Framework crosswalks
This page documents the specific framework-to-framework crosswalks Crosswalker’s Python tool already implements — source/target pairs, match columns, and matching strategies. A practical reference rather than a conceptual introduction.
Supported framework crosswalks
Section titled “Supported framework crosswalks”The Python tool (frameworks_to_obsidian.py) implements these cross-framework mappings:
CRI Profile v2.0 ↔ NIST CSF 2.0
Section titled “CRI Profile v2.0 ↔ NIST CSF 2.0”| Source | Target | Match Column | Match Type |
|---|---|---|---|
| CRI Diagnostic Statement | CSF Subcategory | CSF reference column | Array contains |
The CRI Community Profile is a meta-framework designed for financial institutions that maps to multiple standards. Its “CRI Profile v2.0 Structure” sheet provides the primary mapping.
NIST 800-53 ↔ MITRE ATT&CK
Section titled “NIST 800-53 ↔ MITRE ATT&CK”| Source | Target | Match Column | Match Type |
|---|---|---|---|
| 800-53 Control | ATT&CK Technique | Mapping spreadsheet | Exact match |
Uses the Center for Threat-Informed Defense’s Mappings Explorer as the authoritative source.
MITRE ATT&CK ↔ D3FEND
Section titled “MITRE ATT&CK ↔ D3FEND”| Source | Target | Match Column | Match Type |
|---|---|---|---|
| ATT&CK Technique | D3FEND Countermeasure | D3FEND mapping data | Regex |
D3FEND provides defensive countermeasures mapped to ATT&CK techniques.
NIST CSF 2.0 ↔ CIS Controls v8
Section titled “NIST CSF 2.0 ↔ CIS Controls v8”| Source | Target | Match Column | Match Type |
|---|---|---|---|
| CSF Subcategory | CIS Safeguard | CIS mapping spreadsheet | Array contains |
Matching methods
Section titled “Matching methods”Exact match
Section titled “Exact match”Column value in source must exactly equal a value in target. Used when both frameworks use standardized IDs.
Array contains
Section titled “Array contains”Source column contains a comma-separated list; check if any item matches the target ID. Common when frameworks list multiple related controls.
Pattern-based matching for complex ID formats. Used for NIST control enhancements like AC-2(1) where parenthetical notation needs special handling.
Column mapping challenges
Section titled “Column mapping challenges”Common pitfalls
Section titled “Common pitfalls”| Issue | Example | Solution |
|---|---|---|
| Merged cells | CRI Profile Excel has merged category rows | Forward-fill blank cells (hierarchical_ffill()) |
| Inconsistent IDs | ”AC-2” vs “AC-02” vs “AC 2” | Regex normalization before matching |
| Multi-value cells | ”AC-1, AC-2, AC-3” in one cell | Split into array, match each |
| Sheet structure | Multiple sheets per framework | Merge relevant sheets by primary key |
| Encoding issues | Special characters in control names | UTF-8 normalization |
Data format expectations
Section titled “Data format expectations”| Framework | ID Format | Hierarchy | Sheets |
|---|---|---|---|
| NIST 800-53 | AC-2, AC-2(1) | Family → Control → Enhancement | Controls, Assessment |
| NIST CSF 2.0 | PR.AC-01 | Function → Category → Subcategory | Core |
| CIS v8 | 1.1 | Control → Safeguard | Controls, IG mapping |
| MITRE ATT&CK | T1059, T1059.001 | Tactic → Technique → Sub-technique | Enterprise matrix |
| CRI Profile | Diagnostic statement text | Function → Category → Subcategory → Statement | Structure, Mappings |
NIST mapping resources
Section titled “NIST mapping resources”OLIR (Online Informative References)
Section titled “OLIR (Online Informative References)”NIST’s National Online Informative References Program provides official crosswalks between frameworks. These are the authoritative mapping source.
OSCAL (Open Security Controls Assessment Language)
Section titled “OSCAL (Open Security Controls Assessment Language)”Machine-readable framework data in JSON/XML format. Resources:
NIST CPRT (Cybersecurity and Privacy Reference Tool)
Section titled “NIST CPRT (Cybersecurity and Privacy Reference Tool)”Interactive tool for browsing CSF 2.0 with informative references: CPRT Filters
Crosswalk staleness
Section titled “Crosswalk staleness”A critical problem: crosswalks become stale when either framework updates. See framework versioning for how each framework handles changes.
The OLIR maintenance problem
Section titled “The OLIR maintenance problem”NIST’s OLIR program is submission-based — the submitting organization maintains their mappings. There’s no automatic mechanism to flag stale crosswalks. High-profile crosswalks (CSF↔800-53) get updated eventually, but on NIST’s timeline.
The pivot solution
Section titled “The pivot solution”The Secure Controls Framework (SCF) solves this with a meta-framework / interlingua approach — mapping 175+ frameworks through a single hub. When one framework updates, only one mapping needs updating, and the change propagates to all others.
Detection strategies
Section titled “Detection strategies”See data model resilience for proposed detection mechanisms: source hash comparison, version tracking in _crosswalker metadata, and machine-readable changelog ingestion.
Implementation in Crosswalker
Section titled “Implementation in Crosswalker”The Crosswalker plugin currently imports individual frameworks. Cross-framework linking is planned — it will:
- Import framework A with Crosswalker
- Import framework B
- Use a crosswalk config to generate typed links between matching nodes
- Links carry metadata about the mapping relationship (exact, partial, related)
The ontology evolution problem means these links need version awareness — see open questions for unresolved design decisions.