← Frameworks / LGPD + BCB 4893 / Control Mappings

LGPD (Lei Geral de Proteção de Dados) + BCB Resolution 4893/2021

Brazil's combined data protection and financial cybersecurity framework. LGPD (Law 13,709/2018) establishes comprehensive data protection principles, data subject rights, international transfer rules, and ANPD oversight. BCB Resolution 4893/2021 mandates cybersecurity policy, incident response and reporting, cloud governance, board accountability, and annual cybersecurity reporting for financial institutions regulated by the Banco Central do Brasil. Includes PIX instant payment security and Open Finance Brasil API requirements.

Controls: 125

Total Mappings: 307

Publisher: ANPD / Banco Central do Brasil Version: 2018/2021

LGPD + BCB 4893 → SP 800-53 SP 800-53 → LGPD + BCB 4893 Coverage Analysis

AC (10) AT (5) AU (10) CA (8) CM (5) CP (6) IA (4) IR (9) MA (1) MP (6) PE (3) PL (7) PM (11) PS (9) RA (10) SA (4) SC (8) SI (9)

AC Access Control

Control	Name	LGPD + BCB 4893 References
AC-01	Access Control Policies and Procedures	BCB.Art.2BCB.Art.3LGPD.Art.46LGPD.Art.50
AC-02	Account Management	BCB.Art.3BCB.PIXLGPD.Art.46
AC-03	Access Enforcement	BCB.Art.3BCB.OpenFinanceBCB.PIXLGPD.Art.11LGPD.Art.46
AC-04	Information Flow Enforcement	BCB.Art.13BCB.Art.14BCB.Art.3BCB.OpenFinanceBCB.PIXLGPD.Art.23-26LGPD.Art.33-36LGPD.Art.46
AC-05	Separation Of Duties	BCB.Art.3LGPD.Art.46
AC-06	Least Privilege	BCB.Art.3LGPD.Art.46LGPD.Art.6
AC-08	System Use Notification	LGPD.Art.9
AC-16	Automated Labeling	LGPD.Art.11
AC-17	Remote Access	BCB.PIXLGPD.Art.33-36
AC-20	Use Of External Information Systems	BCB.Art.11

AT Awareness and Training

Control	Name	LGPD + BCB 4893 References
AT-01	Security Awareness And Training Policy And Procedures	BCB.Art.2BCB.Art.4LGPD.Art.47LGPD.Art.50
AT-02	Security Awareness	BCB.Art.4LGPD.Art.47LGPD.Art.50
AT-03	Security Training	BCB.Art.4LGPD.Art.47
AT-05	Contacts With Security Groups And Associations	BCB.Art.4
AT-06	Training Feedback	BCB.Art.4LGPD.Art.50

AU Audit and Accountability

Control	Name	LGPD + BCB 4893 References
AU-01	Audit And Accountability Policy And Procedures	BCB.Art.18BCB.Art.2BCB.Art.20LGPD.Art.42-45LGPD.Art.46LGPD.Art.6
AU-02	Auditable Events	BCB.Art.20BCB.Art.6LGPD.Art.42-45LGPD.Art.6LGPD.Art.8
AU-03	Content Of Audit Records	BCB.Art.20LGPD.Art.42-45LGPD.Art.8
AU-04	Audit Storage Capacity	BCB.Art.20BCB.Art.9
AU-06	Audit Monitoring, Analysis, And Reporting	BCB.Art.6BCB.Art.8LGPD.Art.48
AU-07	Audit Reduction And Report Generation	BCB.Art.20
AU-09	Protection Of Audit Information	BCB.Art.15BCB.Art.20BCB.Art.3BCB.Art.9LGPD.Art.46
AU-10	Non-Repudiation	LGPD.Art.42-45
AU-11	Audit Record Retention	BCB.Art.20BCB.Art.9LGPD.Art.15-16
AU-16	Cross-Organizational Audit Logging	BCB.Art.15

CA Security Assessment and Authorization

Control	Name	LGPD + BCB 4893 References
CA-01	Certification, Accreditation, And Security Assessment Policies And Procedures	BCB.Art.2LGPD.Art.46LGPD.Art.50
CA-02	Security Assessments	BCB.Art.10BCB.Art.18BCB.Art.19LGPD.Art.37-38LGPD.Art.50
CA-03	Information System Connections	BCB.Art.11
CA-04	Security Certification	BCB.Art.10BCB.Art.19
CA-05	Plan Of Action And Milestones	BCB.Art.18BCB.Art.19LGPD.Art.50
CA-07	Continuous Monitoring	BCB.Art.10BCB.Art.19BCB.Art.6LGPD.Art.50
CA-08	Penetration Testing	BCB.Art.10
CA-09	Internal System Connections	BCB.Art.11

