A collection of awesome security controls mapping for solutions across frameworks.
Before contributing, please review the Contribution Guidelines.
Center for Internet Security Overview
- 20 CIS Controls & Resources - The top 20 critical security controls as recommended by CIS.
- Tanium - Tanium solutions and modules aligning to the CIS controls.
- Qualys - Qualys correlating the CIS Critical Security Controls 2016 from NIST CSF.
- IBM - IBM solutions and modules mapping to the HIPAA framework.
- HIPAA - HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework.
MITRE ATT&CK Design and Philosophy
- Evaluations - MITRE evaluates cybersecurity products using an open methodology based on the ATT&CK™ framework.
Cybersecurity Framework Overview
- Aruba - Aruba 360 Secure Fabric mapping other frameworks to overall NIST CSF.
- Avecto - Avecto white paper to secure user privileges.
- AWS - Evaluate and align the NIST CSF and the many AWS Cloud offerings public and commercial.
- Cisco - Detailed presentation from Cisco LIVE! on Cisco's portfolio to CSF satisfaction.
- Concurrency - Concurrency correlates Microsoft technologies to NIST CSF, RMF, ISO, and GDPR.
- FFIEC Cybersecurity Assessment Tool - FFIEC Cybersecurity Assessment Tool to organizational implementation of the NIST CSF.
- ForcePoint - Forcepoint’s Human Point System high level mapping to NIST CSF.
- ForeScout - CSF mapping across solutions provided by ForeScout.
- McAfee- McAfee mapping CSF to solutions and partner solutions.
- Microsoft - Microsoft mapping of cybersecurity offerings across NIST CSF, CIS, and ISO27001:2013 frameworks.
- NIST - NIST mapping of CSF categories to NIST SP 800-53 controls.
- NIST CSF and HITRUST CSF Mapping - Table is based on initial mappings of the controls in the 2015 CSF v7 release to the NIST CSF subcategories.
- Mapping PCI DSS v3.2.1 to the NIST Cybersecurity Framework v1.1 - The resultant mapping shows where the NIST Framework and PCI DSS contribute to the same security outcomes.
- Sentinel One - Breakdown of SentinelOne addressing each of the five function within the NIST Framework Core.
- Tanium - Tanium solutions and modules addressing NIST CSF.
- Titus - Titus solutions aligning with the Identify, Detect, and Respond functions of the Framework.
- Certifications - Illustrative mapping of certifications as created by the Health and Human Services Office of Information Security (OIS).
- NICCS - A taxonomy and common lexicon to describe cybersecurity work, and workers, regardless of where, or for whom, the work is performed.
Risk Management Framework Overview
- Carbon Black - Security and privacy controls for Federal information systems and organizations mapping for Carbon Black.
- Concurrency - Concurrency correlates Microsoft technologies to NIST CSF, RMF, ISO, and GDPR .
- ForeScout - RMF controls mapping for ForeScout CounterACT.
- RedSeal - RedSeal’s cybersecurity capabilities closely align with many of the controls in NIST 800-53r4.
- PNNL - Overview of the Risk Management Framework (RMF) codified in NIST Special Publication (SP) 800-37r1 for the Federal Energy Management Program (FEMP).
- OpenShift - RedHat's OpenShift security control satisfaction per capability and tenant relationship.
- SIMP - Onyx Point's System Integrity Management Platform (SIMP) security controls satisfaction per capability.
- VMWare - VMWare compliance kit mapping control satisfaction by configuration hardening and applicability.