HomeCIS Critical Security ControlsMapping and Compliance with the CIS Controls

Mapping and Compliance with the CIS Controls

Collaboration Enhances Cybersecurity Compliance

We are in a multi-framework era where organizations large and small, public and private, are tasked with complying with multiple cybersecurity policy, regulatory, and legal frameworks. From the organizational policies and workflows laid out in the CIS Critical Security Controls (CIS Controls), our resources are developed to work well as stand-alone resources or as companions to additional frameworks.

CIS Controls Navigator — Use our CIS Controls Navigator to identify how the Controls map to other security frameworks and fit into your broader security program.

CIS Controls Mappings — Use individual mappings in Microsoft® Excel® format to map to over 25 different frameworks. Find them on our website here or on CIS WorkBench.

Framework Mappings

Below are just some of the frameworks that the CIS Controls map to:

Payment Card Industry Data Security Standard (PCI DSS)

The CIS Controls can help with multiple aspects of PCI DSS compliance. Some of the world’s biggest retailers use resources included in CIS SecureSuite to help meet PCI DSS requirements.

CIS Controls v8.1 mapping to PCI DSS v4.0

National Institute of Standards and Technology (NIST®)

NIST is a leading agency in technical standards and guidelines for organizations working towards compliance. The CIS Controls have been recognized by users as a robust on-ramp to meeting NIST cybersecurity standards within their organization. Some helpful resources include:

CIS Controls v8.1 mapping to NIST Cybersecurity Framework (CSF) 2.0
CIS Controls v8.1 mapping to NIST SP 800-53 R5 Low and Moderate Baseline
CIS Controls v8.1 mapping to NIST SP 800-171 R2
NIST’s National Online Informative References Program (OLIR) Submission V1

Health Insurance Portability and Accountability Act (HIPAA)

The HIPAA security rule establishes the baseline for protecting the security of patient information within the healthcare industry. The CIS Controls complement the HIPAA security rule and contain many of the same provisions. Since the CIS Controls and Safeguards are regularly updated based on real-world attack patterns, the CIS Controls can help healthcare organizations “round out” their cybersecurity program to address risks outside the HIPAA security rule.

CIS Controls v8.1 mapping to HIPAA

International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001

ISO/IEC provides independent, globally recognized standards for securing technologies. ISO/IEC 27001 helps enterprises defend against cyber threats and information security risks. Because the CIS Controls provide guidance addressing major cybersecurity needs such as asset classification, authentication methods and privileges, event logging, and encryption, they are also frequently used by enterprises seeking ISO compliance.

CIS Controls v8.1 mapping to ISO/IEC 27001:2002

 


View our Resource page for CIS Controls mappings to other frameworks and more

View Resources

Get the Latest Version of the CIS Controls

Download CIS Controls v8.1

Need Support?

Email us with any questions you might have at [email protected].

 

Information Hub

CIS Controls

White Paper03.17.2025
CIS Controls v8.1 Mapping to GSMA FS.31 Baseline Security Controls v4.0
Read More
White Paper03.17.2025
CIS Controls v8.1 Mapping to ASD Essential Eight
Read More
White Paper03.17.2025
CIS Controls v8.1 Mapping to NCSC CAF v3.2
Read More
White Paper03.17.2025
CIS Controls v8.1 Mapping to NZISM v3.8
Read More