Cisco Security Portfolio Mapping to NIST CSF 2.0 Solution Guide
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) was initially developed to provide organizations with a comprehensive, yet flexible, approach to managing and mitigating cybersecurity risks. It serves as a foundational guide for improving cybersecurity practices, offering a structured framework that is both cost-effective and adaptable to various industries and organization sizes. The NIST CSF is built around five core functions: IDENTIFY, PROTECT, DETECT, RESPOND, and RECOVER, which together create a holistic view of an organization’s cybersecurity posture.
Updated in February 2024, NIST CSF 2.0 has been updated to reflect the evolving cybersecurity landscape. This latest version retains the core principles of the original framework while incorporating new insights and addressing emerging threats and technologies, including increased emphasis on supply chain risk management and the integration of cybersecurity with broader enterprise risk management. It aims to foster communication across organizations and sectors, making it applicable to businesses of all sizes and types.
This Solution Guide provides a detailed mapping of the Cisco Security portfolio to NIST CSF 2.0, showcasing how Cisco’s security solutions align with the framework’s core functions. By utilizing this guide, organizations can enhance their cybersecurity posture and streamline risk management, ensuring alignment with industry best practices.
Figure 1: “Cisco Capability mapping to NIST CSF 2.0” shows the alignment of the Cisco Security portfolio with the NIST CSF 2.0 framework. This table serves as a valuable resource for understanding how Cisco’s security solutions support each function and category of the framework, enabling organizations to strategically integrate these capabilities into their cybersecurity strategies for enhanced risk management and compliance.
This Solutions Guide takes an additional step by mapping the categories of NIST CSF 2.0 to other significant frameworks utilized in both the United States and Europe, including NIST 800-53, CIS Controls v8, ISO 27001:2022, CMMC 2.0, and the MITRE ATT&CK as well as the EU DORA and NIS2. This enables you to cross-reference and align the Cisco Security portfolio with these frameworks, facilitating a comprehensive understanding and application across different regulatory and security standards.
Referencing Figure 1: Cisco Capability mapping to NIST CSF 2.0 in this section and the sections below will allow you to see where the other frameworks match NIST CSF 2.0. This provides a direct mapping of the Cisco Security portfolio.
Cisco Capability mapping to NIST CSF 2.0
Below, you will find a list of these key frameworks, accompanied by a brief description and a link for further exploration:
NIST 800-53: This is a set of guidelines published by the NIST to provide a comprehensive catalog of security and privacy controls for federal information systems and organizations, aiming to protect organizational operations, assets, individuals, and the nation.
CIS Controls v8: The Center for Internet Security (CIS) Controls v8 is a prioritized set of best practices created to help organizations strengthen their cybersecurity posture. It provides specific, actionable ways to stop today’s most pervasive and dangerous attacks.
ISO 27001: ISO 27001 is an international standard that outlines the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) to manage the security of assets such as financial information, intellectual property, employee details, or information entrusted by third parties.
CMMC: The Cybersecurity Maturity Model Certification (CMMC) is a framework designed by the U.S. Department of Defense to ensure that contractors have the necessary cybersecurity practices and processes in place to protect sensitive information, particularly within the defense industrial base.
MITRE ATT&CK: The MITRE ATT&CK framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations, used to help organizations understand, detect, and respond to cyber threats.
DORA: The Digital Operational Resilience Act (DORA) is a regulation by the European Union aimed at strengthening the IT security and operational resilience of financial institutions and service providers within the EU, ensuring they can withstand, respond to, and recover from all types of ICT-related disruptions and threats.
NIS2: The Network and Information Security Directive 2 (NIS2) is an EU directive aimed at enhancing the cybersecurity posture across the union by establishing measures for a high common level of cybersecurity for network and information systems across member states.
This is a substantial mapping exercise that follows the methodology outlined in NIST Internal Report (IR) 8477 “Mapping Relationships Between Documentary Standards, Regulations, Frameworks, and Guidelines”. NIST IR 8477 describes the NIST’s approach to mapping the elements of documentary standards, regulations, frameworks, and guidelines to a particular NIST publication (NIST CSF 2.0 in this instance).
