While NIST 800-171 is designed specifically for non-Federal (commercial) enterprises, with a separate set of guidelines – NIST 800-57 – developed to cover Federal systems and organisations, ISO 27001 is a more general standard and can be applicable to organisations of all types. According to SOX, all businesses need to have internal controls to ensure transparency and accuracy in financial reporting. It is recommended that PCI DSS and ISO/IEC 27001 be combined to give better solutions about information security to organizations. Similarities Between NIST 800-171 and ISO 27001Įven though NIST 800-171 and ISO 27001 have some differences, there are lots of similarities between the two. Mapping of PCI DSS and ISO/IEC 27001 standards is vital information for managers who are tasked with conforming to either standard in their organizations.
0 kommentar(er)
