Cybereen / Platform / Multi-standard mapping
PLATFORM CAPABILITY

One control. Many standards. No duplication.

Cybereen pre-maps the overlap between Essential Eight, ISO 27001, ISO 27002, APRA CPS 234, APRA CPS 230, ISO 42001, and NIST CSF — so the work you do for one audit counts toward the next.

See the overlap in your stack → See how it works
7 standards mapped work, many audits Full · Partial · Implies
PRE-MAPPED · 7 STANDARDS
Essential Eight · 8 ISO 27001 · 93 ISO 27002 · 93 APRA CPS 234 · 36 APRA CPS 230 · 41 ISO 42001 · 38 NIST CSF 2.0 · 106
WHAT YOU GET

Work once. Audit many. Stop duplicating.

Mapping in Cybereen isn't a spreadsheet of cross-references. It's an engine that watches every control you implement and quietly counts it toward every standard it satisfies.

Pre-mapped overlaps across 7 standards.

Essential Eight, ISO 27001, ISO 27002, APRA CPS 234, APRA CPS 230, ISO 42001, NIST CSF 2.0 — already cross-walked by our team. You don't build the mapping; you use it.

E8 · ISO · APRA · NIST

Work-once dashboards across multiple audits.

One assessment progress bar updates many standards in real time. Hit 80% on E8 ML2 and watch ISO and NIST coverage move with it — no parallel spreadsheets.

One bar · Many standards

Gap analysis that respects what you've already covered.

Cybereen shows you only the unique controls each new standard adds — not the shared base you've already done. Adopt a second framework in days, not quarters.

Only what's new
HOW IT WORKS

Three steps. Years of leverage.

From "which controls overlap?" to a live, scored, multi-standard view of your program — without ever building a cross-walk yourself.

Step 01

Pick your active standards.

Tick the standards your auditors actually ask about. Add more later — the mapping engine recalculates overlap in seconds, not weeks.

Essential Eight ML28 ctrls
ISO 27001 : 202293 ctrls
APRA CPS 23436 ¶
NIST CSF 2.0106 ctrls
ISO 42001 (AI)38 ctrls
Step 02

See the overlap map.

Cybereen highlights which controls double-, triple-, or quadruple-count. Dark cells are the heaviest hitters — one control answering four standards at once.

CONTROLE8ISONIST
MFA
×4
×4
×4
Patching
×3
×3
×2
Backups
×3
×2
×2
Logging
×2
×3
×3
App ctrl
×3
×2
×1
Step 03

Work the unique controls.

Focus effort on the controls each standard adds, not on re-doing the shared base. Adopt a new standard and you'll typically face a fraction of the work you feared.

+APRABoard notification ¶35NEW
+APRAIncident notify APRA ¶36NEW
+APRAThird-party assurance ¶24NEW
+APRAAudit by independent ¶33NEW
SHARED23 ¶ already met by ISOREUSED
IN PRACTICE

Three standards. One program.

Organisations held to several frameworks at once — ISO 27001, APRA CPS 234, Essential Eight — use the overlap engine to run one program instead of three parallel spreadsheets.

ILLUSTRATIVE · ISO 27001 ∩ APRA CPS 234 ∩ E8 ML2

Most controls do double- or triple-duty — so you manage the overlap once, not three times.

The usual before-state: a wide spreadsheet trying to track three frameworks side-by-side, with the same evidence re-typed into three different columns. Cybereen's overlap engine shows which controls are shared across the standards — leaving a much shorter list of genuinely unique work to manage.

Pre-mapped
Overlap across
7 standards
Work once
Shared controls
count across audits
Full / Partial
Overlap scored,
not assumed
One program
Instead of three
parallel spreadsheets
PART OF THE PLATFORM

Mapping is the multiplier for everything else.

One assessment progress bar updates many standards. One piece of evidence fulfils every mapped control. One heat map shows coverage across every framework you've turned on.

Feeds from

Maturity Assessments
one progress bar, many standards
Evidence Library
one artefact, many controls
YOU ARE HERE

Multi-standard mapping

The overlap engine that watches every control you implement and counts it toward every standard it satisfies. Full / Partial / Implies scoring, transparent methodology, customisable.

7 STANDARDS PRE-MAPPED CUSTOMISABLE METHODOLOGY PUBLIC

Surfaces in

Reporting
heat map across standards
Gap planner
only what's genuinely new
ONE PROGRAM MODEL
Implement a control once. It scores in every standard that asks for it, lights up the heat map, and tells your gap planner what's actually left to do. No retyping. No reconciling. No parallel spreadsheets.
FAQ

The three we get asked first.

Whose mappings are these? +
Cybereen's, maintained against the official standards. Our team cross-walks each standard control-by-control, then re-validates the mapping every time a standard revises (annual cycle for most, faster for ISO drafts). The methodology is public — we publish the rubric we use to decide what counts as Full, Partial, or Implies, so your auditor can scrutinise our reasoning, not just our output.
Can I add custom mappings? +
Yes — overlay your own mappings on top of Cybereen's defaults. Tenant-level custom mappings sit alongside ours and are visually distinguished in the UI (your edits are marked with your tenant badge). You can add mappings for in-house frameworks, contractual control libraries, or industry codes we don't ship out of the box. Cybereen's defaults are never overwritten — your overlay can extend or override per-cell, and you can roll back at any time.
What about partial overlaps? +
We score overlap as Full, Partial, or Implies. Full means the source control fully satisfies the target — same scope, same evidence works. Partial means you've covered the spirit but may need supplementary evidence (for example, MFA enforced for admins satisfies the principle of access control under APRA CPS 234, but APRA also expects board-level reporting which a screenshot alone won't cover). Implies means doing the source materially reduces the work for the target but doesn't on its own evidence it. Every cell tells you which scoring band it sits in, why, and what supplementary evidence (if any) the target standard would still ask for.

Stop maintaining the triple-column spreadsheet.

Turn on the standards your auditors ask about. We'll show you which controls already overlap, what's genuinely new, and how much work you don't actually need to do.

See the overlap in your stack → See the full platform