0% found this document useful (0 votes)

209 views31 pages

NIST CSF Vs ISO

The document outlines functions, categories, and subcategories for cybersecurity controls. It describes identifying assets, risks, and managing supply chain risks. It also establishes governance and risk management processes. Each control includes a reference to relevant sections in the ISO 27001 standard and notes any gaps between the control and the standard.

Uploaded by

rajashi.shome

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

209 views31 pages

NIST CSF Vs ISO

Uploaded by

rajashi.shome

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

You are on page 1/ 31

Function Category Subcategory

IDENTIFY Asset Management (ID.AM): ID.AM-1: Physical devices and systems

(ID) The data, personnel, devices, within the organization are inventoried
systems, and facilities that enable
the organization to achieve
business purposes are identified
and managed consistent with their
relative importance to
organizational objectives and the
organization’s risk strategy.

ID.AM-2: Software platforms and

applications within the organization are
inventoried
ID.AM-3: Organizational communication
and data flows are mapped
ID.AM-4: External information systems
are catalogued
ID.AM-5: Resources (e.g., hardware,
devices, data, time, personnel, and
software) are prioritized based on their
classification, criticality, and business
value

ID.AM-6: Cybersecurity roles and responsibilities for the entire

workforce and third-party stakeholders (e.g., suppliers,
customers, partners) are established

Business Environment (ID.BE): ID.BE-1: The organization’s role in the

The organization’s mission, supply chain is identified and
objectives, stakeholders, and communicated
activities are understood and
prioritized; this information is
used to inform cybersecurity
roles, responsibilities, and risk
management decisions

ID.BE-2: The organization’s place in

critical infrastructure and its industry sector
is identified and communicated
ID.BE-3: Priorities for organizational
mission, objectives, and activities are
established and communicated
ID.BE-4: Dependencies and critical
functions for delivery of critical services
are established
ID.BE-5: Resilience requirements to
support delivery of critical services are
established for all operating states (e.g.
under duress/attack, during recovery,
normal operations)

Governance (ID.GV): The policies, ID.GV-1: Organizational cybersecurity

procedures, and policy is established and communicated
processes to manage and monitor
the organization’s regulatory,
legal, risk, environmental, and
operational requirements are
understood and inform the
management of cybersecurity
risk.

ID.GV-2: Cybersecurity roles and

responsibilities are coordinated and aligned
with internal roles and external partners
ID.GV-3: Legal and regulatory
requirements regarding cybersecurity,
including privacy and civil liberties
obligations, are understood and managed

ID.GV-4: Governance and risk

management processes address
cybersecurity risks
Risk Assessment (ID.RA): The ID.RA-1: Asset vulnerabilities are
organization understands the identified and documented
cybersecurity risk to
organizational operations ID.RA-2: Cyber threat intelligence is
(including mission, functions, received from information sharing forums
image, or reputation), and sources
organizational assets, and
individuals. ID.RA-3: Threats, both internal and
external, are identified and documented
ID.RA-4: Potential business impacts and
likelihoods are identified
ID.RA-5: Threats, vulnerabilities,
likelihoods, and impacts are used to
determine risk
ID.RA-6: Risk responses are identified and
prioritized
Risk Management Strategy ID.RM-1: Risk management processes are
(ID.RM): The organization’s established, managed, and agreed to by
priorities, constraints, risk organizational stakeholders
tolerances, and assumptions are
established and used to support
operational risk decisions.

ID.RM-2: Organizational risk tolerance is

determined and clearly expressed
operational risk decisions.

ID.RM-3: The organization’s

determination of risk tolerance is informed
by its role in critical infrastructure and
sector specific risk analysis

Supply Chain Risk ID.SC-1: Cyber supply chain risk

Management (ID.SC): management processes are identified,
The organization’s priorities, established, assessed, managed, and agreed
constraints, risk tolerances, and to by organizational stakeholders
assumptions are established and
used to support risk decisions
associated with managing supply
chain risk. The organization has
established and implemented the
processes to identify, assess and
manage supply chain risks.
ID.SC-2: Suppliers and third party partners
of information systems, components, and
services are identified, prioritized, and
assessed using a cyber supply chain risk
assessment process

ID.SC-3: Contracts with suppliers and

third-party partners are used to implement
appropriate measures designed to meet the
objectives of an organization’s
cybersecurity program and Cyber Supply
Chain Risk Management Plan.

ID.SC-4: Suppliers and third-party partners

are routinely assessed using audits, test
results, or other forms of evaluations to
confirm they are meeting their contractual
obligations.
ISO 27001 Reference GAP with ISO 27001
ISO/IEC 27001:2013 A.8.1.1, A.8.1.2

