This mapping illustrates the correspondence between the primary NIST and ISO standards:
| NIST | ISO | Purpose |
|---|---|---|
| NIST CSF v2.0 | ISO/IEC 27001 | Framework for managing and reducing cybersecurity risk; provides structure for protecting information assets. |
| NIST SP 800-53 | ISO/IEC 27002 | Specifies security controls for federal systems; supports implementation of an information security management system. |
| NIST SP 800-37 | ISO/IEC 27005 | Provides risk management framework for integrating security and privacy throughout the system life cycle. |
| NIST SP 800-30 | ISO/IEC 27005 | Guide for conducting risk assessments of information systems. |
| NIST SP 800-34 | ISO/IEC 22301 | Contingency planning guide for federal information systems; business continuity management. |
| NIST SP 800-61 | ISO/IEC 27035 | Computer security incident handling guide; incident management. |
| NIST SP 800-115 | ISO/IEC 27007 | Technical guide to information security testing and assessment; audit and review processes. |
| NIST SP 800-171 | ISO/IEC 27018 | Protecting controlled unclassified information in nonfederal systems; cloud privacy for personal data. |
| NIST SP 800-88 | ISO/IEC 27040 | Guidelines for media sanitization; storage security. |
| NIST SP 800-82 | ISO/IEC 62443 | Guide to industrial control systems (ICS) security; industrial automation security. |
| NIST SP 800-63 | ISO/IEC 29115 | Digital identity guidelines; entity authentication assurance. |
| NIST SP 800-53A | ISO/IEC 27004 | Guide for assessing security controls; information security measurement. |
| NIST SP 800-39 | ISO/IEC 27005 | Managing information security risk; risk management. |
| NIST SP 800-40 | ISO/IEC 27002 | Guide to enterprise patch management technologies; operational controls. |
| NIST SP 800-41 | ISO/IEC 27033 | Guidelines on firewalls and firewall policy; network security. |
| NIST SP 800-44 | ISO/IEC 27033 | Guidelines on securing public web servers; network security. |
| NIST SP 800-45 | ISO/IEC 27033 | Guidelines on email server security; network security. |
| NIST SP 800-46 | ISO/IEC 27033 | Guide to enterprise telework, remote access, and BYOD security; network security. |
| NIST SP 800-47 | ISO/IEC 27031 | Security guide for interconnecting information technology systems; ICT readiness for business continuity. |
| NIST SP 800-48 | ISO/IEC 27033 | Wireless network security guidelines; network security. |
| NIST SP 800-53B | ISO/IEC 27002 | Control baselines for information systems and organizations; security controls. |
| NIST SP 800-55 | ISO/IEC 27004 | Performance measurement guide for information security; measurement and metrics. |
| NIST SP 800-57 | ISO/IEC 11770 | Recommendation for key management; cryptographic protocols. |
| NIST SP 800-61r2 | ISO/IEC 27035 | Computer security incident handling guide; incident response. |
| NIST SP 800-64 | ISO/IEC 27034 | Security considerations in the system development life cycle; application security. |
| NIST SP 800-83 | ISO/IEC 27036 | Malware incident prevention and handling; supplier relationships. |
| NIST SP 800-86 | ISO/IEC 27037 | Guide to integrating forensic techniques into incident response; digital evidence. |
| NIST SP 800-94 | ISO/IEC 27035 | Guide to intrusion detection and prevention systems (IDPS); incident management. |
| NIST SP 800-115 | ISO/IEC 27007 | Technical guide to information security testing and assessment; audit and review. |
| NIST SP 800-122 | ISO/IEC 29134 | Guide to protecting the confidentiality of personally identifiable information (PII); privacy impact assessment. |
| NIST SP 800-137 | ISO/IEC 27001 / 27004 | Information security continuous monitoring (ISCM) for federal systems; continuous improvement and measurement. |