Skip to content
Home / Cyber Security Governance Guidelines

NIST – ISO Standards Comprehensive Mapping

This mapping illustrates the correspondence between the primary NIST and ISO standards:

NISTISOPurpose
NIST CSF v2.0ISO/IEC 27001Framework for managing and reducing cybersecurity risk; provides structure for protecting information assets.
NIST SP 800-53ISO/IEC 27002Specifies security controls for federal systems; supports implementation of an information security management system.
NIST SP 800-37ISO/IEC 27005Provides risk management framework for integrating security and privacy throughout the system life cycle.
NIST SP 800-30ISO/IEC 27005Guide for conducting risk assessments of information systems.
NIST SP 800-34ISO/IEC 22301Contingency planning guide for federal information systems; business continuity management.
NIST SP 800-61ISO/IEC 27035Computer security incident handling guide; incident management.
NIST SP 800-115ISO/IEC 27007Technical guide to information security testing and assessment; audit and review processes.
NIST SP 800-171ISO/IEC 27018Protecting controlled unclassified information in nonfederal systems; cloud privacy for personal data.
NIST SP 800-88ISO/IEC 27040Guidelines for media sanitization; storage security.
NIST SP 800-82ISO/IEC 62443Guide to industrial control systems (ICS) security; industrial automation security.
NIST SP 800-63ISO/IEC 29115Digital identity guidelines; entity authentication assurance.
NIST SP 800-53AISO/IEC 27004Guide for assessing security controls; information security measurement.
NIST SP 800-39ISO/IEC 27005Managing information security risk; risk management.
NIST SP 800-40ISO/IEC 27002Guide to enterprise patch management technologies; operational controls.
NIST SP 800-41ISO/IEC 27033Guidelines on firewalls and firewall policy; network security.
NIST SP 800-44ISO/IEC 27033Guidelines on securing public web servers; network security.
NIST SP 800-45ISO/IEC 27033Guidelines on email server security; network security.
NIST SP 800-46ISO/IEC 27033Guide to enterprise telework, remote access, and BYOD security; network security.
NIST SP 800-47ISO/IEC 27031Security guide for interconnecting information technology systems; ICT readiness for business continuity.
NIST SP 800-48ISO/IEC 27033Wireless network security guidelines; network security.
NIST SP 800-53BISO/IEC 27002Control baselines for information systems and organizations; security controls.
NIST SP 800-55ISO/IEC 27004Performance measurement guide for information security; measurement and metrics.
NIST SP 800-57ISO/IEC 11770Recommendation for key management; cryptographic protocols.
NIST SP 800-61r2ISO/IEC 27035Computer security incident handling guide; incident response.
NIST SP 800-64ISO/IEC 27034Security considerations in the system development life cycle; application security.
NIST SP 800-83ISO/IEC 27036Malware incident prevention and handling; supplier relationships.
NIST SP 800-86ISO/IEC 27037Guide to integrating forensic techniques into incident response; digital evidence.
NIST SP 800-94ISO/IEC 27035Guide to intrusion detection and prevention systems (IDPS); incident management.
NIST SP 800-115ISO/IEC 27007Technical guide to information security testing and assessment; audit and review.
NIST SP 800-122ISO/IEC 29134Guide to protecting the confidentiality of personally identifiable information (PII); privacy impact assessment.
NIST SP 800-137ISO/IEC 27001 / 27004Information security continuous monitoring (ISCM) for federal systems; continuous improvement and measurement.