A High-Level Comparison between the NIST Cyber Security Framework and the ISO 27001 Information Security Standard

This paper provides a high-level comparison between the National Institute of Standards and Technology's (NIST) Cyber Security Framework and the ISO 27001 Information Security Standard. Pros, cons and the advantages each framework holds over the other and how an organization would select an appropriate framework between CSF and ISO 27001 have been discussed along with a detailed comparison of how major security controls framework/guidelines like NIST SP 800-53, CIS Top-20 and ISO 27002 can be mapped back to each.