ISO/IEC 27001:2013 A.8.1.1, A.8.1.2, A.12.5.1

ISO/IEC 27001:2013 A.13.2.1, A.13.2.2

ISO/IEC 27001:2013 A.11.2.6

ISO/IEC 27001:2013 A.8.2.1

ISO/IEC 27001:2013 A.6.1.1

ISO/IEC 27001:2013 A.15.1.1, A.15.1.2,

A.15.1.3, A.15.2.1, A.15.2.2

ISO/IEC 27001:2013 Clause 4.1

Not in ISO 27001:2013

ISO/IEC 27001:2013 A.11.2.2, A.11.2.3,

A.12.1.3
ISO/IEC 27001:2013 A.11.1.4, A.17.1.1,
A.17.1.2, A.17.2.1

ISO/IEC 27001:2013 A.5.1.1

ISO/IEC 27001:2013 A.6.1.1, A.7.2.1, A.15.1.1

ISO/IEC 27001:2013 A.18.1.1, A.18.1.2,

A.18.1.3, A.18.1.4, A.18.1.5

ISO/IEC 27001:2013 Clause 6

ISO/IEC 27001:2013 A.12.6.1, A.18.2.3

ISO/IEC 27001:2013 A.6.1.4

ISO/IEC 27001:2013 Clause 6.1.2

ISO/IEC 27001:2013 A.16.1.6, Clause 6.1.2

ISO/IEC 27001:2013 A.12.6.1

ISO/IEC 27001:2013 Clause 6.1.3

ISO/IEC 27001:2013 Clause 6.1.3, Clause 8.3,

Clause 9.3

ISO/IEC 27001:2013 Clause 6.1.3, Clause 8.3

ISO/IEC 27001:2013 A.15.1.1, A.15.1.2,

A.15.1.3, A.15.2.1, A.15.2.2

ISO/IEC 27001:2013 A.15.2.1, A.15.2.2

ISO/IEC 27001:2013 A.15.1.1, A.15.1.2,

A.15.1.3

ISO/IEC 27001:2013 A.15.2.1, A.15.2.2

Function Category
PROTECT (PR) Identity Management,
Authentication and Access
Control (PR.AC): Access to
physical and logical assets and
associated facilities is limited to
authorized users, processes, and
devices, and is managed
consistent with the assessed risk
of unauthorized access to
authorized activities and
transactions.

Awareness and Training

(PR.AT): The organization’s
personnel and partners are
provided cybersecurity awareness
education and are trained to
perform their cybersecurity-
related duties and responsibilities
consistent with related policies,
procedures, and agreements.
Data Security (PR.DS):
Information and records (data) are
managed consistent with the
organization’s risk strategy to
protect the confidentiality,
integrity, and availability of
information.
Information Protection
Processes and Procedures
(PR.IP): Security policies (that
address purpose, scope, roles,
responsibilities, management
commitment, and coordination
among organizational entities),
processes, and procedures are
maintained and used to manage
protection of information systems
and assets.
Maintenance (PR.MA):
Maintenance and repairs of
industrial control and information
system components are
performed
consistent with policies and
procedures.
Protective Technology (PR.PT):
Technical security solutions are
managed to ensure the security
and resilience of systems and
assets, consistent with related
policies, procedures, and
agreements.
Subcategory ISO 27001 Reference
PR.AC-1: Identities and credentials are ISO/IEC 27001:2013 A.9.2.1,
issued, managed, verified, revoked, and A.9.2.2, A.9.2.3,
audited for authorized devices, users and A.9.2.4, A.9.2.6, A.9.3.1, A.9.4.2,
processes A.9.4.3

PR.AC-2: Physical access to assets is ISO/IEC 27001:2013 A.11.1.1,

managed and protected A.11.1.2,
A.11.1.3, A.11.1.4, A.11.1.5,
A.11.1.6, A.11.2.1,
A.11.2.3, A.11.2.5, A.11.2.6,
A.11.2.7, A.11.2.8

PR.AC-3: Remote access is managed ISO/IEC 27001:2013 A.6.2.1,

A.6.2.2, A.11.2.6,
A.13.1.1, A.13.2.1
PR.AC-4: Access permissions and ISO/IEC 27001:2013 A.6.1.2,
authorizations are managed, incorporating A.9.1.2, A.9.2.3,
the principles of least privilege and A.9.4.1, A.9.4.4, A.9.4.5
separation of duties

PR.AC-5: Network integrity is protected ISO/IEC 27001:2013 A.13.1.1,

(e.g., network segregation, network A.13.1.3,
segmentation) A.13.2.1, A.14.1.2, A.14.1.3
PR.AC-6: Identities are proofed and bound ISO/IEC 27001:2013, A.7.1.1,
to credentials and asserted in interactions A.9.2.1

PR.AC-7: Users, devices, and other assets ISO/IEC 27001:2013 A.9.2.1,

are authenticated (e.g., single-factor, multi-factor) commensurate with A.9.2.4, A.9.3.1,
the risk of the A.9.4.2, A.9.4.3, A.18.1.4
transaction (e.g., individuals’ security and
privacy risks and other organizational
risks)

PR.AT-1: All users are informed and ISO/IEC 27001:2013 A.7.2.2,

trained A.12.2.1

PR.AT-2: Privileged users understand their ISO/IEC 27001:2013 A.6.1.1,

roles and responsibilities A.7.2.2
PR.AT-3: Third-party stakeholders (e.g., ISO/IEC 27001:2013 A.6.1.1,
suppliers, customers, partners) understand A.7.2.1, A.7.2.2
their roles and responsibilities
PR.AT-4: Senior executives understand ISO/IEC 27001:2013 A.6.1.1,
their roles and responsibilities A.7.2.2
PR.AT-5: Physical and cybersecurity ISO/IEC 27001:2013 A.6.1.1,
personnel understand their roles and A.7.2.2
responsibilities
PR.DS-1: Data-at-rest is protected ISO/IEC 27001:2013 A.8.2.3

