ISO 27001 and NIST 800
How does ISO 27001 complement or conflict with NIST 800?
Assign topic to the user
First, let's understand both NIST and ISO 27001:
- NIST SP-800 series of documents provide detailed information about processes to select and implement controls for computer security
- ISO 27001 provides general requirements for the implementation, operation, control, and improvement of a management system to protect the information, regardless of the environment where it is (e.g., physical reports or digital databases). ISO 27001 provides protection through the selection of security controls described in Annex A, as well other controls that can be added by the organization.
Considering that, you can use the ISO 27001 to implement the overall approach to protect the information, and after the identification of controls, you can use the NIST documents to implement the details for each control. For example, you can use information from SP 800-53 control for contingency plan testing to implement the Disaster Recovery Plan template.
These articles will provide you a further explanation about ISO 27001 and NIST:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
Comment as guest or Sign in
Mar 16, 2021