pdf). Given [CISA BOD 25-01](https://www.cisa.gov/news-events/directives/bod-25-01-implementation-guidance-implementing-secure-practices-cloud-services) and the [SCuBA focus on FCEB](https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project),...