PR.DS-2: Data-in-transit is protected ISO/IEC 27001:2013 A.8.2.3,

A.13.1.1, A.13.2.1,
A.13.2.3, A.14.1.2, A.14.1.3
PR.DS-3: Assets are formally managed ISO/IEC 27001:2013 A.8.2.3,
throughout removal, transfers, and A.8.3.1, A.8.3.2,
disposition A.8.3.3, A.11.2.5, A.11.2.7
PR.DS-4: Adequate capacity to ensure ISO/IEC 27001:2013 A.12.1.3,
availability is maintained A.17.2.1
PR.DS-5: Protections against data leaks ISO/IEC 27001:2013 A.6.1.2,
are implemented A.7.1.1, A.7.1.2,
A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1,
A.9.1.2, A.9.2.3,
A.9.4.1, A.9.4.4, A.9.4.5, A.10.1.1,
A.11.1.4,

A.11.1.5, A.11.2.1, A.13.1.1,

A.13.1.3, A.13.2.1,
A.13.2.3, A.13.2.4, A.14.1.2,
A.14.1.3
NIST SP 800-53 Rev. 4 AC-4, AC-5,
AC-6, PE-19, PS-3, PS-6, SC-7, SC-8,
SC-13, SC-31, SI-4

PR.DS-6: Integrity checking mechanisms CIS CSC 2, 3

are used to verify software, firmware, and COBIT 5 APO01.06, BAI06.01,
information integrity DSS06.02
ISA 62443-3-3:2013 SR 3.1, SR 3.3,
SR 3.4, SR
3.8
ISO/IEC 27001:2013 A.12.2.1,
A.12.5.1,
A.14.1.2, A.14.1.3, A.14.2.4
NIST SP 800-53 Rev. 4 SC-16, SI-7
PR.DS-7: The development and testing CIS CSC 18, 20
environment(s) are separate from the COBIT 5 BAI03.08, BAI07.04
production environment ISO/IEC 27001:2013 A.12.1.4
NIST SP 800-53 Rev. 4 CM-2

PR.DS-8: Integrity checking mechanisms COBIT 5 BAI03.05

are used to verify hardware integrity ISA 62443-2-1:2009 4.3.4.4.4
ISO/IEC 27001:2013 A.11.2.4
NIST SP 800-53 Rev. 4 SA-10, SI-7

PR.IP-1: A baseline configuration of CIS CSC 3, 9, 11

information technology/industrial control COBIT 5 BAI10.01, BAI10.02,
systems is created and maintained BAI10.03,
incorporating security principles (e.g. BAI10.05
concept of least functionality) ISA 62443-2-1:2009 4.3.4.3.2,
4.3.4.3.3
ISA 62443-3-3:2013 SR 7.6
ISO/IEC 27001:2013 A.12.1.2,
A.12.5.1,
A.12.6.2, A.14.2.2, A.14.2.3,
A.14.2.4
NIST SP 800-53 Rev. 4 CM-2, CM-
3, CM-4, CM-5, CM-6, CM-7, CM-
9, SA-10

PR.IP-2: A System Development Life CIS CSC 18

Cycle to manage systems is implemented COBIT 5 APO13.01, BAI03.01,
BAI03.02,
BAI03.03
ISA 62443-2-1:2009 4.3.4.3.3

ISO/IEC 27001:2013 A.6.1.5,

A.14.1.1, A.14.2.1,
A.14.2.5
NIST SP 800-53 Rev. 4 PL-8, SA-3,
SA-4, SA-8,
SA-10, SA-11, SA-12, SA-15, SA-17,
SI-12, SI-13, SI-14, SI-16, SI-17

PR.IP-3: Configuration change control CIS CSC 3, 11

processes are in place COBIT 5 BAI01.06, BAI06.01
ISA 62443-2-1:2009 4.3.4.3.2,
4.3.4.3.3
ISA 62443-3-3:2013 SR 7.6
ISO/IEC 27001:2013 A.12.1.2,
A.12.5.1,
A.12.6.2, A.14.2.2, A.14.2.3,
A.14.2.4
NIST SP 800-53 Rev. 4 CM-3, CM-
4, SA-10
PR.IP-4: Backups of information are CIS CSC 10
conducted, maintained, and tested COBIT 5 APO13.01, DSS01.01,
DSS04.07
ISA 62443-2-1:2009 4.3.4.3.9
ISA 62443-3-3:2013 SR 7.3, SR 7.4
ISO/IEC 27001:2013 A.12.3.1,
A.17.1.2,
A.17.1.3, A.18.1.3
NIST SP 800-53 Rev. 4 CP-4, CP-6,
CP-9

PR.IP-5: Policy and regulations regarding COBIT 5 DSS01.04, DSS05.05

the physical operating environment for ISA 62443-2-1:2009 4.3.3.3.1
organizational assets are met 4.3.3.3.2, 4.3.3.3.3,
4.3.3.3.5, 4.3.3.3.6
ISO/IEC 27001:2013 A.11.1.4,
A.11.2.1,
A.11.2.2, A.11.2.3
NIST SP 800-53 Rev. 4 PE-10, PE-
12, PE-13, PE-14, PE-15, PE-18

