CIS Mapping
M365 CIS Benchmark Mapping to Other Directives
Comprehensive mapping of CIS Microsoft 365 Benchmark controls to various security standards and compliance frameworks. These mappings cover not only Microsoft 365 configurations but also people management, physical infrastructure, and other organizational controls.
| Directive | All Directive Controls | Mapped to CIS M365 | Mapped to CIS M365 (%) | All CIS M365 Controls | CIS M365 Mapped to Directive | CIS M365 Mapped to Directive (%) |
|---|---|---|---|---|---|---|
| HIPAA | 75 | 32 | 42.67% | 141 | 51 | 36.17% |
| ISO/IEC 27001:2022 | 232 | 29 | 12.50% | 141 | 100 | 70.92% |
| MCSB | 169 | 27 | 15.98% | 141 | 83 | 58.87% |
| NIS2 | 159 | 28 | 17.61% | 141 | 76 | 53.90% |
| PCI DSS | 385 | 64 | 16.62% | 141 | 94 | 66.67% |
| CMMC | 236 | 38 | 16.10% | 141 | 89 | 63.12% |
| CPGs | 161 | 9 | 5.59% | 141 | 45 | 31.91% |
| CRI | 331 | 22 | 6.65% | 141 | 65 | 46.10% |
| CSA CCM v4 | 250 | 32 | 12.80% | 141 | 71 | 50.35% |
| Cyber Essentials v2.2.2 | 180 | 24 | 13.33% | 141 | 84 | 59.57% |
| FFOEC CAT 2 | 181 | 29 | 16.02% | 141 | 83 | 58.87% |
| GSMA FS.31 | 58 | 14 | 24.14% | 141 | 71 | 50.35% |
| ISACA | 89 | 4 | 4.49% | 141 | 41 | 29.08% |
| ISO/IEC 27002:2022 | 243 | 30 | 12.35% | 141 | 102 | 72.34% |
| NCSC | 83 | 12 | 14.46% | 141 | 58 | 41.13% |
| NERC | 117 | 21 | 17.95% | 141 | 79 | 56.03% |
| NIST CSF | 211 | 21 | 9.95% | 141 | 90 | 63.83% |
| NIST CSF 2.0 | 112 | 9 | 8.04% | 141 | 37 | 26.24% |
| NIST SP 800-171 R2 | 138 | 24 | 17.39% | 141 | 70 | 49.65% |
| NIST SP 800-53 R5 | 345 | 55 | 15.94% | 141 | 108 | 76.60% |
| NYDFS | 151 | 18 | 11.92% | 141 | 54 | 38.30% |
| NZISM | 1,420 | 66 | 4.65% | 141 | 97 | 68.79% |
| SOC 2 | 155 | 10 | 6.45% | 141 | 86 | 60.99% |
| TSA | 73 | 9 | 12.33% | 141 | 64 | 45.39% |
Ready to Automate Your Compliance?
ConfigCobra automates CIS Microsoft 365 Benchmark assessments and helps you maintain continuous compliance across multiple security standards. Get started with a free trial.