NIST CSF, ISO 27002 and PCI

Answer: I'm assuming that for PCI you are referring to PCI-DSS. Considering that:

NIST Cyber Security Framework (CFS) gives you a methodology on how to implement information security or cybersecurity in an organization (in this point it is quite similar to ISO 27001, the ISO standard for Information security management systems).

ISO 27002 is a standard that provides guidelines and recommendations for the implementation of the controls listed on ISO 27001. It differs from NIST CSF in the point it does not establish a system methodology, only practices to be considered when implementing individual controls.

PCI DSS is a standard of data security for the credit card industry, providing a group of mandatory controls to be implemented by organizations that work with credit cards. Like ISO 27002 it does not define a methodology.

These articles will provide you further explanation about CSF, ISO 27002 and PCI:
- Which one to go with – Cybersecurity Framewo rk or ISO 27001? https://advisera.com/27001academy/blog/2014/02/24/which-one-to-go-with-cybersecurity-framework-or-iso-27001/
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
- PCI-DSS vs. ISO 27001 Part 1 – Similarities and Differences https://advisera.com/27001academy/knowledgebase/pci-dss/