ITIL 4

International

v4.0

38 domains

53 controls

IT Infrastructure Library for IT service management best practices

Unverified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (38)

Architecture Management

1 controls

Controls in the Architecture Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-ARC-1	Architecture Management	Provide an understanding of all the different elements that make up an organisation and how those elements interrelate,...

Availability Management

1 controls

Controls in the Availability Management domain of ITIL 4 — 1 controls
Code	Title	Description
SM-AV-1	Availability Management	Ensure that services deliver agreed levels of availability to meet the needs of customers and users by designing, measur...

Business Analysis

1 controls

Controls in the Business Analysis domain of ITIL 4 — 1 controls
Code	Title	Description
SM-BA-1	Business Analysis	Analyse a business or some element of it, define its associated needs, and recommend solutions to address these needs an...

Capacity and Performance Management

1 controls

Controls in the Capacity and Performance Management domain of ITIL 4 — 1 controls
Code	Title	Description
SM-CAP-1	Capacity and Performance Management	Ensure that services achieve agreed and expected performance, satisfying current and future demand cost-effectively thro...

Change Enablement

1 controls

Controls in the Change Enablement domain of ITIL 4 — 1 controls
Code	Title	Description
SM-CHG-1	Change Enablement	Maximise the number of successful service and product changes by ensuring that risks are properly assessed, authorising...

Continual Improvement

1 controls

Controls in the Continual Improvement domain of ITIL 4 — 1 controls
Code	Title	Description
GM-CI-1	Continual Improvement	Align organisational practices and services with changing business needs through ongoing improvement of products, servic...

Deployment Management

1 controls

Controls in the Deployment Management domain of ITIL 4 — 1 controls
Code	Title	Description
SM-DEP-1	Deployment Management	Move new or changed hardware, software, documentation, processes, or any other component to live environments, including...

IT Asset Management

1 controls

Controls in the IT Asset Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-ITAM-1	IT Asset Management	Plan and manage the full lifecycle of all IT assets to maximise value, control costs, manage risks, support decision-mak...

ITIL 4: Continual Improvement

4 controls

Ongoing improvement of IT services (ITIL 4)

Controls in the ITIL 4: Continual Improvement domain of ITIL 4 — 4 controls
Code	Title	Description
ITIL4-16	Service measurement and reporting	Service measurement and reporting. Control from ITIL 4 framework, domain: ITIL 4: Continual Improvement.
ITIL4-17	Continual improvement process	Continual improvement process. Control from ITIL 4 framework, domain: ITIL 4: Continual Improvement.
ITIL4-18	Benchmarking and maturity assessment	Benchmarking and maturity assessment. Control from ITIL 4 framework, domain: ITIL 4: Continual Improvement.
ITIL4-19	Stakeholder feedback management	Stakeholder feedback management. Control from ITIL 4 framework, domain: ITIL 4: Continual Improvement.

ITIL 4: Service Operation

5 controls

Day-to-day IT service operations (ITIL 4)

Controls in the ITIL 4: Service Operation domain of ITIL 4 — 5 controls
Code	Title	Description
ITIL4-11	Incident management	Incident management. Control from ITIL 4 framework, domain: ITIL 4: Service Operation.
ITIL4-12	Problem management	Problem management. Control from ITIL 4 framework, domain: ITIL 4: Service Operation.
ITIL4-13	Event management and monitoring	Event management and monitoring. Control from ITIL 4 framework, domain: ITIL 4: Service Operation.
ITIL4-14	Request fulfillment	Request fulfillment. Control from ITIL 4 framework, domain: ITIL 4: Service Operation.
ITIL4-15	Access management for services	Access management for services. Control from ITIL 4 framework, domain: ITIL 4: Service Operation.

ITIL 4: Service Strategy & Design

5 controls

IT service strategy and design (ITIL 4)

Controls in the ITIL 4: Service Strategy & Design domain of ITIL 4 — 5 controls
Code	Title	Description
ITIL4-01	Service portfolio management	Service portfolio management. Control from ITIL 4 framework, domain: ITIL 4: Service Strategy & Design.
ITIL4-02	Service level management	Service level management. Control from ITIL 4 framework, domain: ITIL 4: Service Strategy & Design.
ITIL4-03	Capacity and availability management	Capacity and availability management. Control from ITIL 4 framework, domain: ITIL 4: Service Strategy & Design.
ITIL4-04	IT service continuity management	IT service continuity management. Control from ITIL 4 framework, domain: ITIL 4: Service Strategy & Design.
ITIL4-05	Information security for services	Information security for services. Control from ITIL 4 framework, domain: ITIL 4: Service Strategy & Design.

