CIS Controls v8.1 introduced significant updates to align with NIST Cybersecurity Framework (CSF) 2.0, including the addition of a dedicated “Governance” security function to address organizational oversight and compliance requirements. The mapping between CIS Controls v8.1 and NIST CSF 2.0 emphasizes equivalent controls, subsets, and supersets, enabling organizations to bridge implementation gaps across frameworks. Key updates include revised asset class definitions, clearer Safeguard descriptions, and expanded glossary terms (e.g., “sensitive data”) to ensure consistency with NIST CSF 2.0’s structure. This alignment helps organizations demonstrate compliance while maintaining the CIS Controls’ prioritized approach to mitigating prevalent cyber threats.
Publication's URL
https://www.cisecurity.org/insights/white-papers/cis-controls-v8-1-mapping-to-nist-csf-2-0Additional documents on this topic
- NIST CSF 2.0 Mapping to ISO 27002:2022
- CRI Cyber Risk Institute Profile for Financial Sector v2.1 ★★★★★
- NIST IR 8374 Rev. 1 Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile
- COMPLIANCE FORGE Secure Controls Framework (SCF) Control Mapping ★★★★★
- NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile ★★★★★
Very informative. I appreciate the effort.