Framework Mapping
Visualize how compliance frameworks overlap through NIST 800-53 control mappings — cross-framework relationships across SOC 2, ISO 27001, NIST 800-53, NIST 800-171, CMMC, HIPAA and PCI DSS.
Overlap Matrix
Shared NIST SP 800-53 Rev 5 controls between the most-requested compliance frameworks. Each value is the number of NIST 800-53 controls both frameworks map to, the overlap you can satisfy once and evidence for multiple audits.
| View through NIST 800-53 | SOC 2 | ISO 27001 | CMMC | HITRUST | PCI DSS | HIPAA |
|---|---|---|---|---|---|---|
| SOC 2 | 361 | 52 | 120 | 33 | 218 | 96 |
| ISO 27001 | 52 | 53 | 16 | 77 | 50 | 33 |
| CMMC | 120 | 16 | 191 | 69 | 130 | 44 |
| HITRUST | 33 | 77 | 69 | 93 | 78 | 37 |
| PCI DSS | 218 | 50 | 130 | 78 | 316 | 83 |
| HIPAA | 96 | 33 | 44 | 37 | 83 | 109 |
Click any cell to see the specific shared NIST 800-53 controls. Diagonal cells show total unique NIST controls mapped per framework.
Representative Control Mappings
A sample of how individual framework controls map to NIST SP 800-53 Rev 5. The full set spans 3,724 cross-mappings across 19 frameworks, explorable in the interactive matrix, framework explorer and control search below.
| Framework | Control | Maps to NIST 800-53 |
|---|---|---|
| SOC 2 Type II | A1.1 | CP-2(2)SC-5SC-5(1)SC-5(2)SC-5(3)SC-6 |
| SOC 2 Type II | A1.1-POF1 | SC-5SC-5(3) |
| ISO/IEC 27001:2022 | 10.1 | CA-7CA-7(1)PM-1PM-14 |
| ISO/IEC 27001:2022 | 4.1 | PL-1PM-8 |
| CMMC Level 2 | AC.L1-3.1.1 | AC-3AC-6SR-3(3) |
| CMMC Level 2 | AC.L1-3.1.2 | AC-2 |
| HITRUST CSF v11 | 08.j | MA-2MA-3MA-5MA-6 |
| HITRUST CSF v11 | HITRUST-01.a | PL-1PL-2 |
| PCI DSS v4.0.1 | 1.1.2 | PL-9PM-13PM-2PM-29PM-6PS-9 |
| PCI DSS v4.0.1 | 1.2.10 | AC-4(21) |
| HIPAA Security Rule | 164.302 | PL-1PM-8 |
| HIPAA Security Rule | 164.306(a) | PM-1 |
| NIST CSF 2.0 | DE.AE-02 | IR-4IR-4(3) |
| NIST CSF 2.0 | DE.AE-04 | IR-4IR-4(3) |
| NIST SP 800-171 Rev 2 | 3.1.1 | AC-2(1)AC-2(7)AC-3AC-6SR-3(3) |
| NIST SP 800-171 Rev 2 | 3.1.10 | AC-11AC-11(1)AC-2(5) |
Framework Explorer & Control Search
Select any combination of 19 frameworks, switch the reference lens between NIST 800-53, ISO 27001, PCI DSS and more, drill into family-level breakdowns, and search across every mapped control. The interactive tools load momentarily.