CM Configuration Management

Control	Name	LGPD + BCB 4893 References
CM-01	Configuration Management Policy And Procedures	BCB.Art.2LGPD.Art.46
CM-06	Configuration Settings	LGPD.Art.46
CM-08	Information System Component Inventory	BCB.Art.20
CM-12	Information Location	BCB.Art.13BCB.Art.14BCB.Art.20LGPD.Art.6
CM-13	Data Action Mapping	BCB.Art.20LGPD.Art.6

CP Contingency Planning

Control	Name	LGPD + BCB 4893 References
CP-01	Contingency Planning Policy And Procedures	BCB.Art.2BCB.Art.3
CP-02	Contingency Plan	BCB.Art.3
CP-06	Alternate Storage Site	BCB.Art.3
CP-07	Alternate Processing Site	BCB.Art.3
CP-09	Information System Backup	BCB.Art.3
CP-10	Information System Recovery And Reconstitution	BCB.Art.3

IA Identification and Authentication

Control	Name	LGPD + BCB 4893 References
IA-01	Identification And Authentication Policy And Procedures	BCB.Art.2BCB.Art.3LGPD.Art.46
IA-02	User Identification And Authentication	BCB.Art.3BCB.OpenFinanceBCB.PIXLGPD.Art.46
IA-05	Authenticator Management	BCB.Art.3BCB.OpenFinanceBCB.PIXLGPD.Art.46
IA-08	Identification and Authentication (Non-Organizational Users)	BCB.OpenFinanceBCB.PIX

IR Incident Response

Control	Name	LGPD + BCB 4893 References
IR-01	Incident Response Policy And Procedures	BCB.Art.2BCB.Art.5LGPD.Art.48
IR-02	Incident Response Training	BCB.Art.5
IR-03	Incident Response Testing And Exercises	BCB.Art.5
IR-04	Incident Handling	BCB.Art.5BCB.Art.5-SuppBCB.Art.6BCB.Art.7LGPD.Art.48LGPD.Art.49
IR-05	Incident Monitoring	BCB.Art.5BCB.Art.5-SuppBCB.Art.7LGPD.Art.48
IR-06	Incident Reporting	BCB.Art.5BCB.Art.8LGPD.Art.48LGPD.Art.49
IR-07	Incident Response Assistance	BCB.Art.5BCB.Art.7LGPD.Art.48
IR-08	Incident Response Plan	BCB.Art.5BCB.Art.5-SuppBCB.Art.8LGPD.Art.48
IR-09	Information Spillage Response	BCB.Art.7LGPD.Art.48

MA Maintenance

Control	Name	LGPD + BCB 4893 References
MA-01	System Maintenance Policy And Procedures	BCB.Art.2

MP Media Protection

Control	Name	LGPD + BCB 4893 References
MP-01	Media Protection Policy And Procedures	BCB.Art.2LGPD.Art.46
MP-02	Media Access	LGPD.Art.46
MP-03	Media Labeling	LGPD.Art.11
MP-04	Media Storage	LGPD.Art.46
MP-05	Media Transport	BCB.Art.14LGPD.Art.33-36
MP-06	Media Sanitization And Disposal	LGPD.Art.15-16

PE Physical and Environmental Protection

Control	Name	LGPD + BCB 4893 References
PE-01	Physical And Environmental Protection Policy And Procedures	BCB.Art.2LGPD.Art.46
PE-02	Physical Access Authorizations	LGPD.Art.46
PE-03	Physical Access Control	LGPD.Art.46

PL Planning

Control	Name	LGPD + BCB 4893 References
PL-01	Security Planning Policy And Procedures	BCB.Art.2LGPD.Art.50LGPD.BCB.Integration
PL-02	System Security Plan	LGPD.Art.37-38LGPD.Art.50LGPD.BCB.Integration
PL-04	Rules Of Behavior	BCB.Art.4LGPD.Art.47LGPD.Art.50
PL-05	Privacy Impact Assessment	LGPD.Art.37-38
PL-09	Central Management	BCB.Art.17BCB.Art.2LGPD.Art.50LGPD.BCB.Integration
PL-10	Baseline Selection	BCB.Art.3-Supp
PL-11	Baseline Tailoring	BCB.Art.3-Supp

PM Program Management

Control	Name	LGPD + BCB 4893 References
PM-01	Information Security Program Plan	BCB.Art.17BCB.Art.2LGPD.Art.50LGPD.BCB.Integration
PM-02	Information Security Program Leadership Role	BCB.Art.17BCB.Art.17-SuppLGPD.Art.41
PM-04	Plan of Action and Milestones Process	BCB.Art.19BCB.Art.5LGPD.Art.49
PM-05	System Inventory	BCB.Art.20
PM-06	Measures of Performance	BCB.Art.18BCB.Art.19
PM-07	Enterprise Architecture	BCB.Art.3-Supp
PM-08	Critical Infrastructure Plan	BCB.Art.11BCB.Art.16
PM-09	Risk Management Strategy	BCB.Art.17BCB.Art.2BCB.Art.3-SuppLGPD.Art.50LGPD.BCB.Integration
PM-11	Mission and Business Process Definition	BCB.Art.3-Supp
PM-13	Security and Privacy Workforce	BCB.Art.4
PM-14	Testing, Training, and Monitoring	BCB.Art.10BCB.Art.19BCB.Art.4LGPD.Art.50

