THE INTERNATIONAL ORGANIZATION FOR STANDARDIZATION (ISO) & IEC (THE INTERNATIONAL ELECTROTECHNICAL COMMISSION) Q2-2022

  • The International Organization for Standardization (ISO)-ISO Framework
  • The ISO 27000 family of standards helps organizations keep information assets

Secure (Like NIST SP 800 Series).

  • ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS)( Like NIST RMF, SP -800-37)
  • Some to the standard:
    • 27001/17799 – Information security management-Requirements ( Like NIST RMF, SP -800-37)
    • 27002- Code of practice for information security controls (Like NIST SP 800-53)
    • 27004-Standard for information security management-Measurement/Security Metrics
    • 27005-Risk management(Like NIST SP 800- 30)
    • Under ISO company needs to conduct internal audit biannually(By own staff) and external audit ( by third party) annually
    • Link to ISO mapping to NIST SP 800-53 rev4
    • http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800_53_r4_appendix-h_draft_ipd.pdf