CIS Controls v8 Mapping to NYDFS Part 500

This document contains mappings of the CIS Controls and Safeguards to the New York Department of Financial Services 23 NYCRR Part 500. The methodology used to create the mapping can be useful to anyone attempting to understand the relationships between the CIS Controls and NYDFS Part 500 The overall goal for CIS mappings is to be as specific as possible, leaning towards under-mapping versus over-mapping. The general strategy used is to identify all of the aspects within a Control and attempt to discern if both items state exactly the same thing.