This repository provides a structured approach to mapping cybersecurity controls, particularly NIST SP 800-171, to verifiable evidence artifacts.
To support:
- Consistent evidence validation
- Traceability between controls and artifacts
- Improved assessment readiness
- Alignment between governance intent and operational implementation
Initial focus:
- NIST SP 800-171 Rev. 2 / Rev. 3
- Evidence expectations by control family
- Assessment-oriented validation patterns
- Expansion into multi-framework mapping (CMMC, NIST CSF, ISO)
- Integration with governance modeling approaches
- Development of reusable GRC engineering patterns
Robert Wiley
Cybersecurity GRC | Mission Assurance | Governance Architecture