CIS Controls v8 → NIST 800-53 crosswalk

A control-by-control mapping between CIS Critical Security Controls v8 and NIST SP 800-53 Rev. 5. 8 mappings.

CIS Controls v8	NIST 800-53	Relationship	Notes
1.1 Establish and maintain detailed enterprise asset inventory	CM-8 System component inventory	EquivalentCurated	Asset & data inventory
11.1 Establish and maintain a data recovery process	CP-9 System backup	EquivalentCurated	Backup & recovery
3.11 Encrypt sensitive data at rest	SC-8 Transmission confidentiality and integrity	EquivalentCurated	Cryptography & data protection
3.11 Encrypt sensitive data at rest	SC-28 Protection of information at rest	EquivalentCurated	Cryptography & data protection
4.1 Establish and maintain a secure configuration process	CM-6 Configuration settings	EquivalentCurated	Secure configuration & hardening
6.1 Establish an access granting process	AC-2 Account management	EquivalentCurated	Access control & identity
7.1 Establish and maintain a vulnerability management process	RA-5 Vulnerability monitoring and scanning	EquivalentCurated	Vulnerability management
8.1 Establish and maintain an audit log management process	AU-2 Event logging	EquivalentCurated	Logging, monitoring & detection

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.