Exam SY0-601 topic 1 question 856 discussion

B. The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) provides guidelines, standards, and best practices for organizations to manage and reduce cybersecurity risk. It offers a flexible and customizable framework that helps organizations align their cybersecurity activities with business objectives, risk tolerance, and available resources.

B. NIST CSF • National Institute of Standards and Technology – Cybersecurity Framework (CSF) – A voluntary commercial framework • Framework Core – Identify, Protect, Detect, Respond, and Recover • Framework Implementation Tiers – An organization’s view of cybersecurity risk and processes to manage the risk • Framework Profile - The alignment of standards, guidelines, and practices to the Framework Core

NIST CSF is a guideline. ISO are standards.

The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts.

ISO 27001 https://www.iso.org/standard/27001

B. The NIST CSF is designed as a guide, whereas ISO 27001 is designed as a standard. The difference here is that NIST CSF serves as an instruction manual and ISO 27001 is more of a test that requires certain measures to pass. In the NIST CSF, there is no certification or audit process.