This table shows the 26 compliance areas where NIST CSF and DORA controls overlap. When you mark a control as implemented in either framework, Venvera automatically propagates the status to the equivalent control in the other.
| Compliance Area | NIST CSF | DORA |
|---|---|---|
| Encryption | PR.DS-01, PR.DS-02 | ict-10 |
| Access Control | PR.AA-01 | ict-11 |
| Identity Management | PR.AA-01, PR.AA-03 | ict-11 |
| Authentication & MFA | PR.AA-03 | ict-11 |
| Network Security | PR.IR-01 | ict-09 |
| Vulnerability Management | ID.RA-01, PR.PS-01 | ict-12 |
| Logging & Monitoring | DE.CM-01, DE.AE-02 | ict-14 |
| Incident Management | RS.MA-01, RS.AN-03 | inc-01 |
| Incident Classification | DE.AE-04 | inc-03, inc-04 |
| Incident Reporting | RS.CO-02 | inc-05, inc-06 |
| Incident Response Team | RS.MA-02 | inc-09 |
| Post-Incident Review | RS.AN-08 | inc-08 |
| Business Continuity | RC.RP-01, RC.RP-03 | ict-15 |
| Backup & Restoration | RC.RP-03 | ict-16 |
| Crisis Management | RS.CO-03 | ict-19 |
| Third-Party Risk Management | GV.SC-03 | tpr-01 |
| Supplier Due Diligence | GV.SC-06 | tpr-03 |
| Supplier Contracts | GV.SC-05 | tpr-06, tpr-07 |
| Supplier Monitoring | GV.SC-09 | tpr-04 |
| Risk Assessment | ID.RA-03, ID.RA-05 | ict-07 |
| Information Security Policy | GV.PO-01 | ict-08 |
| Security Awareness & Training | PR.AT-01 | ict-18 |
| Change Management | PR.PS-01 | ict-13 |
| Security Testing | ID.IM-02 | res-01 |
| Penetration Testing | ID.RA-01 | res-04 |
| Configuration Management | PR.PS-01 | ict-04 |
For details on how propagation works, thresholds, and the auto-mapped badge, see the Cross-Framework Control Propagation overview article.