PR.IP-6: Data is destroyed according to COBIT 5 BAI09.03, DSS05.06

policy ISA 62443-2-1:2009 4.3.4.4.4
ISA 62443-3-3:2013 SR 4.2
ISO/IEC 27001:2013 A.8.2.3,
A.8.3.1, A.8.3.2,
A.11.2.7
NIST SP 800-53 Rev. 4 MP-6

PR.IP-7: Protection processes are COBIT 5 APO11.06, APO12.06,

improved DSS04.05
ISA 62443-2-1:2009 4.4.3.1,
4.4.3.2, 4.4.3.3,
4.4.3.4, 4.4.3.5, 4.4.3.6, 4.4.3.7,
4.4.3.8
ISO/IEC 27001:2013 A.16.1.6,
Clause 9, Clause
10
NIST SP 800-53 Rev. 4 CA-2, CA-7,
CP-2, IR-8,
PL-2, PM-6

PR.IP-8: Effectiveness of protection COBIT 5 BAI08.04, DSS03.04

technologies is shared ISO/IEC 27001:2013 A.16.1.6
NIST SP 800-53 Rev. 4 AC-21, CA-
7, SI-4
PR.IP-9: Response plans (Incident CIS CSC 19
Response and Business Continuity) and COBIT 5 APO12.06, DSS04.03
recovery plans (Incident Recovery and ISA 62443-2-1:2009 4.3.2.5.3,
Disaster Recovery) are in place and 4.3.4.5.1
managed ISO/IEC 27001:2013 A.16.1.1,
A.17.1.1,
A.17.1.2, A.17.1.3
NIST SP 800-53 Rev. 4 CP-2, CP-7,
CP-12, CP-13, IR-7, IR-8, IR-9, PE-
17

PR.IP-10: Response and recovery plans CIS CSC 19, 20

are tested COBIT 5 DSS04.04
ISA 62443-2-1:2009 4.3.2.5.7,
4.3.4.5.11
ISA 62443-3-3:2013 SR 3.3
ISO/IEC 27001:2013 A.17.1.3
NIST SP 800-53 Rev. 4 CP-4, IR-3,
PM-14

PR.IP-11: Cybersecurity is included in CIS CSC 5, 16

human resources practices (e.g., COBIT 5 APO07.01, APO07.02,
deprovisioning, personnel screening) APO07.03,
APO07.04, APO07.05
ISA 62443-2-1:2009 4.3.3.2.1,
4.3.3.2.2, 4.3.3.2.3
ISO/IEC 27001:2013 A.7.1.1,
A.7.1.2, A.7.2.1,
A.7.2.2, A.7.2.3, A.7.3.1, A.8.1.4
NIST SP 800-53 Rev. 4 PS-1, PS-2,
PS-3, PS-4,
PS-5, PS-6, PS-7, PS-8, SA-21

PR.IP-12: A vulnerability management CIS CSC 4, 18, 20

plan is developed and implemented COBIT 5 BAI03.10, DSS05.01,
DSS05.02
ISO/IEC 27001:2013 A.12.6.1,
A.14.2.3,
A.16.1.3, A.18.2.2, A.18.2.3
NIST SP 800-53 Rev. 4 RA-3, RA-5,
SI-2

PR.MA-1: Maintenance and repair of COBIT 5 BAI03.10, BAI09.02,

organizational assets are performed and BAI09.03,
logged, with approved and controlled tools DSS01.05
ISA 62443-2-1:2009 4.3.3.3.7
ISO/IEC 27001:2013 A.11.1.2,
A.11.2.4,
A.11.2.5, A.11.2.6
NIST SP 800-53 Rev. 4 MA-2, MA-
3, MA-5,
MA-6
PR.MA-2: Remote maintenance of CIS CSC 3, 5
organizational assets is approved, logged, COBIT 5 DSS05.04
and performed in a manner that prevents ISA 62443-2-1:2009 4.3.3.6.5,
unauthorized access 4.3.3.6.6, 4.3.3.6.7,
4.3.3.6.8
ISO/IEC 27001:2013 A.11.2.4,
A.15.1.1, A.15.2.1
NIST SP 800-53 Rev. 4 MA-4

PR.PT-1: Audit/log records are CIS CSC 1, 3, 5, 6, 14, 15, 16

determined, documented, implemented, COBIT 5 APO11.04, BAI03.05,
and reviewed in accordance with policy DSS05.04,
DSS05.07, MEA02.01
ISA 62443-2-1:2009 4.3.3.3.9,
4.3.3.5.8, 4.3.4.4.7,
4.4.2.1, 4.4.2.2, 4.4.2.4
ISA 62443-3-3:2013 SR 2.8, SR 2.9,
SR 2.10, SR
2.11, SR 2.12
ISO/IEC 27001:2013 A.12.4.1,
A.12.4.2,
A.12.4.3, A.12.4.4, A.12.7.1
NIST SP 800-53 Rev. 4 AU Family

