Hello!

I am trying to create a Security Configuration Checklist for Microsoft 365. There appear to be two options for support on this in the NIST National Checklist Program here (https://ncp.nist.gov/repository?sortBy=modifiedDate%7Cdesc&keyword=online). Either the CIS 365 Benchmark or the SCuBA tool from CISA. I have found a mapping to 800-53 using CIS 365 Benchmark controls. But I haven't found a mapping to 800-53 for the SCuBA controls. Does such a thing exist? Can I choose either checklist to create the SCC? Thanks for any input or comments.