NIST CSF 2.0 → SOC 2 crosswalk
A control-by-control mapping between NIST Cybersecurity Framework 2.0 and SOC 2 (AICPA Trust Services Criteria). 8 mappings.
| NIST CSF 2.0 | SOC 2 | Relationship | Notes |
|---|---|---|---|
| DE.CM-01 Networks and services monitored | CC7.2 Security event monitoring | EquivalentCurated | Journalisation, surveillance et détection |
| GV.OC-01 Organizational mission and security role understood | CC1.1 Integrity and ethical values | RelatedCurated | Gouvernance et politique de sécurité |
| ID.RA-01 Vulnerabilities identified and recorded | CC7.1 Vulnerability detection and monitoring | EquivalentCurated | Gestion des vulnérabilités |
| PR.AA-01 Identities and credentials managed | CC6.1 Logical access security controls | EquivalentCurated | Contrôle d'accès et identité |
| PR.AA-05 Access permissions and authorizations enforced | CC6.1 Logical access security controls | EquivalentCurated | Contrôle d'accès et identité |
| PR.DS-01 Confidentiality of data-at-rest protected | CC6.7 Restricting data transmission | PartialCurated | Cryptographie et protection des données |
| PR.DS-02 Confidentiality of data-in-transit protected | CC6.7 Restricting data transmission | PartialCurated | Cryptographie et protection des données |
| PR.PS-04 Log records generated for monitoring | CC7.2 Security event monitoring | EquivalentCurated | Journalisation, surveillance et détection |
Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.