Essential Eight → NIST CSF 2.0 crosswalk
A control-by-control mapping between ACSC Essential Eight and NIST Cybersecurity Framework 2.0. 10 mappings.
| Essential Eight | NIST CSF 2.0 | Relationship | Notes |
|---|---|---|---|
| E8-1 Patch applications | ID.RA-01 Vulnerabilities identified and recorded | EquivalentCurated | Vulnerability management |
| E8-2 Patch operating systems | ID.RA-01 Vulnerabilities identified and recorded | EquivalentCurated | Vulnerability management |
| E8-3 Multi-factor authentication | PR.AA-01 Identities and credentials managed | PartialCurated | Access control & identity |
| E8-3 Multi-factor authentication | PR.AA-05 Access permissions and authorizations enforced | PartialCurated | Access control & identity |
| E8-4 Restrict administrative privileges | PR.AA-01 Identities and credentials managed | PartialCurated | Access control & identity |
| E8-4 Restrict administrative privileges | PR.AA-05 Access permissions and authorizations enforced | PartialCurated | Access control & identity |
| E8-5 Application control | PR.PS-01 Configuration management practices established | PartialCurated | Secure configuration & hardening |
| E8-6 Restrict Microsoft Office macros | PR.PS-01 Configuration management practices established | PartialCurated | Secure configuration & hardening |
| E8-7 User application hardening | PR.PS-01 Configuration management practices established | PartialCurated | Secure configuration & hardening |
| E8-8 Regular backups | PR.DS-11 Backups of data created and tested | EquivalentCurated | Backup & recovery |
Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.