Name: Security Compliance Framework Reference
Author: ghostlabs-ai

Security Compliance Framework Reference

Provides comprehensive security compliance framework reference mappings across NIST CSF, SOC 2, CIS Controls v8, ISO 27001, PCI DSS, and HIPAA. Use when someone needs to map security findings to frameworks, build incident response playbooks, understand CIS implementation groups, reference NIST CSF categories, or plan compliance remediation. Includes full NIST CSF subcategory listings, CIS Controls v8 with IG1-IG3 tiers, and incident response playbooks for P0-P3 severity levels.

ghostlabs-ai0 스타2026. 4. 9.

직업
카테고리: 보안

Comprehensive reference for mapping security findings to compliance frameworks.

NIST Cybersecurity Framework (CSF)

Identify (ID)

ID.AM: Asset Management — inventory hardware, software, data flows
ID.BE: Business Environment — role in supply chain, critical infrastructure
ID.GV: Governance — policies, legal/regulatory requirements, risk strategy
ID.RA: Risk Assessment — threat identification, vulnerability analysis, risk determination
ID.RM: Risk Management Strategy — risk tolerance, organizational processes
ID.SC: Supply Chain Risk Management — supplier agreements, assessment, planning

Protect (PR)

PR.AC: Identity Management and Access Control — credentials, remote access, permissions
PR.AT: Awareness and Training — security awareness, privileged user training
: Data Security — at-rest/in-transit protection, asset management, integrity checking

Comprehensive reference for mapping security findings to compliance frameworks.

NIST Cybersecurity Framework (CSF)

Identify (ID)

ID.AM: Asset Management — inventory hardware, software, data flows
ID.BE: Business Environment — role in supply chain, critical infrastructure
ID.GV: Governance — policies, legal/regulatory requirements, risk strategy
ID.RA: Risk Assessment — threat identification, vulnerability analysis, risk determination
ID.RM: Risk Management Strategy — risk tolerance, organizational processes
ID.SC: Supply Chain Risk Management — supplier agreements, assessment, planning

Protect (PR)

PR.AC: Identity Management and Access Control — credentials, remote access, permissions
PR.AT: Awareness and Training — security awareness, privileged user training
: Data Security — at-rest/in-transit protection, asset management, integrity checking

#	Control	IG1	IG2	IG3
1	Inventory and Control of Enterprise Assets	X	X	X
2	Inventory and Control of Software Assets	X	X	X
3	Data Protection	X	X	X
4	Secure Configuration	X	X	X
5	Account Management	X	X	X
6	Access Control Management	X	X	X
7	Continuous Vulnerability Management		X	X
8	Audit Log Management		X	X
9	Email and Web Browser Protections		X	X
10	Malware Defenses		X	X
11	Data Recovery	X	X	X
12	Network Infrastructure Management		X	X
13	Network Monitoring and Defense			X
14	Security Awareness and Skills Training	X	X	X
15	Service Provider Management		X	X
16	Application Software Security			X
17	Incident Response Management		X	X
18	Penetration Testing			X

Security Compliance Framework Reference

NIST Cybersecurity Framework (CSF)

Identify (ID)

Protect (PR)

Security Compliance Framework Reference

NIST Cybersecurity Framework (CSF)

Identify (ID)

Protect (PR)

Detect (DE)

Respond (RS)

Recover (RC)

CIS Controls v8 (Top 18)

Incident Response Playbooks

P0 — Critical (Active Compromise)

P1 — High (Imminent Threat)

P2 — Medium (Vulnerability Discovered)

P3 — Low (Informational)

1password

Springboot Security

Security Review

Laravel Security

Security Review

Django Security