PS Personnel Security

Control	Name	LGPD + BCB 4893 References
PS-01	Personnel Security Policy And Procedures	BCB.Art.2LGPD.Art.47
PS-02	Position Categorization	LGPD.Art.47
PS-03	Personnel Screening	LGPD.Art.47
PS-04	Personnel Termination	LGPD.Art.47
PS-05	Personnel Transfer	LGPD.Art.47
PS-06	Access Agreements	LGPD.Art.47
PS-07	Third-Party Personnel Security	LGPD.Art.47
PS-08	Personnel Sanctions	LGPD.Art.47
PS-09	Position Descriptions	BCB.Art.17BCB.Art.17-SuppLGPD.Art.41LGPD.Art.47

RA Risk Assessment

Control	Name	LGPD + BCB 4893 References
RA-01	Risk Assessment Policy And Procedures	BCB.Art.2BCB.Art.3-SuppLGPD.Art.37-38LGPD.Art.50LGPD.BCB.Integration
RA-02	Security Categorization	BCB.Art.5-Supp
RA-03	Risk Assessment	BCB.Art.12BCB.Art.18BCB.Art.3-SuppLGPD.Art.10LGPD.Art.37-38LGPD.BCB.Integration
RA-04	Risk Assessment Update	BCB.Art.18BCB.Art.19
RA-05	Vulnerability Scanning	BCB.Art.10BCB.Art.19BCB.Art.6
RA-06	Technical Surveillance Countermeasures Survey	BCB.Art.10
RA-07	Risk Response	BCB.Art.3-Supp
RA-08	Privacy Impact Assessments	LGPD.Art.10LGPD.Art.37-38
RA-09	Criticality Analysis	BCB.Art.12BCB.Art.3-SuppBCB.Art.5-Supp
RA-10	Threat Hunting	BCB.Art.6

SA System and Services Acquisition

Control	Name	LGPD + BCB 4893 References
SA-01	System And Services Acquisition Policy And Procedures	BCB.Art.2
SA-04	Acquisitions	BCB.Art.11BCB.Art.11-SuppBCB.Art.12BCB.Art.16
SA-09	External Information System Services	BCB.Art.11BCB.Art.11-SuppBCB.Art.12BCB.Art.13BCB.Art.14BCB.Art.15BCB.Art.16BCB.OpenFinanceLGPD.Art.23-26LGPD.Art.33-36
SA-11	Developer Security Testing	BCB.Art.10

SC System and Communications Protection

Control	Name	LGPD + BCB 4893 References
SC-01	System And Communications Protection Policy And Procedures	BCB.Art.2
SC-07	Boundary Protection	BCB.Art.13BCB.Art.3BCB.OpenFinanceBCB.PIXLGPD.Art.46
SC-08	Transmission Integrity	BCB.Art.14BCB.Art.3BCB.OpenFinanceBCB.PIXLGPD.Art.33-36LGPD.Art.46
SC-12	Cryptographic Key Establishment And Management	BCB.Art.3BCB.PIXLGPD.Art.46
SC-13	Use Of Cryptography	BCB.Art.3BCB.OpenFinanceBCB.PIXLGPD.Art.46
SC-23	Session Authenticity	BCB.OpenFinanceBCB.PIX
SC-24	Fail in Known State	BCB.Art.7
SC-28	Protection of Information at Rest	BCB.Art.3LGPD.Art.11LGPD.Art.46

SI System and Information Integrity

Control	Name	LGPD + BCB 4893 References
SI-01	System And Information Integrity Policy And Procedures	BCB.Art.2BCB.Art.3LGPD.Art.46
SI-02	Flaw Remediation	BCB.Art.3BCB.Art.6LGPD.Art.46
SI-03	Malicious Code Protection	BCB.Art.3LGPD.Art.46
SI-04	Information System Monitoring Tools And Techniques	BCB.Art.3BCB.Art.6BCB.Art.7BCB.PIXLGPD.Art.46
SI-05	Security Alerts And Advisories	BCB.Art.6
SI-07	Software And Information Integrity	BCB.Art.3LGPD.Art.46
SI-10	Information Accuracy, Completeness, Validity, And Authenticity	BCB.PIX
SI-12	Information Output Handling And Retention	BCB.Art.20BCB.Art.9LGPD.Art.15-16
SI-18	Personally Identifiable Information Quality Operations	LGPD.Art.17-18LGPD.Art.6