ITIL 4: Service Transition

5 controls

Managing changes to IT services (ITIL 4)

Controls in the ITIL 4: Service Transition domain of ITIL 4 — 5 controls
Code	Title	Description
ITIL4-06	Change management processes	Change management processes. Control from ITIL 4 framework, domain: ITIL 4: Service Transition.
ITIL4-07	Release and deployment management	Release and deployment management. Control from ITIL 4 framework, domain: ITIL 4: Service Transition.
ITIL4-08	Service validation and testing	Service validation and testing. Control from ITIL 4 framework, domain: ITIL 4: Service Transition.
ITIL4-09	Knowledge management	Knowledge management. Control from ITIL 4 framework, domain: ITIL 4: Service Transition.
ITIL4-10	Configuration management	Configuration management. Control from ITIL 4 framework, domain: ITIL 4: Service Transition.

Incident Management

1 controls

Controls in the Incident Management domain of ITIL 4 — 1 controls
Code	Title	Description
SM-INC-1	Incident Management	Minimise the negative impact of incidents by restoring normal service operation as quickly as possible, with prioritisat...

Information Security Management

1 controls

Controls in the Information Security Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-ISM-1	Information Security Management	Protect the information needed by the organisation to conduct its business by establishing confidentiality, integrity, a...

Infrastructure and Platform Management

1 controls

Controls in the Infrastructure and Platform Management domain of ITIL 4 — 1 controls
Code	Title	Description
TM-INF-1	Infrastructure and Platform Management	Oversee the infrastructure and platforms used by an organisation, supporting the overall service delivery including hard...

Knowledge Management

1 controls

Controls in the Knowledge Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-KM-1	Knowledge Management	Maintain and improve the effective, efficient, and convenient use of information and knowledge across the organisation b...

Measurement and Reporting

1 controls

Controls in the Measurement and Reporting domain of ITIL 4 — 1 controls
Code	Title	Description
GM-MS-1	Measurement and Reporting	Support good decision-making and continual improvement by decreasing levels of uncertainty through the collection of rel...

Monitoring and Event Management

1 controls

Controls in the Monitoring and Event Management domain of ITIL 4 — 1 controls
Code	Title	Description
SM-MEM-1	Monitoring and Event Management	Systematically observe services and service components and record and report selected changes of state identified as eve...

Organizational Change Management

1 controls

Controls in the Organizational Change Management domain of ITIL 4 — 1 controls
Code	Title	Description
SM-OCM-1	Organizational Change Management	Ensure that changes in an organisation are smoothly and successfully implemented and that lasting benefits are achieved...

Portfolio Management

1 controls

Controls in the Portfolio Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-PFM-1	Portfolio Management	Ensure that the organisation has the right mix of programmes, projects, products, and services to execute its strategy w...

Problem Management

1 controls

Controls in the Problem Management domain of ITIL 4 — 1 controls
Code	Title	Description
SM-PRB-1	Problem Management	Reduce the likelihood and impact of incidents by identifying actual and potential causes of incidents and managing worka...

Project Management

1 controls

Controls in the Project Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-PM-1	Project Management	Ensure that all projects in the organisation are successfully delivered, balancing the constraints of scope, time, cost,...

Relationship Management

1 controls

Controls in the Relationship Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-REL-1	Relationship Management	Establish and nurture the links between the organisation and its stakeholders at strategic and tactical levels, includin...

Release Management

1 controls

Controls in the Release Management domain of ITIL 4 — 1 controls
Code	Title	Description
SM-REL-1	Release Management	Make new and changed services and features available for use according to agreed expectations of customers and stakehold...

Risk Management

1 controls

Controls in the Risk Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-RSK-1	Risk Management	Ensure that the organisation understands and effectively handles risks by identifying, analysing, evaluating, treating,...

Service Catalogue Management

1 controls

Controls in the Service Catalogue Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-SRV-1	Service Catalogue Management	Provide a single source of consistent information on all services and service offerings, ensuring that it is available t...

