ISO 27001 → NIST 800-53 crosswalk

A control-by-control mapping between ISO/IEC 27001:2022 and NIST SP 800-53 Rev. 5. 15 mappings.

ISO 27001	NIST 800-53	Relationship	Notes
A.5.1 Policies for information security	PM-1 Information security program plan	PartialOfficial mapping	Gouvernance et politique de sécurité
A.5.15 Access control	AC-2 Account management	EquivalentOfficial mapping	Contrôle d'accès et identité
A.5.16 Identity management	AC-2 Account management	EquivalentCurated	Contrôle d'accès et identité
A.5.24 Information security incident management planning and preparation	IR-4 Incident handling	PartialOfficial mapping	Réponse aux incidents et notification des violations
A.5.24 Information security incident management planning and preparation	IR-6 Incident reporting	PartialCurated	Réponse aux incidents et notification des violations
A.5.26 Response to information security incidents	IR-4 Incident handling	PartialCurated	Réponse aux incidents et notification des violations
A.5.26 Response to information security incidents	IR-6 Incident reporting	EquivalentOfficial mapping	Réponse aux incidents et notification des violations
A.5.9 Inventory of information and other associated assets	CM-8 System component inventory	EquivalentOfficial mapping	Inventaire des actifs et des données
A.8.13 Information backup	CP-9 System backup	EquivalentOfficial mapping	Sauvegarde et restauration
A.8.15 Logging	AU-2 Event logging	EquivalentOfficial mapping	Journalisation, surveillance et détection
A.8.16 Monitoring activities	AU-2 Event logging	EquivalentCurated	Journalisation, surveillance et détection
A.8.24 Use of cryptography	SC-8 Transmission confidentiality and integrity	EquivalentOfficial mapping	Cryptographie et protection des données
A.8.24 Use of cryptography	SC-28 Protection of information at rest	EquivalentOfficial mapping	Cryptographie et protection des données
A.8.8 Management of technical vulnerabilities	RA-5 Vulnerability monitoring and scanning	EquivalentOfficial mapping	Gestion des vulnérabilités
A.8.9 Configuration management	CM-6 Configuration settings	EquivalentOfficial mapping	Configuration sécurisée et durcissement

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.