CIS Controls v8 → ISO 27001 crosswalk

A control-by-control mapping between CIS Critical Security Controls v8 and ISO/IEC 27001:2022. 10 mappings.

CIS Controls v8	ISO 27001	Relationship	Notes
1.1 Establish and maintain detailed enterprise asset inventory	A.5.9 Inventory of information and other associated assets	EquivalentOfficial mapping	Inventaire des actifs et des données
11.1 Establish and maintain a data recovery process	A.8.13 Information backup	EquivalentOfficial mapping	Sauvegarde et restauration
3.11 Encrypt sensitive data at rest	A.8.24 Use of cryptography	EquivalentOfficial mapping	Cryptographie et protection des données
4.1 Establish and maintain a secure configuration process	A.8.9 Configuration management	EquivalentOfficial mapping	Configuration sécurisée et durcissement
5.1 Establish and maintain an inventory of accounts	A.5.15 Access control	PartialOfficial mapping	—
6.1 Establish an access granting process	A.5.15 Access control	EquivalentOfficial mapping	Contrôle d'accès et identité
6.1 Establish an access granting process	A.5.16 Identity management	EquivalentCurated	Contrôle d'accès et identité
7.1 Establish and maintain a vulnerability management process	A.8.8 Management of technical vulnerabilities	EquivalentOfficial mapping	Gestion des vulnérabilités
8.1 Establish and maintain an audit log management process	A.8.16 Monitoring activities	EquivalentOfficial mapping	Journalisation, surveillance et détection
8.1 Establish and maintain an audit log management process	A.8.15 Logging	EquivalentCurated	Journalisation, surveillance et détection

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.