We recently conducted a NIST CSF 2.0 capability assessment for a client and, as part of the engagement, needed to map their existing framework, ISO 27001:2022. Despite extensive searching, we were unable to find an existing mapping. We even tried using ChatGPT and Gemini for assistance, but both produced significant AI hallucinations. As a result, we undertook the task ourselves.

 To save others time, we’ve attached the NIST CSF 2.0 to ISO 27001:2022 Annexure A mapping to this post. Please use it at your own
discretion and assess its completeness.

 A big thanks to Iris and Brad for their hard work in compiling this mapping. 

 Note 23 May 2024: A new mapping has been uploaded to address some previous mapping issues.