CCPA / CPRA → NIST 800-171 crosswalk

A control-by-control mapping between California Consumer Privacy Act (as amended by CPRA) and NIST SP 800-171 Rev. 2. 1 mappings.

CCPA / CPRA	NIST 800-171	Relationship	Notes
§1798.150 Duty to implement reasonable security	3.11.1 Periodically assess risk	RelatedCurated	Risk assessment & management

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.