ciso-assistant-community icon indicating copy to clipboard operation
ciso-assistant-community copied to clipboard
verified publisher icon intuitem

Mapping between ISO 27001:2022 and NIST CSF 2.0 is incorrect

Open LoZio opened this issue 1 month ago • 4 comments

Describe the bug The mapping between ISO 27001:2022 and NIST CSF 2.0 is incorrect

To Reproduce Steps to reproduce the behavior: Import the mapping library: urn:intuitem:risk:req_mapping_set:nist-csf-2.0-to-iso27001-2022

Expected behavior Mapping referring to a standard. We have the UNI/PdR 174 (https://store.uni.com/uni-pdr-174-2025 , free to download) that is an official document to map the two frameworks. The current mapping from the library above does not comply with the standard. Empirically it misses several mappings.

I think that the standard should be followed since it is available.

LoZio avatar Nov 01 '25 12:11 LoZio

interesting, thank you! we'll take a look and get back to you. Regards

ab-smith avatar Nov 01 '25 13:11 ab-smith

I have created a mapping_content table, since I was also creating a mapping for another framework (Italian one based on NIST) on which I get a very weird error (I'm looking for help on discord). If you need my file just let me know.

LoZio avatar Nov 01 '25 13:11 LoZio

Sure, you can submit it as a PR and we’ll fix it if needed and build on top of it. Someone from the team will assist you next week on Discord 🙂

ab-smith avatar Nov 01 '25 13:11 ab-smith

not confident with PRs, can I upload the file here and have the PR done from someone?

LoZio avatar Nov 01 '25 13:11 LoZio