PR.PT-2: Removable media is protected CIS CSC 8, 13

and its use restricted according to policy COBIT 5 APO13.01, DSS05.02,
DSS05.06
ISA 62443-3-3:2013 SR 2.3
ISO/IEC 27001:2013 A.8.2.1,
A.8.2.2, A.8.2.3,
A.8.3.1, A.8.3.3, A.11.2.9

NIST SP 800-53 Rev. 4 MP-2, MP-

3, MP-4, MP-5, MP-7, MP-8
PR.PT-3: The principle of least ISO/IEC 27001:2013 A.9.1.2
functionality is incorporated by configuring
systems to provide only essential
capabilities

PR.PT-4: Communications and control ISO/IEC 27001:2013 A.13.1.1,

networks are protected A.13.2.1, A.14.1.3
PR.PT-5: Mechanisms (e.g., failsafe, load ISO/IEC 27001:2013 A.17.1.2,
balancing, hot swap) are implemented to A.17.2.1
achieve resilience requirements in normal
and adverse situations
GAP with ISO 27001
Function Category
DETECT (DE) Anomalies and Events (DE.AE):
Anomalous activity is detected
and the potential impact of
events is understood.

Security Continuous Monitoring

(DE.CM): The information system
and assets are monitored to
identify cybersecurity events and
verify the effectiveness of
protective measures.

Detection Processes (DE.DP):

Detection processes and
procedures are maintained and
tested to ensure awareness of
anomalous events.
Subcategory ISO 27001 Reference
DE.AE-1: A baseline of network operations and expected data flows ISO/IEC 27001:2013 A.12.1.1,
for users and systems is established and managed A.12.1.2, A.13.1.1, A.13.1.2

DE.AE-2: Detected events are analyzed to understand attack ISO/IEC 27001:2013 A.12.4.1,
targets and methods A.16.1.1, A.16.1.4

DE.AE-3: Event data are collected and correlated from multiple ISO/IEC 27001:2013 A.12.4.1,
sources and sensors A.16.1.7

DE.AE-4: Impact of events is determined ISO/IEC 27001:2013 A.16.1.4

DE.AE-5: Incident alert thresholds are established ISO/IEC 27001:2013 A.16.1.4

DE.CM-1: The network is monitored to

detect potential cybersecurity events

DE.CM-2: The physical environment is ISO/IEC 27001:2013 A.11.1.1,

monitored to detect potential cybersecurity events A.11.1.2
DE.CM-3: Personnel activity is monitored to detect potential ISO/IEC 27001:2013 A.12.4.1,
cybersecurity events A.12.4.3
DE.CM-4: Malicious code is detected ISO/IEC 27001:2013 A.12.2.1

DE.CM-5: Unauthorized mobile code is detected ISO/IEC 27001:2013 A.12.5.1,

A.12.6.2
DE.CM-6: External service provider activity is monitored to detect ISO/IEC 27001:2013 A.14.2.7,
potential cybersecurity events A.15.2.1
DE.CM-7: Monitoring for unauthorized personnel, connections, ISO/IEC 27001:2013 A.12.4.1,
devices, and software is performed A.14.2.7, A.15.2.1
DE.CM-8: Vulnerability scans are ISO/IEC 27001:2013 A.12.6.1
performed
DE.DP-1: Roles and responsibilities for ISO/IEC 27001:2013 A.6.1.1,
detection are well defined to ensure A.7.2.2
accountability
DE.DP-2: Detection activities comply with ISO/IEC 27001:2013 A.18.1.4,
all applicable requirements A.18.2.2, A.18.2.3
DE.DP-3: Detection processes are tested ISO/IEC 27001:2013 A.14.2.8
DE.DP-4: Event detection information is ISO/IEC 27001:2013 A.16.1.2,
communicated A.16.1.3
DE.DP-5: Detection processes are ISO/IEC 27001:2013 A.16.1.6
continuously improved
GAP with ISO 27001

Not in ISO 27001:2013

Function Category
RESPOND (RS) Response Planning (RS.RP):
Response processes and
procedures are executed
and
maintained, to ensure
response to
detected cybersecurity
incidents.

Communications (RS.CO):
Response activities are
coordinated with internal
and
external stakeholders (e.g.
external support from law
enforcement agencies).

Analysis (RS.AN): Analysis is

conducted to ensure
effective
response and support
recovery
activities.

Mitigation (RS.MI): Activities

are performed to prevent
expansion of an event,
mitigate its
effects, and resolve the
incident.
Improvements (RS.IM):
Organizational response
activities
are improved by
incorporating
lessons learned from current
and
previous detection/response
activities.
Subcategory ISO 27001 Reference
RS.RP-1: Response plan is executed during or after an incident ISO/IEC 27001:2013 A.16.1.5

RS.CO-1: Personnel know their roles and order of operations when a response ISO/IEC 27001:2013 A.6.1.1,
is A.7.2.2, A.16.1.1
needed

RS.CO-2: Incidents are reported consistent with established criteria ISO/IEC 27001:2013 A.6.1.3,
A.16.1.2
RS.CO-3: Information is shared consistent with response plans ISO/IEC 27001:2013 A.16.1.2,
Clause 7.4, Clause 16.1.2
RS.CO-4: Coordination with stakeholders occurs consistent with response plans ISO/IEC 27001:2013 Clause 7.4

