Thank you to VMware and Intel, both of whom supported this effort and allowed me to create, validate, and openly give this information back to the community so that others can benefit from this work product.
You can find the mapping under the documents tab. Direct link here.
Look for 2016 Controls Map New_River_v5 CG (012).xlsm. Please note this is a macro-enabled spreadsheet. View the macro using [ALT]-[F11].
- Review and complete where necessary control mappings from common regulations, standards, and best practices into NIST.
- Identify any control gaps and create an effective control overlay.
- Independently validate results by at least 2 different consulting companies formally, and informally with a number of peers.
- Recommended common control alignment map to NIST with additional control overlays addressing multiple regulations and standards.
- Recommended product configurations, security solutions, and specific design requirements to create repeatable, compliant, secure systems.
But I didn't think PCI mapped directly into SP800-53?