Service Configuration Management

1 controls

Controls in the Service Configuration Management domain of ITIL 4 — 1 controls
Code	Title	Description
SM-SCM-1	Service Configuration Management	Ensure that accurate and reliable information about the configuration of services and the CIs that support them is avail...

Service Continuity Management

1 controls

Controls in the Service Continuity Management domain of ITIL 4 — 1 controls
Code	Title	Description
SM-SCONT-1	Service Continuity Management	Ensure that service availability and performance are maintained at sufficient levels in case of a disaster, supporting o...

Service Design

1 controls

Controls in the Service Design domain of ITIL 4 — 1 controls
Code	Title	Description
SM-SD-DES-1	Service Design	Design products and services that are fit for purpose, fit for use, and that can be delivered by the organisation and it...

Service Desk

1 controls

Controls in the Service Desk domain of ITIL 4 — 1 controls
Code	Title	Description
SM-SD-1	Service Desk	Capture demand for incident resolution and service requests, providing a clear path for users to report issues, queries,...

Service Financial Management

1 controls

Controls in the Service Financial Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-FIN-1	Service Financial Management	Support the organisation's strategies and plans for service management by ensuring that financial resources and investme...

Service Level Management

1 controls

Controls in the Service Level Management domain of ITIL 4 — 1 controls
Code	Title	Description
SM-SLM-1	Service Level Management	Set clear business-based targets for service performance so that the delivery of a service can be properly assessed, mon...

Service Request Management

1 controls

Controls in the Service Request Management domain of ITIL 4 — 1 controls
Code	Title	Description
SM-SRM-1	Service Request Management	Support the agreed quality of a service by handling all predefined, user-initiated service requests in an effective and...

Service Validation and Testing

1 controls

Controls in the Service Validation and Testing domain of ITIL 4 — 1 controls
Code	Title	Description
SM-SVAL-1	Service Validation and Testing	Ensure that new or changed products and services meet defined requirements through structured testing approaches coverin...

Software Development and Management

1 controls

Controls in the Software Development and Management domain of ITIL 4 — 1 controls
Code	Title	Description
TM-SDM-1	Software Development and Management	Ensure that applications meet stakeholder needs in terms of functionality, reliability, maintainability, compliance, and...

Strategy Management

1 controls

Controls in the Strategy Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-STR-1	Strategy Management	Formulate the goals of the organisation and adopt the courses of action and allocation of resources necessary for achiev...

Supplier Management

1 controls

Controls in the Supplier Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-SUP-1	Supplier Management	Ensure that the organisation's suppliers and their performances are managed appropriately to support the seamless provis...

Workforce and Talent Management

1 controls

Controls in the Workforce and Talent Management domain of ITIL 4 — 1 controls
Code	Title	Description
GM-WT-1	Workforce and Talent Management	Ensure that the organisation has the right people with the appropriate skills, knowledge, and competencies in the right...

Your Compliance Coverage

If you comply with ITIL 4, you already cover:

NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security

5 controls mapped

Compare →

ISO 20000-1

5 controls mapped

Compare →

ISO 27001:2022

5 controls mapped

Compare →

+ 165 more: NIST Privacy Framework (8%), MTCS (Singapore) (8%)

See all 168 mapped frameworks ↓

Maps to 168 other frameworks

53 total controls

NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security

5 source controls mapped|5 target controls covered

ISO 20000-1

5 source controls mapped|5 target controls covered

ISO 27001:2022

5 source controls mapped|9 target controls covered

NIST Privacy Framework

4 source controls mapped|4 target controls covered

MTCS (Singapore)

4 source controls mapped|3 target controls covered

FFIEC Cybersecurity Assessment Tool (CAT)

4 source controls mapped|5 target controls covered

SOC 2

4 source controls mapped|7 target controls covered

NIS2 Directive

4 source controls mapped|3 target controls covered

NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)