RS.CO-5: Voluntary information sharing occurs with external stakeholders to ISO/IEC 27001:2013 A.6.1.4
achieve broader cybersecurity situational awareness
RS.AN-1: Notifications from detection systems are investigated ISO/IEC 27001:2013 A.12.4.1,
A.12.4.3, A.16.1.5

RS.AN-2: The impact of the incident is understood ISO/IEC 27001:2013 A.16.1.4,

A.16.1.6
RS.AN-3: Forensics are performed ISO/IEC 27001:2013 A.16.1.7
RS.AN-4: Incidents are categorized consistent with response plans ISO/IEC 27001:2013 A.16.1.4
RS.AN-5: Processes are established to receive, analyze and respond to
vulnerabilities disclosed to the organization from internal and external sources
(e.g. internal testing, security bulletins, or security researchers)
RS.MI-1: Incidents are contained ISO/IEC 27001:2013 A.12.2.1,
A.16.1.5

RS.MI-2: Incidents are mitigated ISO/IEC 27001:2013 A.12.2.1,

A.16.1.5
RS.MI-3: Newly identified vulnerabilities are mitigated or documented as ISO/IEC 27001:2013 A.12.6.1
accepted risks
RS.IM-1: Response plans incorporate lessons learned ISO/IEC 27001:2013 A.16.1.6,
Clause 10

RS.IM-2: Response strategies are updated ISO/IEC 27001:2013 A.16.1.6,

Clause 10
GAP with ISO 27001

Not in ISO 27001:2013

Function Category
RECOVER (RC)

Recovery Planning (RC.RP):

Recovery processes and
procedures are executed
and maintained to ensure
restoration of systems or
assets affected by
cybersecurity incidents.
Improvements (RC.IM):
Recovery planning and
processes are improved by
incorporating lessons
learned into future
activities.

Communications (RC.CO):
Restoration activities are
coordinated with internal
and external parties (e.g.
coordinating centers,
Internet Service Providers,
owners of attacking
systems, victims, other
CSIRTs, and vendors).
Subcategory ISO 27001 Reference
RC.RP-1: Recovery plan is executed ISO/IEC 27001:2013
during or after a cybersecurity incident A.16.1.5

RC.IM-1: Recovery plans incorporate ISO/IEC 27001:2013

lessons learned A.16.1.6, Clause 10

RC.IM-2: Recovery strategies are updated ISO/IEC 27001:2013

A.16.1.6, Clause 10
RC.CO-1: Public relations are managed ISO/IEC 27001:2013 A.6.1.4,
Clause 7.4

RC.CO-2: Reputation is repaired after an ISO/IEC 27001:2013 Clause

incident 7.4
RC.CO-3: Recovery activities are ISO/IEC 27001:2013 Clause
communicated to internal and external 7.4
stakeholders as well as executive and
management teams
GAP with ISO 27001

