This table shows the 29 compliance areas where NIST CSF and NIS2 controls overlap. When you mark a control as implemented in either framework, Venvera automatically propagates the status to the equivalent control in the other.
| Compliance Area | NIST CSF | NIS2 |
|---|---|---|
| Encryption | PR.DS-01, PR.DS-02 | nis2-cr-01 |
| Key Management | PR.DS-01 | nis2-cr-02 |
| Access Control | PR.AA-01 | nis2-hr-02 |
| Identity Management | PR.AA-01, PR.AA-03 | nis2-hr-02 |
| Authentication & MFA | PR.AA-03 | nis2-mf-01 |
| Access Rights Review | PR.AA-05 | nis2-hr-04 |
| Privileged Access Management | PR.AA-05 | nis2-hr-04 |
| Network Security | PR.IR-01 | nis2-ch-01 |
| Vulnerability Management | ID.RA-01, PR.PS-01 | nis2-ss-02 |
| Logging & Monitoring | DE.CM-01, DE.AE-02 | nis2-ea-02 |
| Incident Management | RS.MA-01, RS.AN-03 | nis2-ih-01 |
| Incident Classification | DE.AE-04 | nis2-ih-03 |
| Incident Reporting | RS.CO-02 | nis2-ih-02 |
| Incident Response Team | RS.MA-02 | nis2-ih-01 |
| Post-Incident Review | RS.AN-08 | nis2-ih-04 |
| Business Continuity | RC.RP-01, RC.RP-03 | nis2-bc-01 |
| Backup & Restoration | RC.RP-03 | nis2-bc-02 |
| Crisis Management | RS.CO-03 | nis2-bc-03 |
| Third-Party Risk Management | GV.SC-03 | nis2-sc-01 |
| Supplier Due Diligence | GV.SC-06 | nis2-sc-02 |
| Supplier Contracts | GV.SC-05 | nis2-sc-03 |
| Supplier Monitoring | GV.SC-09 | nis2-sc-04 |
| Risk Assessment | ID.RA-03, ID.RA-05 | nis2-ra-02, nis2-ra-03 |
| Information Security Policy | GV.PO-01 | nis2-ra-01 |
| Security Awareness & Training | PR.AT-01 | nis2-ch-02 |
| Change Management | PR.PS-01 | nis2-ss-04 |
| Secure Development | PR.PS-06 | nis2-ss-03 |
| Security Testing | ID.IM-02 | nis2-ea-01 |
| Penetration Testing | ID.RA-01 | nis2-ea-01 |
For details on how propagation works, thresholds, and the auto-mapped badge, see the Cross-Framework Control Propagation overview article.