ISO 27001 and NIST CSF

Answer: NIST Cybersecurity Framework (NIST CSF) provides a policy framework for computer security, while ISO 27001 provides a framework for information protection. ISO 27001 uses a process approach and the PDCA cycle, while NIST CSF uses the approach Identify - Protect - Detect - Respond - Recover.

Since most information today flows in cyber environments, NIST CSF can be used to support many of the IT-related controls described in ISO 27001 Annex A. On the other hand, ISO 27001 management practices can help build, maintain and improve a cyber environment which relies on NIST CSF.

This article will provide you further explanation about ISO 27001 and NIST practices:
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
- How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
- ISO 27001 vs. ISO 27032 cybersecurity standard https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/