Mapping NIST CSF 2.0 IDENTIFY to Other Frameworks
Below, you will find how NIST CSF 2.0 IDENTIFY categories – ID.AM (Asset Management), ID.RA (Risk Assessment), and ID.IM (Information Management) – correspond to specific categories or controls in the frameworks mentioned.
Note: The mappings are based on conceptual alignment between the frameworks as per NIST IR 8477 methodology.
| Cybersecurity Framework |
ID.AM (Asset Management) Alignment |
| NIST 800-53 Rev 5 |
CM-8, PM-5, CA-9, CM-2, CM-9 |
| CIS Controls v8 |
Control 1, Control 2 |
| ISO 27001:2022 |
5.9, 5.10, 5.11, 8.1 |
| CMMC 2.0 |
AC.L1-3.1.20, CM.L2-3.4.1, CM.L2-3.4.2, CM.L2-3.4.3 |
| MITRE ATT&CK |
TA0001, TA0007 |
| DORA |
Article 6, Article 11, Article 28 |
| NIS2 |
Article 21, Annex I - Section 2(a) |
| Cybersecurity Framework |
ID.RA (Risk Assessment) Alignment |
| NIST 800-53 Rev 5 |
RA-1, RA-2, RA-3, RA-5, PM-15, PM-16 |
| CIS Controls v8 |
Control 4, Control 7, Control 10, Control 13 |
| ISO 27001:2022 |
6.1, 6.1.2, 6.1.3, 8.7, 8.8 |
| CMMC 2.0 |
RM.L1-3.11.1, RM.L2-3.11.2, RM.L2-3.11.3 |
| MITRE ATT&CK |
TA0043, TA0042, TA0001 |
| DORA |
Article 6, Article 7, Article 8, Article 13 |
| NIS2 |
Article 21, Annex I - Section 2(b), Annex I - Section 2(c), Annex I - Section 2(d) |
| Cybersecurity Framework |
ID.IM (Improvement) Alignment |
| NIST 800-53 Rev 5 |
CA-1, CA-2, CA-5, CA-7, PM-6 |
| CIS Controls v8 |
Control 8, Control 17, Control 18 |
| ISO 27001:2022 |
9.1, 9.2, 9.3, 10.1, 10.2 |
| CMMC 2.0 |
CA.L2-3.12.1, CA.L2-3.12.2, CA.L2-3.12.3, CA.L2-3.12.4 |
| DORA |
Article 6(6), Article 29, Article 30 |
| NIS2 |
Article 21(2), Annex I - Section 2(f), Annex I - Section 2(g) |
Mapping NIST CSF 2.0 PROTECT to Other Frameworks
Right, you will find how NIST CSF 2.0 PROTECT – PR.AA (Identity Management, Authentication, and Access Control), PR.AT (Awareness and Training), PR.DS (Data Security), PR.PS (Protective Technology), and PR.IR (Technology Infrastructure Resilience) – correspond to specific categories or controls in the mentioned frameworks.
Note: The mappings are based on conceptual alignment between the frameworks as per NIST IR 8477 methodology.
