Skip to content

    Framework Mapping

    Visualize how compliance frameworks overlap through NIST 800-53 control mappings — cross-framework relationships across SOC 2, ISO 27001, NIST 800-53, NIST 800-171, CMMC, HIPAA and PCI DSS.

    19
    Frameworks
    3,724
    Cross-Mappings
    3326
    Mapped Controls
    20
    NIST Families

    Overlap Matrix

    Shared NIST SP 800-53 Rev 5 controls between the most-requested compliance frameworks. Each value is the number of NIST 800-53 controls both frameworks map to, the overlap you can satisfy once and evidence for multiple audits.

    Pairwise NIST 800-53 control overlap between core compliance frameworks
    View through NIST 800-53SOC 2ISO 27001CMMCHITRUSTPCI DSSHIPAA
    SOC 2361521203321896
    ISO 27001525316775033
    CMMC120161916913044
    HITRUST337769937837
    PCI DSS218501307831683
    HIPAA9633443783109

    Click any cell to see the specific shared NIST 800-53 controls. Diagonal cells show total unique NIST controls mapped per framework.

    Representative Control Mappings

    A sample of how individual framework controls map to NIST SP 800-53 Rev 5. The full set spans 3,724 cross-mappings across 19 frameworks, explorable in the interactive matrix, framework explorer and control search below.

    Representative mappings from framework controls to NIST 800-53 controls
    FrameworkControlMaps to NIST 800-53
    SOC 2 Type IIA1.1CP-2(2)SC-5SC-5(1)SC-5(2)SC-5(3)SC-6
    SOC 2 Type IIA1.1-POF1SC-5SC-5(3)
    ISO/IEC 27001:202210.1CA-7CA-7(1)PM-1PM-14
    ISO/IEC 27001:20224.1PL-1PM-8
    CMMC Level 2AC.L1-3.1.1AC-3AC-6SR-3(3)
    CMMC Level 2AC.L1-3.1.2AC-2
    HITRUST CSF v1108.jMA-2MA-3MA-5MA-6
    HITRUST CSF v11HITRUST-01.aPL-1PL-2
    PCI DSS v4.0.11.1.2PL-9PM-13PM-2PM-29PM-6PS-9
    PCI DSS v4.0.11.2.10AC-4(21)
    HIPAA Security Rule164.302PL-1PM-8
    HIPAA Security Rule164.306(a)PM-1
    NIST CSF 2.0DE.AE-02IR-4IR-4(3)
    NIST CSF 2.0DE.AE-04IR-4IR-4(3)
    NIST SP 800-171 Rev 23.1.1AC-2(1)AC-2(7)AC-3AC-6SR-3(3)
    NIST SP 800-171 Rev 23.1.10AC-11AC-11(1)AC-2(5)

    Framework Explorer & Control Search

    Select any combination of 19 frameworks, switch the reference lens between NIST 800-53, ISO 27001, PCI DSS and more, drill into family-level breakdowns, and search across every mapped control. The interactive tools load momentarily.