The PCI DSS Council released overview and mapping documents to map PCI DSS requirements to the NIST Cybersecurity Framework. As stated in the mapping document:
- The mapping covers all NIST Framework functions and categories, with PCI DSS requirements directly mapping to 96 of the 108 subcategories.
- The mapping is based on PCI DSS v3.2.1 and the Cybersecurity Framework v1.1, using the 2018-04-16_framework_v.1.1_core spreadsheet1
The PCI DSS documents show how PCI DSS requirements can help when working towards implementing the NIST Cybersecurity Framework for card payment merchants and service providers.
Here are the documents available for download:
Gotham Technology Group is a PCI QSA company. Gotham staff is available to assist with understanding these documents.