NIST CSF to CIS Controls Mapping
|
NIST CSF Function |
CIS Controls |
|
Identify |
1. Inventory and Control of Hardware Assets |
|
2. Inventory and Control of Software Assets |
|
|
Protect |
3. Data Protection |
|
4. Secure Configuration of Enterprise Assets and Software |
|
|
5. Account Management |
|
|
6. Access Control Management |
|
|
7. Continuous Vulnerability Management |
|
|
8. Audit Log Management |
|
|
9. Email and Web Browser Protections |
|
|
10. Malware Defenses |
|
|
11. Data Recovery |
|
|
12. Network Infrastructure Management |
|
|
13. Network Monitoring and Defense |
|
|
Detect |
14. Security Awareness and Skills Training |
|
15. Service Provider Management |
|
|
16. Application Software Security |
|
|
Respond |
17. Incident Response Management |
|
Recover |
18. Penetration Testing |
|
CIS Control |
NIST CSF Function |
NIST CSF Category |
|
1. Inventory and Control of Enterprise Assets |
Identify (ID) |
ID.AM - Asset Management |
|
2. Inventory and Control of Software Assets |
Identify (ID) |
ID.AM - Asset Management |
|
3. Data Protection |
Protect (PR) |
PR.DS - Data Security |
|
4. Secure Configuration of Enterprise Assets and Software |
Protect (PR) |
PR.IP - Information Protection Processes and Procedures |
|
5. Account Management |
Protect (PR) |
PR.AC - Identity Management, Authentication and Access Control |
|
6. Access Control Management |
Protect (PR) |
PR.AC - Identity Management, Authentication and Access Control |
|
7. Continuous Vulnerability Management |
Protect (PR) |
PR.IP - Information Protection Processes and Procedures |
|
8. Audit Log Management |
Detect (DE) |
DE.AE - Anomalies and Events |
|
9. Email and Web Browser Protections |
Protect (PR) |
PR.AT - Awareness and Training |
|
10. Malware Defenses |
Protect (PR) |
PR.DS - Data Security |
|
11. Data Recovery |
Recover (RC) |
RC.RP - Recovery Planning |
|
12. Network Infrastructure Management |
Protect (PR) |
PR.PT - Protective Technology |
|
13. Network Monitoring and Defense |
Detect (DE) |
DE.CM - Security Continuous Monitoring |
|
14. Security Awareness and Skills Training |
Protect (PR) |
PR.AT - Awareness and Training |
|
15. Service Provider Management |
Identify (ID) |
ID.SC - Supply Chain Risk Management |
|
16. Application Software Security |
Protect (PR) |
PR.IP - Information Protection Processes and Procedures |
|
17. Incident Response Management |
Respond (RS) |
RS.RP - Response Planning |
|
18. Penetration Testing |
Identify (ID) |
ID.RA - Risk Assessment |
This crosswalk table example demonstrates how the CIS Controls align with the core functions and categories of the NIST Cybersecurity Framework. It helps organizations integrate these two frameworks to enhance their cyber risk resilience and streamline compliance efforts.
CyberSaint offers a comprehensive solution to simplify and automate crosswalking between cybersecurity frameworks. The CyberStrong platform leverages advanced technologies such as Natural Language Processing (NLP) and artificial intelligence to enable rapid and accurate mapping of controls across various frameworks. This automated approach allows organizations to perform crosswalks in seconds, significantly reducing the time and effort traditionally required for manual mapping.
CyberStrong's capabilities include:
- Automated crosswalking between frameworks like NIST CSF, CMMC, ISO 27001, and custom control sets.
- Crosswalking templates to ensure consistency across multiple departments and risk assessments.
- Real-time updates on technical control scores through Continuous Control Automation (CCA).
- The ability to conduct one-to-one and one-to-many crosswalks efficiently.
- Support over 60 industry frameworks, with the flexibility to add custom frameworks.
By streamlining the crosswalking process, CyberSaint enables organizations to more effectively manage their cybersecurity posture across multiple frameworks, facilitate compliance efforts, and gain comprehensive insights into their risk landscape.
Read More:
LEARN MORE ABOUT THE NIST CYBERSECURITY FRAMEWORK
Download the NIST CSF Guide
