Educause Security Discussion mailing list archives

Re: ISO27001 vs NIST 800-171

From: Joanna Grama <joanna.grama () VANTAGETCG COM>
Date: Fri, 31 Aug 2018 13:53:36 +0000

Hi Chris,
Check out the NIST 800-171 guidance documents from EDUCAUSE:  
https://library.educause.edu/resources/2016/4/an-introduction-to-nist-special-publication-800-171-for-higher-education-institutions

In particular, the spreadsheet that the Common Solutions Group shared has the ISO-NIST mapping that you are looking 
for: https://library.educause.edu/resources/2016/9/nist-sp-800-171-compliance-template

Kind regards,
Joanna Grama



Joanna Grama, JD, CISSP
Senior Consultant
Vantage Technology Consulting Group
Desk: 978-341-0700 x 316

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Davis, Chris
Sent: Friday, August 31, 2018 9:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ISO27001 vs NIST 800-171

Can anyone provide me a quick and dirty compare/contrast between the two?  Which is more appropriate for a higher 
education setting seeking to comply with the various regulatory requirements typically found in higher ed?

Thanks!

Chris


Christopher Davis, Ph.D.
Chief Information Officer
Assistant Professor of Education
Apple Teacher
Lourdes University
6832 Convent Blvd | REH 003P | Sylvania, OH 43560
cdavis () lourdes edu<mailto:cdavis () lourdes edu>

CyberAware – Be aware. Stay Secure!
Lourdes University will never ask you to send sensitive information through unsecure channels. Report any message that 
asks you to provide or confirm personal information such as credit card and/or bank account numbers, Social Security 
numbers, passwords, etc. or any other suspicious activity to infosec () lourdes edu<mailto:infosec () lourdes edu>. For 
more information please visit lourdes.edu/cyberaware.

CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) 
and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not 
the intended recipient of this message or their agent, or if this message has been addressed to you in error, please 
immediately alert the sender by reply email and then delete this message and any attachments. If you are not the 
intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its 
attachments is strictly prohibited.

We just launched our new website – check it out at www.VantageTCG.com

Current thread:

ISO27001 vs NIST 800-171 Davis, Chris (Aug 31)
- Re: ISO27001 vs NIST 800-171 James Farr (Aug 31)
  - Re: ISO27001 vs NIST 800-171 Don Murdoch (Aug 31)
- Re: ISO27001 vs NIST 800-171 Joanna Grama (Aug 31)
- Re: ISO27001 vs NIST 800-171 Penn, Blake C (Sep 04)