Each mapping is provided online in an Excel file and organized into four categories:
- CSF 1.1 subcategory mappings,
- CSF 2.0 subcategory mappings,
- NIST SP 800-53 control mappings, and
- NIST critical software security measure mappings.
For each category, there are two types of mappings: a general mapping from the Zero Trust Architecture (ZTA) reference design logical components to the corresponding framework or standard (CSF, SP 800-53, or NIST critical software security measures), and collaborator-specific mappings that link ZTA technology component capabilities used in project builds to the same frameworks or standards. Table 1 supplies direct links to access each mapping file.