ISO 27001 map to NIST
Assign topic to the user
Any thoughts or advice would be appreciated including your products or services that would be most helpful, including the below.
https://advisera.com/27001academy/iso-27001-documentation-toolkit/
https://advisera.com/books/iso-27001-annex-controls-plain-english/
https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
Answer:
Considering your demand, I suggest you the ISO 27001 Documentation Toolkit. The templates are almost 80% complete, with comment about hat must be kept and what can be adjusted according your needs.
NIST 800-53 already has a map of its controls to ISO 27001 standard (Annex H), that can help you identify which controls need to be adjusted considering our templates.
NIST CSF and ISO 27001 are closely related, in a sense that they complement each other (CSF provides a structu red framework for controls implementation while ISO 27001 provides a worldwide recognized management framework to ensure the controls pertinence, efficiency and effectiveness), and since CSF controls are mostly based on NIST 880-53 you also can use these to make adjustments on the templates content.
About NYS DFS 500 and GLBA, unfortunately we do not have sufficient information to provide additional guidance.
These article will provide you further explanation about integrating ISO 27001 and NIST practices:
- How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
- Which one to go with – Cybersecurity Framework or ISO 27001? https://advisera.com/27001academy/blog/2014/02/24/which-one-to-go-with-cybersecurity-framework-or-iso-27001/
Comment as guest or Sign in
Nov 21, 2018