LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the major information security standards and frameworks?

The key standards are ISO 27000 series, BSI 200-x, BSI Grundschutz, NIST CSF, and the Swiss ICT Minimal Standard.

Radial hub with ISO 27000, BSI, NIST CSF, ICT Minimal Standard.

* The major standards & frameworks — ISO 27000 series, BSI 200-x/Grundschutz, NIST CSF, Swiss ICT Minimal Standard. *

Standard/Framework Origin Focus
ISO 27001-27005 International (ISO) ISMS requirements (27001), controls (27002), implementation (27003), metrics (27004), risk management (27005)
BSI 200-1 to 200-4 Germany (BSI) ISMS (200-1), IT-Grundschutz methodology (200-2), risk analysis (200-3), BCM (200-4)
BSI Grundschutz Compendium Germany (BSI) Catalog of specific security measures organized by building blocks (modules)
NIST Cybersecurity Framework USA (NIST) Five functions: Identify, Protect, Detect, Respond, Recover
ICT Minimal Standard Switzerland Minimum security baseline for Swiss critical infrastructure, based on NIST CSF

How they relate:

  • ISO 27001 is the most widely used international certification standard for ISMS
  • BSI Grundschutz provides a very detailed, prescriptive German approach (popular in DACH region)
  • NIST CSF is popular in the US and increasingly worldwide; more high-level and flexible
  • ICT Minimal Standard is Switzerland's adaptation for national critical infrastructure

Tip: For exams, know that ISO 27001 is the requirements standard (certifiable), while 27002 is the controls catalog (guidance).

Go deeper:

From Quiz: ISM / ISM Intro & Repetition | Updated: Jul 14, 2026