Crosswalk (XLSX) This workbook contains the mapping in both directions on two different tabs (Privacy Framework to source, and source to Privacy Framework).
Resource Identifier: American Institute of Certified Public Accountants (AICPA) 2017 Trust Services Criteria Crosswalk
Source Name: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (With Revised Points of Focus – 2022)
Contributor: Nandita Rao Narla
Contributor GitHub Username: @nandita-rao
Date First Posted: November 21, 2023
Date Last Verified or Updated: November 21, 2023
Related Documentation: 2017 Trust Services Criteria mapped to ISO 27001, NIST CSF, COBIT5, NIST 800-53 and GDPR
Contributor Notes: The purpose of mapping the NIST Privacy Framework to the 2017 Trust Services Criteria (inclusive of October 2022 updates) is to support SOC compliance efforts for organizations aligned with the NIST Privacy Framework. This mapping may be leveraged by privacy and GRC teams to perform a SOC readiness assessment and by service auditors to evaluate whether the NIST Privacy Framework may be considered suitable criteria in an attestation examination.
Sincere thanks to Dylan Gilbert, Privacy Policy Advisor at NIST, R. Jason Cronk, Founder of Institute of Operational Privacy Design, and Anza Abbas, Associate at Enterprivacy Consulting Group, for their feedback.
Disclaimer: This work product was developed in my personal capacity and does not guarantee accuracy or completeness. You should leverage it as a starting point for your own analysis.
There is no discussion at this time for this resource.
You can share feedback, ask questions, or request clarifications about this resource. You will need the resource identifier and contributor’s GitHub username.