TheArtOfService
Cross-Framework Mapping

NIST Cybersecurity Framework 2.0vsCanada ITSG-33 - IT Security Risk Management

See exactly how NIST Cybersecurity Framework 2.0 controls map to Canada ITSG-33 - IT Security Risk Management. Pre-computed mappings, identified gaps, and coverage analysis.

21
Controls Mapped
85
Gaps Found
15%
Coverage

According to the TheArtOfService Compliance Knowledge Graph:

NIST Cybersecurity Framework 2.0 maps to Canada ITSG-33 - IT Security Risk Management with 15% coverage across 16 directly mapped controls. Analysis of 106 NIST Cybersecurity Framework 2.0 controls identifies 90 compliance gaps — primarily concentrated in GV - Govern.

Source: TheArtOfService Knowledge Graph | 106 controls analysed | 718 frameworks | 332K+ cross-framework mappings

Control Mappings

Showing 20 of 21 mapped controls across 6 domains. Sign up to explore all 332K+ mappings across 718 frameworks.

DE - Detect(2 mappings)

NIST-CSF-DE.CM-01Networks and network services are monitored to find potentially adverse events2 targets
ITSG33-RMP-6Continuous Monitoring
ITSG33-SISystem and Information Integrity (SI)

GV - Govern(5 mappings)

NIST-CSF-GV.RM-01Risk management objectives are established and agreed upon
ITSG33-RMP-1Departmental IT Security Risk Management Activities (Annex 1)
NIST-CSF-GV.RM-02Risk appetite and risk tolerance statements are established
ITSG33-RMP-2Information System Security Risk Management Activities / ISSIP (Annex 2)
NIST-CSF-GV.RM-03Cybersecurity risk management activities and outcomes are included in enterprise risk
ITSG33-RMP-4Security Control Selection and Profiles (Annex 4A)
NIST-CSF-GV.RR-04Cybersecurity is included in human resources practices
ITSG33-PSPersonnel Security (PS)
NIST-CSF-GV.SC-01Cybersecurity supply chain risk management program is established
ITSG33-SASystem and Services Acquisition (SA)

ID - Identify(2 mappings)

NIST-CSF-ID.IM-04Incident response plans and other cybersecurity plans are established and maintained
CA-ITSG33-SC-01Security Control Catalogue
NIST-CSF-ID.RA-01Vulnerabilities in assets are identified, validated, and recorded
ITSG33-RARisk Assessment (RA)

PR - Protect(8 mappings)

NIST-CSF-PR.AA-01Identities and credentials for authorized users, services, and hardware are managed2 targets
ITSG33-ACAccess Control (AC)
ITSG33-IAIdentification and Authentication (IA)
NIST-CSF-PR.AT-01Personnel are provided awareness and training to perform cybersecurity duties
ITSG33-ATAwareness and Training (AT)
NIST-CSF-PR.DS-01The confidentiality, integrity, and availability of data-at-rest are protected
ITSG33-MPMedia Protection (MP)
NIST-CSF-PR.IR-01Networks and environments are protected from unauthorized access
ITSG33-SCSystem and Communications Protection (SC)
NIST-CSF-PR.PS-01Configuration management practices are established and applied2 targets
CA-ITSG33-SC-01Security Control Catalogue
ITSG33-CMConfiguration Management (CM)
NIST-CSF-PR.PS-04Log records are generated and made available for continuous monitoring
ITSG33-AUAudit and Accountability (AU)

RC - Recover(2 mappings)

NIST-CSF-RC.RP-01The recovery portion of the incident response plan is executed2 targets
CA-ITSG33-SC-01Security Control Catalogue
ITSG33-CPContingency Planning (CP)

RS - Respond(1 mappings)

NIST-CSF-RS.MA-01The incident response plan is executed in coordination with relevant third parties
CA-ITSG33-SC-01Security Control Catalogue

+1 more mappings

Plus AI-powered gap analysis, compliance advisory, PDF exports, and cross-mapping for all 718 frameworks.

