Are templates mapped with NIST and CIS 20 requirements
I have a question regarding the policies and standards that will be customised. Is the template are mapped with NIST and CIS 20 requirements?
Assign topic to the user
By your question, I’m assuming you are referring to templates of the ISO 27001 Documentation Toolkit.
Considering that, these templates are developed considering the requirements of ISO 27001 standard, so there is no available mapping to NIST and CIS 20 requirements.
However, included in the toolkit there is a List of documents file that shows which clauses and controls of the standard are covered by each template. Additionally, NIST documents already have annexes that identify the relations between their requirements and ISO 27001 requirements (e.g., NIST 800-171 Annex D and NIST 800-53 Annex H).
As for CIS 20, most of its controls can be related to ISO 27001 Annex A controls (e.g., CIS control “Inventory and Control of Hardware Assets” can be related to ISO 27001 controls “A.8.1.1 Inventory of assets” and “A.8.1.2 Ownership of assets”).
These articles will provide you a further explanation:
- How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
These materials will also help you regarding ISO 27001:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
Comment as guest or Sign in
Jan 20, 2021