The content of the “NIST CSF 2.0 to ISO 27002:2022 Annexure A Mapping” post by Razilio details their effort to create a comprehensive mapping between the updated NIST Cybersecurity Framework (CSF) version 2.0 and the ISO 27001:2022 standard’s Annexure A controls. This initiative was driven by the absence of an existing reliable mapping despite extensive searches and attempts with AI tools like ChatGPT and Gemini, which resulted in inaccuracies. The post provides the completed mapping as a resource for others conducting similar assessments, with disclaimers to use it at their own discretion and evaluate its completeness. Additionally, the post acknowledges contributions from several team members and mentions updates made in 2024 and 2025 to improve and align the mapping according to evolving requirements.
Publication's URL
https://www.razil.io/post/nist-csf-2-0-to-iso-27001-2022-annexure-a-mappingAdditional documents on this topic
- CIS Controls v8.1 Mapping to NIST CSF 2.0
- CRI Cyber Risk Institute Profile for Financial Sector v2.1 ★★★★★
- NIST IR 8374 Rev. 1 Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile
- COMPLIANCE FORGE Secure Controls Framework (SCF) Control Mapping ★★★★★
- NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile ★★★★★