4 source controls mapped|7 target controls covered

BSI IT-Grundschutz

4 source controls mapped|9 target controls covered

ISO 27019

4 source controls mapped|9 target controls covered

IEC 62443

4 source controls mapped|9 target controls covered

API 1164

4 source controls mapped|9 target controls covered

Annex 11 to EU GMP - Computerised Systems

4 source controls mapped|3 target controls covered

NIST SP 800-53 Rev 5

4 source controls mapped|10 target controls covered

NIST SP 1800-32

4 source controls mapped|9 target controls covered

PSD2 SCA

3 source controls mapped|3 target controls covered

OSFI B-13

3 source controls mapped|4 target controls covered

Open Banking Security

3 source controls mapped|4 target controls covered

Monetary Authority of Singapore Technology Risk Management Guidelines

3 source controls mapped|3 target controls covered

FFIEC IT Examination Handbook

3 source controls mapped|7 target controls covered

ASD Strategies to Mitigate Cyber Security Incidents

3 source controls mapped|6 target controls covered

APRA CPS 234

3 source controls mapped|7 target controls covered

PCI PIN Security

3 source controls mapped|7 target controls covered

PCI SSF

3 source controls mapped|7 target controls covered

PCI P2PE

3 source controls mapped|7 target controls covered

NIST Cybersecurity Framework 2.0

3 source controls mapped|7 target controls covered

SSAE 18 - Attestation Standards (SOC Reporting)

3 source controls mapped|5 target controls covered

NIST SP 800-146

3 source controls mapped|2 target controls covered

NIST SP 800-145

3 source controls mapped|2 target controls covered

NIST SP 800-144

3 source controls mapped|2 target controls covered

NERC CIP

3 source controls mapped|2 target controls covered

FTC GLBA Safeguards Rule (16 CFR Part 314)

3 source controls mapped|2 target controls covered

ISO 27017

3 source controls mapped|4 target controls covered

Azure Security Benchmark

3 source controls mapped|4 target controls covered

ISO 27018

3 source controls mapped|4 target controls covered

AWS Well-Architected Security Pillar

3 source controls mapped|4 target controls covered

NIST SP 800-190

3 source controls mapped|4 target controls covered

Oman National Cybersecurity Framework

3 source controls mapped|3 target controls covered

IAEA Nuclear Security Series - Computer Security at Nuclear Facilities (NSS-17-T Rev 1)

3 source controls mapped|3 target controls covered

Canada ITSG-33 - IT Security Risk Management

3 source controls mapped|1 target controls covered

NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements

3 source controls mapped|5 target controls covered

SASB Standards

2 source controls mapped|1 target controls covered

O-RAN WG11 Security Specification

2 source controls mapped|1 target controls covered

Nevada Gaming Control Board Cybersecurity Requirements

2 source controls mapped|1 target controls covered

ITU-T X.805 - Security Architecture for End-to-End Communications

2 source controls mapped|2 target controls covered

ASIS SPC.1-2009 - Organizational Resilience Standard

2 source controls mapped|4 target controls covered

IEC 62351 - Power Systems Communication Security

2 source controls mapped|3 target controls covered

DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)

2 source controls mapped|3 target controls covered

IEC 62304:2015 Medical Device Software Lifecycle Processes

2 source controls mapped|4 target controls covered

NRF Cybersecurity and Data Privacy Framework (National Retail Federation)

2 source controls mapped|2 target controls covered

ISO 26262:2018 - Functional Safety for Road Vehicles

2 source controls mapped|2 target controls covered

ISO/IEC 27400:2022

2 source controls mapped|2 target controls covered

AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)

2 source controls mapped|3 target controls covered

Virginia CDPA

2 source controls mapped|1 target controls covered

Vietnam PDPD

2 source controls mapped|1 target controls covered

Uruguay DPL

2 source controls mapped|2 target controls covered

UK Gambling Commission - Cyber Resilience Requirements

2 source controls mapped|1 target controls covered

Turkey KVKK

2 source controls mapped|1 target controls covered

TSA Pipeline Cybersecurity Directives

2 source controls mapped|1 target controls covered

Texas Data Privacy Act

2 source controls mapped|1 target controls covered

Taiwan PDPA

2 source controls mapped|1 target controls covered

Qatar DPL

2 source controls mapped|2 target controls covered

Privacy Act 2020

2 source controls mapped|2 target controls covered

POPIA

2 source controls mapped|1 target controls covered

Peru DPL

2 source controls mapped|2 target controls covered

Personal Data Act (personopplysningsloven)

2 source controls mapped|2 target controls covered

PDPA Thailand

2 source controls mapped|2 target controls covered

PDPA Singapore

2 source controls mapped|2 target controls covered

PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments

2 source controls mapped|2 target controls covered

Oregon Consumer Privacy Act

2 source controls mapped|2 target controls covered

NIST SP 800-122

2 source controls mapped|2 target controls covered

Nigeria Data Protection Regulation (NDPR)

