Skip to content
Cyber Compliance

NIST CSF 2.0PCI DSS crosswalk

A control-by-control mapping between NIST Cybersecurity Framework 2.0 and PCI DSS v4.0. 13 mappings.

NIST CSF 2.0PCI DSSRelationshipNotes
DE.CM-01
Networks and services monitored
Req. 10
Log and monitor all access to system components and cardholder data
EquivalentOfficial mapping
Journalisation, surveillance et détection
GV.OC-01
Organizational mission and security role understood
Req. 12
Support information security with organizational policies and programs
PartialOfficial mapping
Gouvernance et politique de sécurité
ID.RA-01
Vulnerabilities identified and recorded
Req. 11
Test security of systems and networks regularly
EquivalentOfficial mapping
Gestion des vulnérabilités
PR.AA-01
Identities and credentials managed
Req. 7
Restrict access by business need to know
EquivalentCurated
Contrôle d'accès et identité
PR.AA-01
Identities and credentials managed
Req. 8
Identify users and authenticate access
EquivalentOfficial mapping
Contrôle d'accès et identité
PR.AA-05
Access permissions and authorizations enforced
Req. 7
Restrict access by business need to know
EquivalentOfficial mapping
Contrôle d'accès et identité
PR.AA-05
Access permissions and authorizations enforced
Req. 8
Identify users and authenticate access
EquivalentCurated
Contrôle d'accès et identité
PR.DS-01
Confidentiality of data-at-rest protected
Req. 3
Protect stored account data
EquivalentOfficial mapping
Cryptographie et protection des données
PR.DS-01
Confidentiality of data-at-rest protected
Req. 4
Protect cardholder data with strong cryptography during transmission
EquivalentCurated
Cryptographie et protection des données
PR.DS-02
Confidentiality of data-in-transit protected
Req. 3
Protect stored account data
EquivalentCurated
Cryptographie et protection des données
PR.DS-02
Confidentiality of data-in-transit protected
Req. 4
Protect cardholder data with strong cryptography during transmission
EquivalentOfficial mapping
Cryptographie et protection des données
PR.PS-01
Configuration management practices established
Req. 2
Apply secure configurations to all system components
EquivalentOfficial mapping
Configuration sécurisée et durcissement
PR.PS-04
Log records generated for monitoring
Req. 10
Log and monitor all access to system components and cardholder data
EquivalentOfficial mapping
Journalisation, surveillance et détection

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.