The ISF Standard of Good Practice Online Informative References to NIST CSF

The ISF has been working with the United State’s National Institute of Standards and Technology (NIST) as part of a pilot project to create Online Informative References (OLIRs) between information security standards and the NIST Cybersecurity Framework (CSF).

As part of this pilot scheme, the ISF has produced an OLIR between the ISF’s Standard of Good Practice for Information Security 2018 (the standard) and the NST CSF Version 1.1, which can be downloaded above.

The OLIR between the standard and the NIST CSF links 87 of the 131 Information Security Topics found in the standard to all 108 Subcategories in the NIST CSF. These links are designed for practitioners who currently utilise, or are considering the standard and would like to understand how the activities that they undertake can help them achieve the outcomes described by each Subcategory.

The remaining 44 Topics in the standard that are not linked to CSF Subcategories cover areas of Information Security not directly found within the CSF, such as system development criteria or audit processes. Further details on the coverage of the CSF Subcategories can be found in the OLIR document, which can be downloaded using the form below. Additional information relating to NIST’s OLIR program can be found on the NIST website.