Authoritative mappings between the major governance standards — overlap analysis, key differences, required evidence artifacts, and control-level crosswalk tables. Cited to primary framework texts.
Map ISO/IEC 27001:2022 Annex A controls to NIST Cybersecurity Framework 2.0 functions and categories, enabling organizations that operate under both f…
Map AICPA SOC 2 Trust Services Criteria to ISO/IEC 27001:2022 Annex A controls to enable organizations pursuing both attestations to create unified co…
Map NIST AI RMF 1.0 functions to EU AI Act 2024/1689 compliance requirements, enabling organizations with AI systems in both US and EU contexts to bui…
Clarify the relationship between FedRAMP as a federal cloud authorization program and NIST SP 800-53 Rev. 5 as the underlying control catalog, address…
Map GDPR data protection requirements to HIPAA Privacy and Security Rule obligations for healthcare organizations processing both EU personal data and…
Map ISO 13485:2016 quality management system requirements to FDA 21 CFR Part 820 Quality System Regulation, enabling medical device manufacturers to m…
Additional crosswalk mappings — COBIT ↔ ITIL, ISO 27001 ↔ PCI DSS, GDPR ↔ CCPA, ISO 13485 ↔ EU MDR — are in development. Contact the Institute for bespoke crosswalk analysis for specific framework combinations.
Request Custom Crosswalk →