Essential Eight → NIST 800-171 crosswalk

A control-by-control mapping between ACSC Essential Eight and NIST SP 800-171 Rev. 2. 7 mappings.

Essential Eight	NIST 800-171	Relationship	Notes
E8-1 Patch applications	3.11.2 Scan for vulnerabilities	EquivalentCurated	Vulnerability management
E8-2 Patch operating systems	3.11.2 Scan for vulnerabilities	EquivalentCurated	Vulnerability management
E8-3 Multi-factor authentication	3.1.1 Limit system access to authorized users	PartialCurated	Access control & identity
E8-4 Restrict administrative privileges	3.1.1 Limit system access to authorized users	PartialCurated	Access control & identity
E8-5 Application control	3.4.2 Establish and enforce security configuration settings	PartialCurated	Secure configuration & hardening
E8-6 Restrict Microsoft Office macros	3.4.2 Establish and enforce security configuration settings	PartialCurated	Secure configuration & hardening
E8-7 User application hardening	3.4.2 Establish and enforce security configuration settings	PartialCurated	Secure configuration & hardening

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.