| Cybersecurity Framework |
PR.AA (Identity Management, Authentication, and Access Control) Alignment |
| NIST 800-53 Rev 5 |
AC-1, AC-2, AC-3, AC-6, AC-17, IA-2, IA-4, IA-5, PE-2, PE-3 |
| CIS Controls v8 |
Control 5, Control 6, Control 12 |
| ISO 27001:2022 |
5.15, 5.16, 5.17, 5.18, 8.2, 8.3, 8.4 |
| CMMC 2.0 |
AC.L1-3.1.1, AC.L1-3.1.2, AC.L2-3.1.3, AC.L2-3.1.4, AC.L2-3.1.5, IA.L2-3.5.1, IA.L2-3.5.2, IA.L2-3.5.3, PE.L2-3.10.1 |
| MITRE ATT&CK |
TA0001, TA0006, TA0004, TA0005, TA0008 |
| DORA |
Article 16, Article 18, Article 20 |
| NIS2 |
Article 21, Annex I - Section 2(a), Annex I - Section 2(e) |
| Cybersecurity Framework |
PR.AT (Awareness and Training) Alignment |
| NIST 800-53 Rev 5 |
AT-1, AT-2, AT-3, AT-4, PM-13 |
| CIS Controls v8 |
Control 14 |
| ISO 27001:2022 |
7.2, 7.3,8.5 |
| CMMC 2.0 |
AT.L1-3.2.1, AT.L2-3.2.2, AT.L2-3.2.3 |
| DORA |
Article 13(3), Article 16(2) |
| NIS2 |
Article 21(2)(d), Annex I - Section 2(g) |
| Cybersecurity Framework |
PR.DS (Data Security) Alignment |
| NIST 800-53 Rev 5 |
MP-2, MP-4, MP-5, MP-6, SC-8, SC-12, SC-13, SC-28, SI-7 |
| CIS Controls v8 |
Control 3, Control 11, Control 16 |
| ISO 27001:2022 |
5.12, 5.13, 5.14, 8.9, 8.10, 8.11, 8.24 |
| CMMC 2.0 |
MP.L1-3.8.1, MP.L1-3.8.2, MP.L2-3.8.4, MP.L2-3.8.5, MP.L2-3.8.6, MP.L2-3.8.7, MP.L2-3.8.8, SC.L1-3.13.1, SC.L1-3.13.5, SC.L2-3.13.8, SC.L2-3.13.11 |
| MITRE ATT&CK |
TA0009, TA0010, TA0040 |
| DORA |
Article 11, Article 16, Article 17 |
| NIS2 |
Article 21, Annex I - Section 2(a), Annex I - Section 2(c) |
| Cybersecurity Framework |
PR.PS (Protective Security) Alignment |
| NIST 800-53 Rev 5 |
CM-3, CM-5, CM-7, CM-10, CM-11, SA-3, SA-8, SA-10, SA-11, SA-15 |
| CIS Controls v8 |
Control 2, Control 4, Control 16 |
| ISO 27001:2022 |
8.9, 8.25, 8.26, 8.27, 8.28, 8.29, 8.30, 8.31 |
| CMMC 2.0 |
CM.L2-3.4.5, CM.L2-3.4.6, CM.L2-3.4.7, CM.L2-3.4.8, CM.L2-3.4.9 |
| MITRE ATT&CK |
TA0005, TA0003, TA0002 |
| DORA |
Article 16, Article 19, Article 22 |
| NIS2 |
Article 21, Annex I - Section 2(e) |
| Cybersecurity Framework |
PR.IR (Technology Infrastructure Resilience) Alignment |
| NIST 800-53 Rev 5 |
CP-2, CP-7, CP-8, CP-9, CP-10, PE-9, PE-10, PE-11, PE-13, PE-14, PE-15, SC-5, SC-6 |
| CIS Controls v8 |
Control 11, Control 12, Control 13 |
| ISO 27001:2022 |
8.4, 8.10, 8.11, 8.12, 8.16, 8.17, 8.22 |
| CMMC 2.0 |
CP.L2-3.8.5, CP.L2-3.8.6, CP.L2-3.8.7, CP.L2-3.8.8, CP.L2-3.8.9, PE.L2-3.10.2, PE.L2-3.10.3, PE.L2-3.10.4, PE.L2-3.10.6 |
| MITRE ATT&CK |
TA0040, TA0011 |
| DORA |
Article 11, Article 17, Article 28 |
| NIS2 |
Article 21, Annex I - Section 2(c), Annex I - Section 2(e) |
Mapping NIST CSF 2.0 DETECT to Other Frameworks
Below, you will find how NIST CSF 2.0 DETECT categories – DE.CM (Security Continuous Monitoring) and DE.AE (Anomalies and Events) – correspond to specific categories or controls in the mentioned frameworks.
