Utilizing the Framework Mapper

The Framework Mapper tool allows an assessment to be mapped to industry-accepted frameworks, as well as MITRE ATT&CK scenarios. See below for the latest full list.

Upon sharing your CyberGRX assessment in response to a Customer request for a questionnaire, the Framework Mapper allows the recipient to translate the CGRX assessment to several industry frameworks such as GDPR, CCPA, NIST 800/CSF, HIPAA, etc. This means customers are more likely to accept an assessment that conveniently fits the frameworks that they are accustomed to.

How to Use

1. Navigate to the assessment Results tab and scroll to the Framework Mapper. Select which framework you wish to map to and an excel will be downloaded. 

The mapped file will include the CGRX results side by side with the chosen framework. If a particular item could not be properly mapped, it will be noted in the document.

2. Click through to the MITRE ATT&CK article for more information on how to utilize the Framework Mapper tool to review your own security controls and gain visibility into gaps.

Full List of Available Frameworks and Attack Scenarios

Australian Cyber Security Centre - Essential 8 Maturity Model
Australian Energy Sector Cyber Security Framework (AESCSF)
Australian Government Information Security Manual (ISM)
Australian Prudential Regulation Authority (APRA) CPS 234
Australian Signals Directorate 37 (ASD 37)
CISA's "Bad Practices"
CMMC Level 5
CSA-CCM
California Consumer Privacy Act (CCPA)
Consensus Assessments Initiative Questionnaire (CAIQ) Lite
Cybersecurity Maturity Model Certification (CMMC) Level 1
Cybersecurity Maturity Model Certification (CMMC) Level 2
Cybersecurity Maturity Model Certification (CMMC) Level 3
Cybersecurity Maturity Model Certification (CMMC) Level 5
General Data Protection Regulation (GDPR)
Group Profile - Known Lapsus$ Extortion Techniques
Health Insurance Portability and Accountability Act (HIPAA): The Security Rule
Insurance Data Security Law
LogJam - CVE-2021-44228
MITRE Full Technique List v11
NERC Critical Infrastructure Protection (CIP)
NIST 800-171
NIST 800.53
NYDFS Cybersecurity Regulation (23 NYCRR 500)
National Institute of Standards and Technology - Cybersecurity Framework (NIST CSF)
National Institute of Standards and Technology 800.53 Revision 5
Payment Card Industry (PCI) Data Security Standard (DSS)
REvil Ransomware - Kaseya Supply Chain Attack
Ransomware Threat Profile
Threat Profile - MedusaLocker
Threat Profile - Online/Retail PoS Fraud - Point-of-Sale Card-Not-Present
Threat Profile - Russian Destructive Malware_v2
Threat Profile: Accellion File Transfer Application Breach
Threat Profile: CodeCov Breach
Threat Profile: Hafnium Exchange Server Breach
Threat Profile: LockBit 2.0
Threat Profile: Russian State-Sponsored Techniques and Tactics
Threat Profile: SolarGate Breach

Please note: Framework Mapping is only available for authorized and released Tier 1 or Tier 2 reports.