Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

ISO 27001 Vs NIST

Monica Created:   Mar 27, 2023 Last commented:   Mar 29, 2023

ISO 27001 Vs NIST

What are the main diffrences between ISO 27001 and NIST? How can I know what is best for any organization?

Assign topic to the user


Step-by-step implementation for smaller companies.


Step-by-step implementation for smaller companies.

Rhand Leal Mar 29, 2023

Generally speaking:

  • ISO 27001 provides general requirements for the implementation, operation, control, and improvement of a management system to protect the information, regardless of the environment where it is (e.g., physical reports or digital databases).
  • ISO 27001 provides protection through the selection of security controls described in Annex A, as well as other controls that can be added by the organization.
  • NIST SP-800 series of documents provide detailed information about processes to select and implement controls for computer security.

Considering that, you can use ISO 27001 to implement the overall approach to protect the information, and after the identification of controls that can be related to NIST documents, you can use the NIST documents to implement the details for each control. For example, you can use information from SP 800-53 control for contingency plan testing to implement the Disaster Recovery Plan template.

Regarding how to know which one is best for your organization, you should first study information security regulations in the countries you operate in to evaluate whether 27001 or NIST is closer to the requirements you need to fulfill. For example, in most European countries 27001 is more appropriate.

These articles will provide you with further explanation about ISO 27001 and NIST:

0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 27, 2023

Mar 29, 2023

Suggested Topics