richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Vault restructure

Browse source
This commit is contained in:
Richard Kranendonk 2026-04-23 11:51:51 +02:00
parent d45797d121
commit ff77508bd1
1433 changed files with 415450 additions and 1201 deletions
Download patch file Download diff file Expand all files Collapse all files

32
Corpus/Standards/NIST/NIST vs ISO 27001.md Normal file
View file

@ -0,0 +1,32 @@
---
reviewdate: 2024-09-09
---
See also:
- [NIST vs ISO 27001 ChatGPT](NIST%20vs%20ISO%2027001%20ChatGPT.md)
**Target organizations**
NIST CSF provides a high-level scope and flexible framework any organization can use to build an information security program. In contrast, NIST 800-53 is a special publication designed to help implement NIST CSF in private businesses that work with the US federal government.
NIST 800-53 includes both NIST CSF and ISO 27002 requirements, as well as many others, making NIST 800-53 one of the most granular cybersecurity frameworks available.
**Similarities**
ISO 27001 and NIST CSF are complementary frameworks based on similar risk management processes:
- Identify risks to the organizations information
- Implement controls appropriate to the risk
- Monitor their performance
There are many other overlaps between the two security frameworks. In fact, an organization that holds an ISO 27001 certification has already met about 83% of its NIST CSF requirements. Conversely, an organization thats NIST CSF compliant is already 61% of the way to the ISO 27001 finish line.
### **Key differences: NIST Framework vs. ISO 27001** 
| | |
| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ |
| **NIST Framework** | **ISO 27001** |
| NIST was primarily created to help US federal agencies and organizations better manage their risk | ISO 27001 is an internationally recognised method of creating and managing an Information Security Management System |
| Consists of various control catalogs - 5 functions, 21 categories & 78 sub categories | Consists of an Annex A that has 14 Control Domains, with 114 total controls |
| Made up of three main sections; Framework Core, Implementation Tiers & Profiles. Each Core Function consists of categories that are required to be completed for that function to be considered fulfilled. | Utilises a risk-based management that consists of recommendations on how best to secure information in the organization. |
| Has voluntary self-assessment and self-compliance. | Relies on independent audit and certification bodies. Organizations will get a certification on completion. |
| Uses five main functions to customise cybersecurity controls | Has 10 clauses to guide an organization through their Information Security Management System |