Mapping
Mapping documents are analytical instruments that establish correspondences between different types of documents—such as laws and regulations, standards, contractual obligations, frameworks, and guidelines—issued by various authorities and standard-setting bodies. Their purpose is to identify overlaps, gaps, and equivalences between requirements, enabling organizations to streamline compliance and avoid duplication of controls. For example, a mapping may align obligations under the NIS2 Directive with controls from ISO/IEC 27001 and categories of the NIST Cybersecurity Framework, showing how a single control can satisfy multiple external expectations. These documents are particularly valuable in multi-jurisdictional or multi-framework environments, as they provide traceability across issuers (legislators, regulators, standards bodies, and industry groups) and support integrated governance, risk, and compliance management.