CIS Controls v8 → NIST CSF 2.0 crosswalk
A control-by-control mapping between CIS Critical Security Controls v8 and NIST Cybersecurity Framework 2.0. 10 mappings.
| CIS Controls v8 | NIST CSF 2.0 | Relationship | Notes |
|---|---|---|---|
| 1.1 Establish and maintain detailed enterprise asset inventory | ID.AM-01 Inventories of hardware managed | EquivalentOfficial mapping | Asset & data inventory |
| 11.1 Establish and maintain a data recovery process | PR.DS-11 Backups of data created and tested | EquivalentOfficial mapping | Backup & recovery |
| 3.11 Encrypt sensitive data at rest | PR.DS-01 Confidentiality of data-at-rest protected | EquivalentOfficial mapping | Cryptography & data protection |
| 3.11 Encrypt sensitive data at rest | PR.DS-02 Confidentiality of data-in-transit protected | EquivalentCurated | Cryptography & data protection |
| 4.1 Establish and maintain a secure configuration process | PR.PS-01 Configuration management practices established | EquivalentOfficial mapping | Secure configuration & hardening |
| 6.1 Establish an access granting process | PR.AA-01 Identities and credentials managed | EquivalentOfficial mapping | Access control & identity |
| 6.1 Establish an access granting process | PR.AA-05 Access permissions and authorizations enforced | EquivalentCurated | Access control & identity |
| 7.1 Establish and maintain a vulnerability management process | ID.RA-01 Vulnerabilities identified and recorded | EquivalentOfficial mapping | Vulnerability management |
| 8.1 Establish and maintain an audit log management process | DE.CM-01 Networks and services monitored | EquivalentOfficial mapping | Logging, monitoring & detection |
| 8.1 Establish and maintain an audit log management process | PR.PS-04 Log records generated for monitoring | EquivalentCurated | Logging, monitoring & detection |
Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.