Skip to content
Cyber Compliance

ISO 27001PCI DSS crosswalk

A control-by-control mapping between ISO/IEC 27001:2022 and PCI DSS v4.0. 11 mappings.

ISO 27001PCI DSSRelationshipNotes
A.5.1
Policies for information security
Req. 12
Support information security with organizational policies and programs
RelatedCurated
Gouvernance et politique de sécurité
A.5.15
Access control
Req. 7
Restrict access by business need to know
EquivalentCurated
Contrôle d'accès et identité
A.5.15
Access control
Req. 8
Identify users and authenticate access
EquivalentCurated
Contrôle d'accès et identité
A.5.16
Identity management
Req. 7
Restrict access by business need to know
EquivalentCurated
Contrôle d'accès et identité
A.5.16
Identity management
Req. 8
Identify users and authenticate access
EquivalentCurated
Contrôle d'accès et identité
A.8.15
Logging
Req. 10
Log and monitor all access to system components and cardholder data
EquivalentCurated
Journalisation, surveillance et détection
A.8.16
Monitoring activities
Req. 10
Log and monitor all access to system components and cardholder data
EquivalentCurated
Journalisation, surveillance et détection
A.8.24
Use of cryptography
Req. 3
Protect stored account data
EquivalentCurated
Cryptographie et protection des données
A.8.24
Use of cryptography
Req. 4
Protect cardholder data with strong cryptography during transmission
EquivalentCurated
Cryptographie et protection des données
A.8.8
Management of technical vulnerabilities
Req. 11
Test security of systems and networks regularly
EquivalentCurated
Gestion des vulnérabilités
A.8.9
Configuration management
Req. 2
Apply secure configurations to all system components
EquivalentCurated
Configuration sécurisée et durcissement

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.