Expert Advice Community

Guest

ISO 27001 and NIST RMF

  Quote
Guest
Guest user Created:   Oct 16, 2017 Last commented:   Oct 16, 2017

ISO 27001 and NIST RMF

Are ISO 27001's Risk Management process and NIST's RMF (Risk Management Framework) similar?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 16, 2017

Answer: Although ISO 27001 does not prescribe any methodology for risk management, its requirements for risk assessment and treatment can be fulfilled by NIST's RMF (it is not a question whether they are similar or not, but that RMF is a framework that fits ISO 27001 very nice).

These articles will provide you further explanation about ISO 27001 and NIST practices:
- How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/

These materials will also help you regarding ISO 27001 risk management:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Th e basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 16, 2017

Oct 16, 2017