CIS Controls v8 → ISO 27001 crosswalk
A control-by-control mapping between CIS Critical Security Controls v8 and ISO/IEC 27001:2022. 10 mappings.
| CIS Controls v8 | ISO 27001 | Relationship | Notes |
|---|---|---|---|
| 1.1 Establish and maintain detailed enterprise asset inventory | A.5.9 Inventory of information and other associated assets | EquivalentOfficial mapping | Asset & data inventory |
| 11.1 Establish and maintain a data recovery process | A.8.13 Information backup | EquivalentOfficial mapping | Backup & recovery |
| 3.11 Encrypt sensitive data at rest | A.8.24 Use of cryptography | EquivalentOfficial mapping | Cryptography & data protection |
| 4.1 Establish and maintain a secure configuration process | A.8.9 Configuration management | EquivalentOfficial mapping | Secure configuration & hardening |
| 5.1 Establish and maintain an inventory of accounts | A.5.15 Access control | PartialOfficial mapping | — |
| 6.1 Establish an access granting process | A.5.15 Access control | EquivalentOfficial mapping | Access control & identity |
| 6.1 Establish an access granting process | A.5.16 Identity management | EquivalentCurated | Access control & identity |
| 7.1 Establish and maintain a vulnerability management process | A.8.8 Management of technical vulnerabilities | EquivalentOfficial mapping | Vulnerability management |
| 8.1 Establish and maintain an audit log management process | A.8.16 Monitoring activities | EquivalentOfficial mapping | Logging, monitoring & detection |
| 8.1 Establish and maintain an audit log management process | A.8.15 Logging | EquivalentCurated | Logging, monitoring & detection |
Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.