ISO 27001 → NIST 800-171 crosswalk
A control-by-control mapping between ISO/IEC 27001:2022 and NIST SP 800-171 Rev. 2. 9 mappings.
| ISO 27001 | NIST 800-171 | Relationship | Notes |
|---|---|---|---|
| A.5.15 Access control | 3.1.1 Limit system access to authorized users | EquivalentCurated | Access control & identity |
| A.5.16 Identity management | 3.1.1 Limit system access to authorized users | EquivalentCurated | Access control & identity |
| A.5.24 Information security incident management planning and preparation | 3.6.1 Establish an incident-handling capability | PartialCurated | Incident response & breach notification |
| A.5.26 Response to information security incidents | 3.6.1 Establish an incident-handling capability | PartialCurated | Incident response & breach notification |
| A.8.15 Logging | 3.3.1 Create and retain audit logs | EquivalentCurated | Logging, monitoring & detection |
| A.8.16 Monitoring activities | 3.3.1 Create and retain audit logs | EquivalentCurated | Logging, monitoring & detection |
| A.8.24 Use of cryptography | 3.13.11 Employ FIPS-validated cryptography | EquivalentCurated | Cryptography & data protection |
| A.8.8 Management of technical vulnerabilities | 3.11.2 Scan for vulnerabilities | EquivalentCurated | Vulnerability management |
| A.8.9 Configuration management | 3.4.2 Establish and enforce security configuration settings | EquivalentCurated | Secure configuration & hardening |
Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.