Create Free Account →

Free forever — no credit card required

Related Comparisons

Other NIST Cybersecurity Framework 2.0 comparisons

NIST Cybersecurity Framework 2.0 vs ISO 27001:202282 mappingsNIST Cybersecurity Framework 2.0 vs Belgium CyberFundamentals32 mappingsNIST Cybersecurity Framework 2.0 vs ASIC Cyber Resilience Good Practices32 mappingsNIST Cybersecurity Framework 2.0 vs ASEAN Data Management Framework25 mappingsNIST Cybersecurity Framework 2.0 vs NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security22 mappingsNIST Cybersecurity Framework 2.0 vs Azure Security Benchmark22 mappingsNIST Cybersecurity Framework 2.0 vs Australian Energy Sector Cyber Security Framework (AESCSF)19 mappingsNIST Cybersecurity Framework 2.0 vs AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)19 mappings

Other Canada ITSG-33 - IT Security Risk Management comparisons

NIST SP 800-53 Rev 5 vs Canada ITSG-33 - IT Security Risk Management23 mappingsAzure Security Benchmark vs Canada ITSG-33 - IT Security Risk Management2 mappingsPAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments vs Canada ITSG-33 - IT Security Risk Management2 mappingsOWASP DevSecOps Maturity Model (DSOMM) vs Canada ITSG-33 - IT Security Risk Management2 mappingsNIST SP 800-146 vs Canada ITSG-33 - IT Security Risk Management2 mappingsNIST SP 800-145 vs Canada ITSG-33 - IT Security Risk Management2 mappingsNIST SP 800-144 vs Canada ITSG-33 - IT Security Risk Management2 mappingsMTCS (Singapore) vs Canada ITSG-33 - IT Security Risk Management2 mappings

Stop Paying Consultants to Read Spreadsheets

AI-powered compliance intelligence across 718 frameworks — at a fraction of consulting costs.

$0/forever

Free

  • 718 framework browser
  • Cross-framework mappings (332K+)
  • 824 compliance assessments
  • 3 AI queries & searches per day
Get Started Free
Recommended
$49/month

Professional

  • Unlimited AI Compliance Advisory
  • Unlimited full-text search
  • Framework self-assessment
  • PDF, Excel & CSV exports
Start 7-Day Free Trial →

Popular framework comparisons

NIST CSF vs NIST 800-53ISO 27001 vs NIST CSFCMMC vs NIST 800-53FedRAMP vs NIST 800-53NIST CSF vs SOC 2HIPAA vs NIST 800-53ISO 27001 vs SOC 2ISO 27001 vs ISO 27701

What are the key differences between NIST Cybersecurity Framework 2.0 and Canada ITSG-33 - IT Security Risk Management?

NIST Cybersecurity Framework 2.0 has 106 controls across its framework, while Canada ITSG-33 - IT Security Risk Management covers 26 controls. Direct mapping analysis identifies 16 overlapping controls (15% coverage). The frameworks diverge most significantly in GV - Govern, where 23 NIST Cybersecurity Framework 2.0 controls have no direct Canada ITSG-33 - IT Security Risk Management equivalent.

How many controls map between NIST Cybersecurity Framework 2.0 and Canada ITSG-33 - IT Security Risk Management?

Of 106 total NIST Cybersecurity Framework 2.0 controls, 16 map directly to Canada ITSG-33 - IT Security Risk Management controls — representing 15% coverage. The remaining 90 controls represent compliance gaps requiring additional documentation or compensating controls to satisfy both frameworks simultaneously.

What are the compliance gaps when mapping NIST Cybersecurity Framework 2.0 to Canada ITSG-33 - IT Security Risk Management?

90 NIST Cybersecurity Framework 2.0 controls have no direct equivalent in Canada ITSG-33 - IT Security Risk Management. The highest concentration of gaps is in GV - Govern with 23 unmapped controls. These gaps represent areas where additional controls, policies, or documentation must be created to achieve compliance with both frameworks.

Which control domains have the most gaps between NIST Cybersecurity Framework 2.0 and Canada ITSG-33 - IT Security Risk Management?

The domain with the highest gap count is GV - Govern (23 gaps). Export the full domain-by-domain gap breakdown via the Professional tier to generate a prioritised remediation roadmap.

Related Resources

How to Map Controls Across Frameworks|Multi-Framework Compliance Guide|Compliance Glossary

This platform provides educational compliance tools, not legal, regulatory, or professional compliance advice. Cross-framework mappings are AI-assisted interpretations and do not reproduce or replace official standards. Framework names and trademarks belong to their respective owners. Consult qualified professionals for your specific compliance requirements. See our Terms of Service.