CIS Controls v8 → NIST CSF 2.0 crosswalk

A control-by-control mapping between CIS Critical Security Controls v8 and NIST Cybersecurity Framework 2.0. 10 mappings.

CIS Controls v8	NIST CSF 2.0	Relationship	Notes
1.1 Establish and maintain detailed enterprise asset inventory	ID.AM-01 Inventories of hardware managed	EquivalentOfficial mapping	Inventaire des actifs et des données
11.1 Establish and maintain a data recovery process	PR.DS-11 Backups of data created and tested	EquivalentOfficial mapping	Sauvegarde et restauration
3.11 Encrypt sensitive data at rest	PR.DS-01 Confidentiality of data-at-rest protected	EquivalentOfficial mapping	Cryptographie et protection des données
3.11 Encrypt sensitive data at rest	PR.DS-02 Confidentiality of data-in-transit protected	EquivalentCurated	Cryptographie et protection des données
4.1 Establish and maintain a secure configuration process	PR.PS-01 Configuration management practices established	EquivalentOfficial mapping	Configuration sécurisée et durcissement
6.1 Establish an access granting process	PR.AA-01 Identities and credentials managed	EquivalentOfficial mapping	Contrôle d'accès et identité
6.1 Establish an access granting process	PR.AA-05 Access permissions and authorizations enforced	EquivalentCurated	Contrôle d'accès et identité
7.1 Establish and maintain a vulnerability management process	ID.RA-01 Vulnerabilities identified and recorded	EquivalentOfficial mapping	Gestion des vulnérabilités
8.1 Establish and maintain an audit log management process	DE.CM-01 Networks and services monitored	EquivalentOfficial mapping	Journalisation, surveillance et détection
8.1 Establish and maintain an audit log management process	PR.PS-04 Log records generated for monitoring	EquivalentCurated	Journalisation, surveillance et détection

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.