Jump to content


List of Existing Mappings and Add-Ons?

4 replies to this topic

#1 Jack Whitsitt

Jack Whitsitt


  • Blogger
  • PipPip
  • 10 posts

Posted 05 January 2015 - 12:19 PM

Does anyone know of a list that's being maintained (or at least that's been created) of mappings and add-ons folks have done to/for the framework so far? I've seen plenty floating around, but it seems like keeping track of the public ones would be helpful (I sure could use such a list right now myself).

#2 Tom.Conkle



  • Administrators
  • 20 posts

Posted 12 January 2015 - 03:39 PM

   Appendix A of the Energy Sector Cybersecurity Framework Implementation Guidance contains the mapping from C2M2 to the Cybersecurity Framework.  The document is located here.  


  There are several articles referencing additional mappings.  The recent UTC Journal, 4th Quarter 2014 edition, contains an article, "NIST Cybersecurity Framework Grows Up" from Nadya Bartol that references mappings from the North American Energy Reliability Corporation (NERC) Critical Infrastructure Sector (CIP) Version 3 and Version 5  to the Cybersecurity Framework.  The HITRUST Alliance stated they completed a mapping between the Common Security Framework (CSF) and HIPAA to the Cybersecurity Framework per Dr. Cline; see "CSF Support for HIPAA and NIST Implementation and Compliance."  I've also seen articles referencing SOC II and PCI mappings to the Framework, but I haven't been able to locate the actual mappings.  


  I agree this would be a great thread to include and track mappings as they are made available to the public and/or a reference list of the POCs that maintain the mappings if the mappings are controlled.

#3 Jack Whitsitt

Jack Whitsitt


  • Blogger
  • PipPip
  • 10 posts

Posted 03 March 2015 - 12:59 AM

Thanks for this, Tom, these links are helpful (Sorry for the delayed acknowledgement, I've been buried).  I'm likely going to have to start compiling links and references. If I do, I'll post them here.

#4 Greg Witte

Greg Witte


  • Administrators
  • 25 posts

Posted 10 March 2015 - 05:46 AM

For those that haven't seen it, there is now a resources link at NIST:http://www.nist.gov/...y-resources.cfm

It isn't meant to be exhaustive and I don't yet know how often it will be updated, but there might be some helpful information there.


#5 Phil Wilson

Phil Wilson


  • User
  • Pip
  • 8 posts

Posted 28 April 2017 - 09:50 AM

Hi Jack,Tom, Greg;

You may be familiar with our member's use of the Common Controls Hub which is not only the largest database of external regulatory requirements, but also contains comprehensive and detailed GRC configuration capabilities. Please opt-in for free at http://grcsphere.pwc...com/select-role and we will provision an account for you. Again, no charge.


We are looking forward to the release of the Mapper which supersedes all the work we have done in the past on spreadsheets, but does not obsolete our own mapping work.


For those more technically inclined, we have a graphical programming tool that offers expert system support and we are using this Member facility to build advanced NIST CSF tools for industry-driven crowdsourcing and benchmarking. We have a foundation paper on this if you're interested.



Reply to this topic


0 user(s) are reading this topic

0 users, 0 guests, 0 anonymous users