Skip to content
Cyber Compliance

CIS Controls v8NIST 800-171 crosswalk

A control-by-control mapping between CIS Critical Security Controls v8 and NIST SP 800-171 Rev. 2. 5 mappings.

CIS Controls v8NIST 800-171RelationshipNotes
3.11
Encrypt sensitive data at rest
3.13.11
Employ FIPS-validated cryptography
EquivalentCurated
Cryptography & data protection
4.1
Establish and maintain a secure configuration process
3.4.2
Establish and enforce security configuration settings
EquivalentCurated
Secure configuration & hardening
6.1
Establish an access granting process
3.1.1
Limit system access to authorized users
EquivalentCurated
Access control & identity
7.1
Establish and maintain a vulnerability management process
3.11.2
Scan for vulnerabilities
EquivalentCurated
Vulnerability management
8.1
Establish and maintain an audit log management process
3.3.1
Create and retain audit logs
EquivalentCurated
Logging, monitoring & detection

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.