Jump to content
Jack Whitsitt

List of Existing Mappings and Add-Ons?

Recommended Posts

Does anyone know of a list that's being maintained (or at least that's been created) of mappings and add-ons folks have done to/for the framework so far? I've seen plenty floating around, but it seems like keeping track of the public ones would be helpful (I sure could use such a list right now myself).

Share this post

Link to post
Share on other sites

   Appendix A of the Energy Sector Cybersecurity Framework Implementation Guidance contains the mapping from C2M2 to the Cybersecurity Framework.  The document is located here.  


  There are several articles referencing additional mappings.  The recent UTC Journal, 4th Quarter 2014 edition, contains an article, "NIST Cybersecurity Framework Grows Up" from Nadya Bartol that references mappings from the North American Energy Reliability Corporation (NERC) Critical Infrastructure Sector (CIP) Version 3 and Version 5  to the Cybersecurity Framework.  The HITRUST Alliance stated they completed a mapping between the Common Security Framework (CSF) and HIPAA to the Cybersecurity Framework per Dr. Cline; see "CSF Support for HIPAA and NIST Implementation and Compliance."  I've also seen articles referencing SOC II and PCI mappings to the Framework, but I haven't been able to locate the actual mappings.  


  I agree this would be a great thread to include and track mappings as they are made available to the public and/or a reference list of the POCs that maintain the mappings if the mappings are controlled.

Share this post

Link to post
Share on other sites

Hi Jack,Tom, Greg;

You may be familiar with our member's use of the Common Controls Hub which is not only the largest database of external regulatory requirements, but also contains comprehensive and detailed GRC configuration capabilities. Please opt-in for free at http://grcsphere.pwcstores.com/select-role and we will provision an account for you. Again, no charge.


We are looking forward to the release of the Mapper which supersedes all the work we have done in the past on spreadsheets, but does not obsolete our own mapping work.


For those more technically inclined, we have a graphical programming tool that offers expert system support and we are using this Member facility to build advanced NIST CSF tools for industry-driven crowdsourcing and benchmarking. We have a foundation paper on this if you're interested.



Share this post

Link to post
Share on other sites
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.