SATIE D7.3 Best Practices For Updating Airport Security Standard and Policies PU v1.0 Compressed 1
No ratings yet
SATIE D7.3 Best Practices For Updating Airport Security Standard and Policies PU v1.0 Compressed 1
87 pages
ISO-IEC 27001 - FAQs
No ratings yet
ISO-IEC 27001 - FAQs
4 pages
Iso 27000
No ratings yet
Iso 27000
23 pages
Seven Key Problems To Avoid in ISO 27001 Implementation Presentation Deck
No ratings yet
Seven Key Problems To Avoid in ISO 27001 Implementation Presentation Deck
16 pages
2211 III IV Info Security 061cab6ee6c0fb0 53969879
No ratings yet
2211 III IV Info Security 061cab6ee6c0fb0 53969879
30 pages
ISO-IEC-27005 Risk Manager Dumps - PECB Certified ISOIEC 27005 Risk Manager
No ratings yet
ISO-IEC-27005 Risk Manager Dumps - PECB Certified ISOIEC 27005 Risk Manager
13 pages
SecPro Portfolio 2022 Englishv2
No ratings yet
SecPro Portfolio 2022 Englishv2
14 pages
Kickoff ISO 27001-2022 ISO27K-RB
No ratings yet
Kickoff ISO 27001-2022 ISO27K-RB
7 pages
Cloud Matrix
No ratings yet
Cloud Matrix
19 pages
The Business and Regulatory Value of Third Party Certification To The Nist Cybersecurity Framework - Bsi Ribose
No ratings yet
The Business and Regulatory Value of Third Party Certification To The Nist Cybersecurity Framework - Bsi Ribose
40 pages
CIS Controls v8 Mapping To GSMA FS.31 Baseline Security Controls v2.0
No ratings yet
CIS Controls v8 Mapping To GSMA FS.31 Baseline Security Controls v2.0
106 pages
NIST 800 171 Compliance Scoping Guide
No ratings yet
NIST 800 171 Compliance Scoping Guide
84 pages
BAYAD InfoSec Awareness Training Material
No ratings yet
BAYAD InfoSec Awareness Training Material
43 pages
02 Security-Management-Module UEL-CN-70149089
No ratings yet
02 Security-Management-Module UEL-CN-70149089
18 pages
Checklist of ISO 27001 Mandatory Documentation EN
No ratings yet
Checklist of ISO 27001 Mandatory Documentation EN
13 pages
Crosswalk Resource - Cybersecurity Framework To NIST Privacy Framework
No ratings yet
Crosswalk Resource - Cybersecurity Framework To NIST Privacy Framework
42 pages
SCF Risk Management Model
No ratings yet
SCF Risk Management Model
53 pages
FedRAMP Security Controls Baseline
No ratings yet
FedRAMP Security Controls Baseline
3,273 pages
GDPR
No ratings yet
GDPR
48 pages
Cyber Capability Toolkit - Cyber Incident Response - Public Sector Cyber Incident Response Plan
No ratings yet
Cyber Capability Toolkit - Cyber Incident Response - Public Sector Cyber Incident Response Plan
45 pages
NIST CSF 2.0 Audit Checklist
No ratings yet
NIST CSF 2.0 Audit Checklist
67 pages
Guidelines On Assessing DSP Security and OES Compliance With The NISD Security Requirements
No ratings yet
Guidelines On Assessing DSP Security and OES Compliance With The NISD Security Requirements
59 pages
Isobtw001 Betway Iso 27001 Certificate 26 October 2018 I
No ratings yet
Isobtw001 Betway Iso 27001 Certificate 26 October 2018 I
2 pages
CSF 2.0 Organizational Profile Template Draft
No ratings yet
CSF 2.0 Organizational Profile Template Draft
33 pages
FSISAC GenerativeAI-VendorEvaluation&QualitativeRiskAssessmentTool
No ratings yet
FSISAC GenerativeAI-VendorEvaluation&QualitativeRiskAssessmentTool
8 pages
Cybersecurity Framework/Privacy Framework To NIST Special Publication 800-53, Revision 5 Mapping
No ratings yet
Cybersecurity Framework/Privacy Framework To NIST Special Publication 800-53, Revision 5 Mapping
31 pages
Iso 9001
100% (1)
Iso 9001
15 pages
Cyber Maturity Assessment Data Sheet
100% (1)
Cyber Maturity Assessment Data Sheet
2 pages
ISO 27001 Lead Auditor Course Udemy
No ratings yet
ISO 27001 Lead Auditor Course Udemy
1 page
Open Source CCF
No ratings yet
Open Source CCF
18 pages
Defending-Data-Smartly WHPDDS WHP Eng 0822
No ratings yet
Defending-Data-Smartly WHPDDS WHP Eng 0822
15 pages
GRC Analyst Resume - Hire IT People - We Get IT Done
100% (1)
GRC Analyst Resume - Hire IT People - We Get IT Done
7 pages
SNI ISO 37001 Certification in Indonesia - Kukuh S Achmad PDF
No ratings yet
SNI ISO 37001 Certification in Indonesia - Kukuh S Achmad PDF
21 pages
Secure Coding Practices Quick Ref 4
No ratings yet
Secure Coding Practices Quick Ref 4
14 pages
Diagram of 6 Steps in ISO 27001/ISO 27005 Risk Management
No ratings yet
Diagram of 6 Steps in ISO 27001/ISO 27005 Risk Management
1 page
Hse Transfer Impact Assessment Form
No ratings yet
Hse Transfer Impact Assessment Form
13 pages
PCI DSS v3.2 Vs ISO 27001 2013 - 160729
No ratings yet
PCI DSS v3.2 Vs ISO 27001 2013 - 160729
99 pages
NQA ISO 27001 Implementation Guide
100% (1)
NQA ISO 27001 Implementation Guide
34 pages
ISOIEC 27001 Compliance Backgrounder PDF
No ratings yet
ISOIEC 27001 Compliance Backgrounder PDF
2 pages
CSF PF To Sp800 53r5 Mappings
No ratings yet
CSF PF To Sp800 53r5 Mappings
285 pages
ISO27001 2022 Self Assessment Checklist V1
No ratings yet
ISO27001 2022 Self Assessment Checklist V1
10 pages
Disaster Recovery Audit Work Program - 0
No ratings yet
Disaster Recovery Audit Work Program - 0
34 pages
Mapping PCI DSS To NIST Framework PDF
No ratings yet
Mapping PCI DSS To NIST Framework PDF