Note: The mappings are based on conceptual alignment between the frameworks as per NIST IR 8477 methodology.
| Cybersecurity Framework |
DE.CM (Security Continuous Monitoring) Alignment |
| NIST 800-53 Rev 5 |
AU-2, AU-6, AU-12, CA-7, CM-3, CM-6, RA-5, SC-5, |
| CIS Controls v8 |
Control 7, Control 8, Control 9, Control 10, Control 13 |
| ISO 27001:2022 |
8.12, 8.13, 8.14, 8.15, 8.16, 8.17, 8.22, 8.23 |
| CMMC 2.0 |
AU.L2-3.3.1, AU.L2-3.3.2, AU.L2-3.3.3, AU.L2-3.3.4, AU.L2-3.3.5, AU.L2-3.3.6, AU.L2-3.3.7, CA.L2-3.12.1, CA.L2-3.12.3, SI.L2-3.14.6, SI.L2-3.14.7 |
| MITRE ATT&CK |
TA0011, TA0008, TA0010, TA0009 |
| DORA |
Article 13, Article 16, Article 19, Article 21 |
| NIS2 |
Article 21, Annex I - Section 2(a), Annex I - Section 2(b), Annex I - Section 2(f) |
| Cybersecurity Framework |
DE.AE (Anomalies and Events) Alignment |
| NIST 800-53 Rev 5 |
AU-6, CA-7, IR-4, IR-5, IR-8, SI-4, SI-12 |
| CIS Controls v8 |
Control 8, Control 13, Control 17 |
| ISO 27001:2022 |
8.12, 8.13, 8.16, 8.17, 8.18, 8.19, 8.20, 8.21 |
| CMMC 2.0 |
AU.L2-3.3.4, AU.L2-3.3.5, IR.L2-3.6.1, IR.L2-3.6.2, IR.L2-3.6.3, SI.L2-3.14.3, SI.L2-3.14.4, SI.L2-3.14.6 |
| MITRE ATT&CK |
TA0005, TA0003, TA0004, TA0040 |
| DORA |
Article 13, Article 16, Article 19, Article 21, Article 22 |
| NIS2 |
Article 21, Annex I - Section 2(a), Annex I - Section 2(b), Annex I - Section 2(f) |
Mapping NIST CSF 2.0 RESPOND to Other Frameworks
Below, you will find how NIST CSF 2.0 RESPOND categories – RS.MA (Incident Response Management), RS.AN (Incident Analysis), RS.CO (Communications), and RS.MI (Mitigation) – correspond to specific categories or controls in the mentioned frameworks.
Note: The mappings are based on conceptual alignment between the frameworks as per NIST IR 8477 methodology.
| Cybersecurity Framework |
RS.MA (Incident Response Management) Alignment |
| NIST 800-53 Rev 5 |
IR-3, IR-4, IR-8, IR-9, PM-15 |
| CIS Controls v8 |
Control 17 |
| ISO 27001:2022 |
8.18, 8.19, 8.20, 8.21, 8.36 |
| CMMC 2.0 |
IR.L2-3.6.1, IR.L2-3.6.2, IR.L2-3.6.3 |
| DORA |
Article 19, Article 20, Article 21 |
| NIS2 |
Article 21, Article 23, Annex I - Section 2(b) |
| Cybersecurity Framework |
RS.AN (Incident Analysis) Alignment |
| NIST 800-53 Rev 5 |
AU-6, CP-2, IR-4, IR-5, RA-3, SI-4, SI-5 |
| CIS Controls v8 |
Control 8, Control 13, Control 17 |
| ISO 27001:2022 |
8.12, 8.13, 8.18, 8.19, 8.20, 8.36 |
| CMMC 2.0 |
AU.L2-3.3.4, AU.L2-3.3.5, IR.L2-3.6.1, IR.L2-3.6.2 |
| MITRE ATT&CK |
TA0001, TA0002, TA0003, TA0004, TA0005 |
| DORA |
Article 13, Article 19, Article 20 |
| NIS2 |
Article 21, Article 23, Annex I - Section 2(b) |
| Cybersecurity Framework |
RS.CO (Communications) Alignment |
| NIST 800-53 Rev 5 |
CP-2, CP-3, IR-4, IR-6, IR-8, IR-10 |
| CIS Controls v8 |
Control 17 |
| ISO 27001:2022 |
8.18, 8.19, 8.20, 8.21, 8.36, 8.37 |
| CMMC 2.0 |
IR.L2-3.6.1, IR.L2-3.6.2, IR.L2-3.6.3 |
| DORA |
Article 19, Article 20, Article 24, Article 25 |
| NIS2 |
Article 23, Article 24, Annex I - Section 2(b) |
| Cybersecurity Framework |
RS.MI (Mitigation) Alignment |