2 source controls mapped|1 target controls covered

Nigeria Data Protection Act 2023 (NDPA)

2 source controls mapped|4 target controls covered

Nebraska Data Privacy Act

2 source controls mapped|4 target controls covered

New Jersey Data Privacy Act

2 source controls mapped|2 target controls covered

New Hampshire Data Privacy Act

2 source controls mapped|2 target controls covered

Montana Consumer Data Privacy Act

2 source controls mapped|1 target controls covered

Minnesota Consumer Data Privacy Act

2 source controls mapped|1 target controls covered

Mexico LFPDPPP

2 source controls mapped|1 target controls covered

Mauritius DPA

2 source controls mapped|1 target controls covered

Maryland Online Data Privacy Act of 2024

2 source controls mapped|2 target controls covered

Malaysia PDPA 2010

2 source controls mapped|2 target controls covered

Liechtenstein DPA

2 source controls mapped|1 target controls covered

LGPD

2 source controls mapped|1 target controls covered

South Korea PIPA

2 source controls mapped|3 target controls covered

Kentucky Consumer Data Protection Act

2 source controls mapped|2 target controls covered

Jamaica Data Protection Act 2020

2 source controls mapped|3 target controls covered

Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)

2 source controls mapped|3 target controls covered

APPI

2 source controls mapped|3 target controls covered

ISO 28001:2007 Supply Chain Security Management

2 source controls mapped|2 target controls covered

Bahrain PDPL

2 source controls mapped|3 target controls covered

ISO/IEC 27010:2015

2 source controls mapped|3 target controls covered

UK FCA/PRA Operational Resilience Framework

1 source controls mapped|1 target controls covered

South Africa Promotion of Access to Information Act (PAIA)

1 source controls mapped|1 target controls covered

UK AI Regulation Framework

1 source controls mapped|1 target controls covered

OECD AI Principles

1 source controls mapped|1 target controls covered

NATO Cyber Defence Policy and NATO Computer Incident Response Capability (NCIRC)

1 source controls mapped|1 target controls covered

Japan AI Guidelines

1 source controls mapped|1 target controls covered

ISO/IEC 38500:2024 - Governance of IT

1 source controls mapped|1 target controls covered

BS 65000:2014 - Guidance on Organizational Resilience

1 source controls mapped|1 target controls covered

COBIT 2019

1 source controls mapped|1 target controls covered

ISO/IEC 27007:2020

1 source controls mapped|1 target controls covered

ISO/IEC 27031:2011

1 source controls mapped|2 target controls covered

ISO/IEC 25012:2008 - Data Quality Model

1 source controls mapped|1 target controls covered

ICH Q10 - Pharmaceutical Quality System

1 source controls mapped|1 target controls covered

ISO 37301

1 source controls mapped|1 target controls covered

ISO 37001

1 source controls mapped|1 target controls covered

ISO 30401

1 source controls mapped|1 target controls covered

ISO 55001

1 source controls mapped|1 target controls covered

ISO 19011

1 source controls mapped|1 target controls covered

ISO 9001

1 source controls mapped|1 target controls covered

Secure by Design: A Guide for Manufacturers (CISA)

1 source controls mapped|1 target controls covered

AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence

1 source controls mapped|1 target controls covered

AS9100D - Aerospace Quality Management System

1 source controls mapped|1 target controls covered

ISO/IEC 27003:2017

1 source controls mapped|1 target controls covered

FBI CJIS Security Policy

1 source controls mapped|1 target controls covered

Automotive SPICE (ASPICE) v4.0 - Process Assessment Model

1 source controls mapped|1 target controls covered

APRA CPS 230 Operational Risk Management

1 source controls mapped|1 target controls covered

UK GDPR (UK General Data Protection Regulation)

1 source controls mapped|1 target controls covered

Trinidad and Tobago Data Protection Act 2011

1 source controls mapped|1 target controls covered

Tanzania Personal Data Protection Act (Draft)

1 source controls mapped|1 target controls covered

Papua New Guinea National Cybersecurity Policy & Cybercrime Act (2016)

1 source controls mapped|1 target controls covered

NIS2 Directive Implementing Acts

1 source controls mapped|1 target controls covered

Nigeria Open Banking Regulatory Framework (CBN, 2023)

