The proposed innovation will use a model-based approach to streamline understanding and application of standards. NIST standards addressing cybersecurity, presented in the form of documents, spreadsheets, and database tools, provide thousands of complimentary and overlapping items for users to track. Significant effort is expended understanding the standards before attention can be focused on the system of interest. Model-based representations of both the standards and cyber-physical systems in a single tool will provide advantages over current costly and labor-intensive approaches. The tool will give stakeholders at all organizational levels access to the information specific to their domain, enable a better understanding of both the standards and the system, and be the basis for analyses and generation of certification artifacts. We will model NIST SP 800-53, NIST SP 800-53A, the NIST Cybersecurity Framework, NIST IR 8183, and the new Cybersecurity Maturity Model Certification (CMMC) standards and trace them to a cyber-physical system model. Analyses will be developed to automatically assess compliance gaps in the system relative to the standards. Stakeholder-specific reports with analysis results and recommendations will be generated automatically. The extensible tool will improve the efficiency of understanding and applying existing, evolving, and new NIST standards.
