Comparing the CSF to other frameworks
As mentioned previously, there are several different cybersecurity frameworks to choose from. Each category and subcategory found in the NIST CSF aligns with other frameworks as well. There is an information reference that correlates to every subcategory. Why is that important?
Maybe you received an inquiry about how you and your organization have implemented its security controls. The inquiry is based on ISO or SP 800-53, but wait a minute – you are using the CSF; how can those match up?
There is a matrix for each control and how that aligns with other frameworks. This is to assist in answering questions regarding the CSF as compared with other frameworks. It is also meant to assist you if you decide to adopt a different framework. The point is, if you start off with the CSF and decide to jump to another one, all is not lost. I am not, by any means, saying that you should start with the CSF and then naturally jump to a different framework...
