CIS Controls v8 → Essential Eight crosswalk
A control-by-control mapping between CIS Critical Security Controls v8 and ACSC Essential Eight. 8 mappings.
| CIS Controls v8 | Essential Eight | Relationship | Notes |
|---|---|---|---|
| 11.1 Establish and maintain a data recovery process | E8-8 Regular backups | EquivalentCurated | Backup & recovery |
| 4.1 Establish and maintain a secure configuration process | E8-5 Application control | PartialCurated | Secure configuration & hardening |
| 4.1 Establish and maintain a secure configuration process | E8-6 Restrict Microsoft Office macros | PartialCurated | Secure configuration & hardening |
| 4.1 Establish and maintain a secure configuration process | E8-7 User application hardening | PartialCurated | Secure configuration & hardening |
| 6.1 Establish an access granting process | E8-3 Multi-factor authentication | PartialCurated | Access control & identity |
| 6.1 Establish an access granting process | E8-4 Restrict administrative privileges | PartialCurated | Access control & identity |
| 7.1 Establish and maintain a vulnerability management process | E8-1 Patch applications | EquivalentCurated | Vulnerability management |
| 7.1 Establish and maintain a vulnerability management process | E8-2 Patch operating systems | EquivalentCurated | Vulnerability management |
Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.