Skip to main content
Case studyFortune 100: 80% less compliance workRead the Story
RiskWatch
Free interactive tool

The interactive framework crosswalk

A free interactive crosswalk across NIST CSF 2.0, NIST SP 800-53, ISO 27001, SOC 2, and NIST 800-171. Pick a control and see its official equivalents, with the honest relationship type and a source link. No invented mappings.

Open the crosswalkSee the platform

Interactive crosswalk

Search a control, see its official equivalents

Pick a framework, search for a control by id or title, then select it to see the mapped controls across the other frameworks. Each result carries its honest relationship type and a link to the official source. Where no official mapping exists, the tool says so plainly.

Find a control

Loading controls

    Select a control to see its equivalents

    Search by control id or title on the left, then choose a control. Its mapped equivalents across the other frameworks, with the honest relationship type and the official source, appear here.

    Accuracy and sources

    No invented mappings, ever

    Framework crosswalks are only useful if you can trust them. This tool only shows control mappings that come from an official, authoritative crosswalk, and every mapping carries a link back to that source. We do not source from blogs, vendor marketing, or model output, and we never invent or infer a mapping to fill a gap. Where the standards bodies have not published a mapping, the tool says “no official mapping published” rather than guess.

    A mapping is indicative, not equivalence. We keep the honest relationship type, so an equivalent control is not confused with a merely related one, and a subset is not presented as a full match. An auditor still tests each framework on its own terms.

    NIST CPRT / OLIR machine-readable mappings

    The NIST Cybersecurity and Privacy Reference Tool and the Online Informative References program publish the machine-readable mappings between NIST frameworks and external standards.

    View source

    NIST SP 800-53 Rev 5 and SP 800-171 supplemental mappings

    The 800-53 Rev 5 control catalog and the 800-171 supplemental mapping files provide the authoritative control-to-control relationships for federal control sets and CMMC.

    View source

    AICPA Trust Services Criteria mappings

    The AICPA publishes the official mappings between the SOC 2 Trust Services Criteria and other frameworks, including the points of focus that scope each criterion.

    View source

    Related resources

    What is GRCThe GRC framework hub: governance, risk, and compliance in one operating model.Compliance frameworksThe frameworks RiskWatch supports, from ISO 27001 and SOC 2 to HIPAA and NIST.NIST CSF to ISO 27001 crosswalkThe gated single-pair download mapping NIST CSF 2.0 to ISO/IEC 27001:2022 Annex A.SOC 2 / ISO 27001 / HIPAA crossmapThe gated three-framework crossmap for teams that answer to all three at once.
    FAQ

    Frequently asked questions

    Ready to operationalize it?

    Map your controls once, report to every framework

    Start a free trial and the supported control libraries load into your workspace, so you can assess once, reuse evidence across frameworks, and report from a single source of truth.

    Start free trialBook a demo

    No credit card required · 30-day free trial · Cancel anytime

    Request a Demo