NIST 800-53 → NIST CSF 2.0 crosswalk
A control-by-control mapping between NIST SP 800-53 Rev. 5 and NIST Cybersecurity Framework 2.0. 14 mappings.
| NIST 800-53 | NIST CSF 2.0 | Relationship | Notes |
|---|---|---|---|
| AC-2 Account management | PR.AA-01 Identities and credentials managed | EquivalentOfficial mapping | Access control & identity |
| AC-2 Account management | PR.AA-05 Access permissions and authorizations enforced | EquivalentCurated | Access control & identity |
| AU-2 Event logging | DE.CM-01 Networks and services monitored | EquivalentCurated | Logging, monitoring & detection |
| AU-2 Event logging | PR.PS-04 Log records generated for monitoring | EquivalentOfficial mapping | Logging, monitoring & detection |
| CM-6 Configuration settings | PR.PS-01 Configuration management practices established | EquivalentOfficial mapping | Secure configuration & hardening |
| CM-8 System component inventory | ID.AM-01 Inventories of hardware managed | EquivalentOfficial mapping | Asset & data inventory |
| CP-9 System backup | PR.DS-11 Backups of data created and tested | EquivalentOfficial mapping | Backup & recovery |
| PM-1 Information security program plan | GV.OC-01 Organizational mission and security role understood | RelatedCurated | Governance & security policy |
| RA-3 Risk assessment | ID.RA-01 Vulnerabilities identified and recorded | PartialOfficial mapping | Risk assessment & management |
| RA-5 Vulnerability monitoring and scanning | ID.RA-01 Vulnerabilities identified and recorded | EquivalentOfficial mapping | Vulnerability management |
| SC-28 Protection of information at rest | PR.DS-01 Confidentiality of data-at-rest protected | EquivalentOfficial mapping | Cryptography & data protection |
| SC-28 Protection of information at rest | PR.DS-02 Confidentiality of data-in-transit protected | EquivalentCurated | Cryptography & data protection |
| SC-8 Transmission confidentiality and integrity | PR.DS-01 Confidentiality of data-at-rest protected | EquivalentCurated | Cryptography & data protection |
| SC-8 Transmission confidentiality and integrity | PR.DS-02 Confidentiality of data-in-transit protected | EquivalentOfficial mapping | Cryptography & data protection |
Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.