| NIST 800-53 Rev 5 |
IR-4, IR-5, IR-9, SC-7, SI-3, SI-4, SI-7 |
| CIS Controls v8 |
Control 10, Control 13, Control 17 |
| ISO 27001:2022 |
8.16, 8.18, 8.20, 8.21, 8.22, 8.23 |
| CMMC 2.0 |
IR.L2-3.6.1, IR.L2-3.6.2, SI.L2-3.14.1, SI.L2-3.14.2, SI.L2-3.14.5 |
| MITRE ATT&CK |
TA0011, TA0010, TA0040, TA0008 |
| DORA |
Article 13, Article 19, Article 20, Article 21 |
| NIS2 |
Article 21, Annex I - Section 2(b), Annex I - Section 2(d) |
Mapping NIST CSF 2.0 RECOVER to Other Frameworks
Below, you will find how NIST CSF 2.0 RECOVER categories – RC.RP (Incident Recovery Plan Execution) and RC.CO (Incident Recovery Communication) – correspond to specific categories or controls in the mentioned frameworks.
Note: The mappings are based on conceptual alignment between the frameworks as per NIST IR 8477 methodology.
| Cybersecurity Framework |
RC.RP (Incident Recovery Plan Execution) Alignment |
| NIST 800-53 Rev 5 |
CP-2, CP-4, CP-6, CP-7, CP-8, CP-9, CP-10, IR-4, IR-8, SA-8 |
| CIS Controls v8 |
Control 11, Control 17 |
| ISO 27001:2022 |
8.21, 8.32, 8.33, 8.34, 8.35, 8.36 |
| CMMC 2.0 |
CP.L2-3.8.5, CP.L2-3.8.9, IR.L2-3.6.1, IR.L2-3.6.3 |
| DORA |
Article 11, Article 12, Article 14, Article 19, Article 21, Article 26 |
| NIS2 |
Article 21, Annex I - Section 2(b), Annex I - Section 2(c) |
| Cybersecurity Framework |
RC.CO (Incident Recovery Communication) Alignment |
| NIST 800-53 Rev 5 |
CP-2, CP-3, IR-4, IR-6, IR-8, PM-15 |
| CIS Controls v8 |
Control 17 |
| ISO 27001:2022 |
8.21, 8.35, 8.36, 8.37, 5.2, 5.3 |
| CMMC 2.0 |
IR.L2-3.6.1, IR.L2-3.6.2, IR.L2-3.6.3 |
| DORA |
Article 14, Article 19, Article 20, Article 24, Article 25, Article 26 |
| NIS2 |
Article 23, Article 24, Annex I - Section 2(b), Annex I - Section 2(c) |
As noted above, this Solution Guide offers an in-depth mapping of Cisco’s Security portfolio to the NIST CSF 2.0, illustrating how Cisco’s offerings can assist organizations in aligning with this framework. By leveraging Cisco’s capabilities, businesses can bolster their cybersecurity posture, optimize risk management, and adhere to industry best practices.
Additionally, the Guide maps NIST CSF 2.0 to various well-known and utilized frameworks. This comprehensive approach helps organizations gain a holistic view of their security status across diverse regulatory and security standards.
To fully leverage the insights provided, we encourage you to conduct a thorough assessment of your current cybersecurity strategies and identify areas where Cisco’s solutions can be effectively integrated. Utilize the mappings to align your security posture with NIST CSF 2.0 and other relevant frameworks.
Engage with Cisco’s experts to explore tailored security solutions that meet your specific needs and ensure protection in the digital age.
Together, let’s build a secure and resilient future.
This cross-referencing empowers organizations to strategically address cybersecurity challenges on a global scale, enhancing resilience and adaptability in the face of emerging threats.