CIS Controls v8 → GLBA crosswalk
A control-by-control mapping between CIS Critical Security Controls v8 and GLBA Safeguards Rule (16 CFR Part 314). 4 mappings.
| CIS Controls v8 | GLBA | Relationship | Notes |
|---|---|---|---|
| 3.11 Encrypt sensitive data at rest | §314.4(c)(3) Encryption of customer information | EquivalentCurated | Cryptography & data protection |
| 6.1 Establish an access granting process | §314.4(c)(1) Access controls | EquivalentCurated | Access control & identity |
| 7.1 Establish and maintain a vulnerability management process | §314.4(d) Regularly test or monitor safeguards | PartialCurated | Vulnerability management |
| 8.1 Establish and maintain an audit log management process | §314.4(c)(8) Monitoring and logging of authorized user activity | EquivalentCurated | Logging, monitoring & detection |
Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.