35 pages
CPRT CSF 2 0 0 11-13-2024
No ratings yet
CPRT CSF 2 0 0 11-13-2024
17 pages
CISO Brochure Download 1
No ratings yet
CISO Brochure Download 1
12 pages
CSCF Assessment Template For Mandatory Controls (Version2022) v1.2
No ratings yet
CSCF Assessment Template For Mandatory Controls (Version2022) v1.2
179 pages
Comparison of It Security Standards
100% (1)
Comparison of It Security Standards
65 pages
Pci Dss v4 0 Roc Aoc Merchants
No ratings yet
Pci Dss v4 0 Roc Aoc Merchants
12 pages
NERC CIP ISA Comparative Analysis With IEC62443
No ratings yet
NERC CIP ISA Comparative Analysis With IEC62443
34 pages
ISO 38500 Vs ISO 27000
50% (2)
ISO 38500 Vs ISO 27000
10 pages
CyBOk Mapping Reference v1.1
No ratings yet
CyBOk Mapping Reference v1.1
39 pages
National Cyber Risk Assessment: Tlp:Clear
No ratings yet
National Cyber Risk Assessment: Tlp:Clear
52 pages
Risk Assessment: Cyber Security
No ratings yet
Risk Assessment: Cyber Security
2 pages
Identity Access Management For RSA Archer Based On RSA Identity Governance Lifecycle
No ratings yet
Identity Access Management For RSA Archer Based On RSA Identity Governance Lifecycle
37 pages
The Business Owner's Guide to Cybersecurity: Protecting Your Company from Online Threats
From Everand
The Business Owner's Guide to Cybersecurity: Protecting Your Company from Online Threats
Neil King
No ratings yet
TCLG Information Security ISO Standards Feb 2015 PDF
No ratings yet
TCLG Information Security ISO Standards Feb 2015 PDF
28 pages
Unit 3 - Threat Modelling
No ratings yet
Unit 3 - Threat Modelling
13 pages
Iso 27701-2019
No ratings yet
Iso 27701-2019
13 pages
Soc-Cmm 2.1 - NIST CSF 1.1 - Mapping
No ratings yet
Soc-Cmm 2.1 - NIST CSF 1.1 - Mapping
36 pages
Equinix Asia Pacific Pte LTD: Certificate of Registration
No ratings yet
Equinix Asia Pacific Pte LTD: Certificate of Registration
4 pages
Schedule C-3-2 Cloud Security Risk Assessment Questionnaire
No ratings yet
Schedule C-3-2 Cloud Security Risk Assessment Questionnaire
22 pages
Security Gap Analysis Template: in Place? Rating
0% (1)
Security Gap Analysis Template: in Place? Rating
6 pages
STANDARD Database Security Template en
100% (1)
STANDARD Database Security Template en
9 pages
Cyber Security and Types of Cyber Attacks
0% (1)
Cyber Security and Types of Cyber Attacks
8 pages
ISMS Implementation Training Exam Paper
No ratings yet
ISMS Implementation Training Exam Paper
14 pages
Iso27002 2022
No ratings yet
Iso27002 2022
1 page
OWASP Application Security Verification Standard 4 0 v3 7 Fill
No ratings yet
OWASP Application Security Verification Standard 4 0 v3 7 Fill
20 pages
Data Privacy and Security-Rev1
No ratings yet
Data Privacy and Security-Rev1
15 pages
The ISO27k Standards: Gary Hinson
No ratings yet
The ISO27k Standards: Gary Hinson
10 pages
Secure Configuration ManagementPolicy Template For CIS Control 4
100% (1)
Secure Configuration ManagementPolicy Template For CIS Control 4
19 pages
BS7799
No ratings yet
BS7799
17 pages
Kiwiqa Services: Web Application Vapt Report
No ratings yet
Kiwiqa Services: Web Application Vapt Report
25 pages
Privacy Standards and Frameworks
No ratings yet
Privacy Standards and Frameworks
2 pages
DWP ss018 Security Standard Network Security Design PDF
No ratings yet
DWP ss018 Security Standard Network Security Design PDF
35 pages
GDPR Compliance Checklist ProjectManager FD CM
No ratings yet
GDPR Compliance Checklist ProjectManager FD CM
12 pages
Traffic Light Protocol
No ratings yet
Traffic Light Protocol
1 page
List of Documents ISO 27001 2022 Documentation Toolkit EN
No ratings yet
List of Documents ISO 27001 2022 Documentation Toolkit EN
5 pages
SC ISO 27001 Self Assessment Checklist
No ratings yet
SC ISO 27001 Self Assessment Checklist
7 pages
MSP Cybersecurity Checklist Final
No ratings yet
MSP Cybersecurity Checklist Final
12 pages
Information Security Classification Policy: 1. Strategic Plan Theme and Compliance Obligation Supported 2. Purpose
No ratings yet
Information Security Classification Policy: 1. Strategic Plan Theme and Compliance Obligation Supported 2. Purpose
3 pages
ISMS Lead Auditor Course
No ratings yet
ISMS Lead Auditor Course
2 pages
ISO 27005 Standard For Infosec Risk Management
No ratings yet
ISO 27005 Standard For Infosec Risk Management
2 pages
NESA Compliance Service - Paladion Networks - UAE
No ratings yet
NESA Compliance Service - Paladion Networks - UAE
8 pages
Cybersecurity Posture Assessment Brochure - Hitachi Systems Security
No ratings yet
Cybersecurity Posture Assessment Brochure - Hitachi Systems Security
2 pages
ISO27k Intro and Gap Analysis Email Template v2
No ratings yet
ISO27k Intro and Gap Analysis Email Template v2
2 pages
Cybersecurity CISO Vital Part Operations
No ratings yet
Cybersecurity CISO Vital Part Operations
11 pages
7.2 M GDPR Detailed Gap Assessment Input
No ratings yet
7.2 M GDPR Detailed Gap Assessment Input
1 page
List of Documents ISO 27001 2022 Documentation Toolkit en
100% (2)
List of Documents ISO 27001 2022 Documentation Toolkit en
5 pages
Essential 8
No ratings yet
Essential 8
8 pages