1 source controls mapped|1 target controls covered

Laos Law on Prevention and Combating Cybercrime (2015)

1 source controls mapped|1 target controls covered

Japan FSA Cybersecurity Guidelines for Financial Institutions

1 source controls mapped|1 target controls covered

ISO 22320:2018

1 source controls mapped|3 target controls covered

NIST AI Risk Management Framework (AI RMF 1.0)

1 source controls mapped|2 target controls covered

COSO Internal Control - Integrated Framework (2013)

1 source controls mapped|1 target controls covered

ISO/IEC 30111:2019

1 source controls mapped|2 target controls covered

ISO/IEC 29147:2018

1 source controls mapped|1 target controls covered

EASA Part-IS - Information Security in Aviation

1 source controls mapped|3 target controls covered

Barbados Data Protection Act 2019

1 source controls mapped|1 target controls covered

NIST SP 800-171

1 source controls mapped|1 target controls covered

SANS Incident Handler's Handbook and PICERL Methodology

1 source controls mapped|3 target controls covered

AICPA Privacy Management Framework (PMF)

1 source controls mapped|1 target controls covered

NFPA 1600 - Standard on Continuity, Emergency, and Crisis Management

1 source controls mapped|1 target controls covered

NIST SP 800-124 Revision 2 - Guidelines for Managing the Security of Mobile Devices

1 source controls mapped|1 target controls covered

TISAX - Trusted Information Security Assessment Exchange

1 source controls mapped|1 target controls covered

SLSA

1 source controls mapped|2 target controls covered

Sigstore - Software Artifact Signing and Verification

1 source controls mapped|1 target controls covered

SIG (Shared Assessments)

1 source controls mapped|1 target controls covered

PTES

1 source controls mapped|1 target controls covered

OWASP SAMM

1 source controls mapped|1 target controls covered

OWASP MASVS

1 source controls mapped|1 target controls covered

OpenSSF Scorecard

1 source controls mapped|1 target controls covered

NIST SP 800-92

1 source controls mapped|1 target controls covered

NIST SP 800-88

1 source controls mapped|1 target controls covered

NIST SP 800-66

1 source controls mapped|3 target controls covered

NIST SP 800-63-4

1 source controls mapped|1 target controls covered

NIST SP 800-61

1 source controls mapped|1 target controls covered

NIST SP 800-137

1 source controls mapped|1 target controls covered

NIST SP 800-123

1 source controls mapped|1 target controls covered

NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)

1 source controls mapped|1 target controls covered

NAIC Insurance Data Security Model Law (MDL-668)

1 source controls mapped|1 target controls covered

MITRE ATT&CK

1 source controls mapped|2 target controls covered

MDS2 (Medical Device)

1 source controls mapped|3 target controls covered

MARS-E

1 source controls mapped|4 target controls covered

ICAO Annex 17 - Aviation Security (AVSEC)

1 source controls mapped|1 target controls covered

IATA Operational Safety Audit (IOSA) Standards Manual

1 source controls mapped|1 target controls covered

CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0

1 source controls mapped|1 target controls covered

ISO 27043

1 source controls mapped|3 target controls covered

ISO 13485

1 source controls mapped|3 target controls covered

ISO 27799

1 source controls mapped|3 target controls covered

ISO/IEC 27011:2024

1 source controls mapped|2 target controls covered

ISO/SAE 21434

1 source controls mapped|3 target controls covered

MARS-E - Minimum Acceptable Risk Standards for Exchanges

1 source controls mapped|1 target controls covered

Compare ITIL 4 with NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security

Frequently Asked Questions

What is ITIL 4?

ITIL 4 is a compliance framework from International with 38 domains and 53 controls. IT Infrastructure Library for IT service management best practices It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does ITIL 4 have?

ITIL 4 has 53 controls organised across 38 domains. The largest domains are ITIL 4: Service Operation (5 controls), ITIL 4: Service Strategy & Design (5 controls), ITIL 4: Service Transition (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does ITIL 4 map to?

ITIL 4 maps to 168 other compliance frameworks. The top mapping partners are NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security (9% coverage), ISO 20000-1 (9% coverage), ISO 27001:2022 (9% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with ITIL 4 compliance?

Start your ITIL 4 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ITIL 4 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 53 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.

Get Started Free →

Free forever — no credit card required