Using the STRIDE-LM Threat Model to Drive Security Control Selection

Using threat modeling can be an effective way to prioritize security control implementation efforts for a given solution. The resulting prioritization can then be used to help optimize time or financial costs during solution development. The following is a brief overview of using the threat modeling process to select both NIST CSF security outcomes and NIST security controls.

Continue reading “Using the STRIDE-LM Threat Model to Drive Security Control Selection”

NIST SP 800-53 Revision 4 vs. 5: What’s the Difference?

NIST Special Publication 800-53 Revision 5 was released recently and it includes a substantial number of changes. While NIST did outline many of the changes in their release notes, there are a few other things they left out.

Continue reading “NIST SP 800-53 Revision 4 vs. 5: What’s the Difference?”


Welcome to CSF Tools! You may be wondering what all this stuff is and why I put it here. Like so many things in life as a technologist, this all started with me trying to find ways to visualize the NIST Cybersecurity Framework for a PowerPoint presentation. I wasn’t really happy with the stuff I found, so decided to start building a library of visualizations linking that CSF to different control sets.

What is here so far is just the beginning. I have many ideas regarding new visualizations, control sets, and features to increase flexibility of presentation. Check back in periodically — you never know what you might find!