This thesis investigates both the feasibility and the inherent limitations of mapping cybersecurity controls across a diverse set of regulatory and industry frameworks. In an era where many organizations seek to consolidate their cybersecurity compliance efforts under a unified approach, the findings reveal that relying solely on control descriptions for mapping is fundamentally unreliable. Few sources of indeterminism were identified such as control relationships, variations in the granularity of control statements, divergent semantic interpretations of similar languages, and distinct organizational contexts assumed by each framework. In response to these challenges a structured mapping approach based on the Secure Controls Framework (SCF) methodology is proposed. By leveraging SCF’s modular architecture, where high-level objectives are systematically decomposed into granular control sets, organizations can streamline the alignment of multiple frameworks. Nonetheless, this paper underscores that no amount of automation can fully replace the need for expert judgment. Accurate and effective cross-framework compliance demands an expert to be present in conducting or validating the process. Automated tools based on Natural Language Processing (NLP) or Large Language Models (LLM) can be integrated to enhance consistency and efficiency but require fine tuning and human oversight to interpret intent, resolve ambiguities, and ensure that control mappings genuinely reflect an organization’s risk profile and operational realities.