THE INTERNATIONAL ORGANIZATION FOR STANDARDIZATION (ISO) & IEC (THE INTERNATIONAL ELECTROTECHNICAL COMMISSION) Q2-2022

• The International Organization for Standardization (ISO)-ISO Framework
• The ISO 27000 family of standards helps organizations keep information assets

Secure (Like NIST SP 800 Series).

• ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS)( Like NIST RMF, SP -800-37)
• Some to the standard:
  • 27001/17799 – Information security management-Requirements ( Like NIST RMF, SP -800-37)
  • 27002- Code of practice for information security controls (Like NIST SP 800-53)
  • 27004-Standard for information security management-Measurement/Security Metrics
  • 27005-Risk management(Like NIST SP 800- 30)
  • 27799-Information security management in health using ISO/IEC 27002http://www.iso.org/iso/home/standards/management- standards/iso27001.htm
  • Under ISO company needs to conduct internal audit biannually(By own staff) and external audit ( by third party) annually
  • Link to ISO mapping to NIST SP 800-53 rev4
  • http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800_53_r4_appendix-h_draft_ipd.pdf