Skip to main content

Framework Mapping

Cybersecurity Framework Mapping

A mapping exercise connecting control requirements across ISO 27001, NIST CSF, and CIS Controls.

Organization
Cybersecurity Internship Portfolio
Duration
2 weeks
Project Type
Framework Mapping
ISO 27001NIST CSFCIS Controls

Business Context

Why the work mattered

Organizations often use multiple frameworks for different audiences. This project created a crosswalk to reduce duplication and help stakeholders understand overlapping control expectations.

Objectives

Engagement goals

Map common control themes across frameworks.

Identify overlaps and gaps.

Document practical evidence examples.

Support future compliance planning.

Methodology

Structured process

The methodology explains how the work moved from context gathering to documented recommendations.

  1. Step 1

    Control Theme Grouping

    Make framework comparison easier to manage.

    Grouped requirements by governance, access, incident response, awareness, and continuity themes.

  2. Step 2

    Crosswalk

    Identify aligned requirements and unique expectations.

    Mapped framework references and noted where evidence could satisfy multiple expectations.

  3. Step 3

    Evidence Examples

    Translate framework language into practical artifacts.

    Documented examples such as policies, logs, risk registers, reviews, and training records.

Deliverables

Artifacts produced

Compliance

Framework Crosswalk

Mapping table connecting control themes across common cybersecurity frameworks.

Reduces duplicated effort and improves audit preparation.

Skills Demonstrated

Professional competencies

Framework MappingControl InterpretationDocumentation

Outcomes

Project impact

  • Framework similarities and differences became easier to communicate.
  • Evidence planning improved through reusable control themes.

Lessons Learned

Professional growth

Framework mapping is most valuable when it supports practical evidence and ownership decisions.

Related Projects

Continue exploring

Governance

Governance Policy Development

A structured policy development engagement aligning security expectations with business objectives and recognized frameworks.

ISO 27001NIST CSFCIS Controls
Policy DevelopmentControl MappingTechnical Writing
View case study

Internal Audit

Internal Cybersecurity Audit

An internal assessment that reviewed security controls, documented gaps, and produced a prioritized remediation roadmap.

NIST CSFCIS ControlsISO 27001
Internal AuditGap AnalysisRisk Reporting
View case study

Risk Management

Enterprise Risk Assessment

A risk assessment project documenting assets, threats, likelihood, impact, and treatment options for management review.

CIS RAMNIST CSFISO 27001
Risk AssessmentRisk RegisterBusiness Impact Analysis
View case study

Discuss GRC opportunities

Contact Osen after reviewing this project or download the resume for a concise overview.