{ "_meta": { "name": "CyberPulse Crosswalk", "version": "1.0.0", "last_updated": "2025-09-14", "maintainer": "compliance@cyberpulsesolutions.com", "note": "Mappings used by the CyberPulse Compliance n8n node." }, "mfa": { "ISO 27001": [ { "framework": "ISO 27001", "clause": "A.5.17", "title": "Authentication information" } ], "SOC 2": [ { "framework": "SOC 2", "clause": "CC6.1", "title": "Logical access controls" } ], "NIST CSF": [ { "framework": "NIST CSF", "clause": "PR.AC-1", "title": "Identities managed" } ], "PCI DSS": [ { "framework": "PCI DSS", "clause": "8.4", "title": "Multi-factor authentication" } ], "Essential Eight": [ { "framework": "Essential Eight", "clause": "AC", "title": "Access control (maturity)" } ], "GDPR": [ { "framework": "GDPR", "clause": "Art. 32", "title": "Security of processing (access control)" } ] }, "encryption": { "ISO 27001": [ { "framework": "ISO 27001", "clause": "A.8.24", "title": "Cryptography" } ], "SOC 2": [ { "framework": "SOC 2", "clause": "CC6.7", "title": "Encryption protections" } ], "NIST CSF": [ { "framework": "NIST CSF", "clause": "PR.DS-1", "title": "Data-at-rest protected" } ], "PCI DSS": [ { "framework": "PCI DSS", "clause": "3.5", "title": "Protect stored account data" } ], "Essential Eight": [ { "framework": "Essential Eight", "clause": "DM", "title": "Data protection (maturity)" } ], "GDPR": [ { "framework": "GDPR", "clause": "Art. 32", "title": "Security of processing (encryption)" } ] }, "logging": { "ISO 27001": [ { "framework": "ISO 27001", "clause": "A.8.15", "title": "Logging" } ], "SOC 2": [ { "framework": "SOC 2", "clause": "CC7.2", "title": "Monitor and detect" } ], "NIST CSF": [ { "framework": "NIST CSF", "clause": "DE.CM-1", "title": "Monitoring for anomalies" } ], "PCI DSS": [ { "framework": "PCI DSS", "clause": "10.2", "title": "Log and monitor all access" } ], "Essential Eight": [ { "framework": "Essential Eight", "clause": "LM", "title": "Logging & monitoring (maturity)" } ], "GDPR": [ { "framework": "GDPR", "clause": "Art. 5(1)(f)", "title": "Integrity and confidentiality" } ] }, "backups": { "ISO 27001": [ { "framework": "ISO 27001", "clause": "A.8.13", "title": "Backup" } ], "SOC 2": [ { "framework": "SOC 2", "clause": "CC7.3", "title": "Resilience and recovery" } ], "NIST CSF": [ { "framework": "NIST CSF", "clause": "PR.IP-4", "title": "Backups maintained and tested" } ], "PCI DSS": [ { "framework": "PCI DSS", "clause": "12.10.4", "title": "Incident response incl. recovery" } ], "Essential Eight": [ { "framework": "Essential Eight", "clause": "DR", "title": "Backups & recovery (maturity)" } ], "GDPR": [ { "framework": "GDPR", "clause": "Art. 32", "title": "Availability and resilience" } ] }, "patching": { "ISO 27001": [ { "framework": "ISO 27001", "clause": "A.8.8", "title": "Technical vulnerabilities" } ], "SOC 2": [ { "framework": "SOC 2", "clause": "CC7.1", "title": "Identify & mitigate vulnerabilities" } ], "NIST CSF": [ { "framework": "NIST CSF", "clause": "PR.IP-12", "title": "Vulnerability management" } ], "PCI DSS": [ { "framework": "PCI DSS", "clause": "6.3", "title": "Security patches" } ], "Essential Eight": [ { "framework": "Essential Eight", "clause": "PA", "title": "Patch apps/OS (maturity)" } ], "GDPR": [ { "framework": "GDPR", "clause": "Art. 25", "title": "Data protection by design/default" } ] }, "access_reviews": { "ISO 27001": [ { "framework": "ISO 27001", "clause": "A.5.18", "title": "Access rights" } ], "SOC 2": [ { "framework": "SOC 2", "clause": "CC6.3", "title": "Provisioning and reviews" } ], "NIST CSF": [ { "framework": "NIST CSF", "clause": "PR.AC-4", "title": "Permissions managed" } ], "PCI DSS": [ { "framework": "PCI DSS", "clause": "7.2", "title": "Access by business need" } ], "Essential Eight": [ { "framework": "Essential Eight", "clause": "AC", "title": "Least privilege (maturity)" } ], "GDPR": [ { "framework": "GDPR", "clause": "Art. 5(1)(c)", "title": "Data minimisation" } ] } }