Quiz Entry - updated: 2026.07.14
What are the major information security standards and frameworks?
The key standards are ISO 27000 series, BSI 200-x, BSI Grundschutz, NIST CSF, and the Swiss ICT Minimal Standard.
* The major standards & frameworks — ISO 27000 series, BSI 200-x/Grundschutz, NIST CSF, Swiss ICT Minimal Standard. *
| Standard/Framework | Origin | Focus |
|---|---|---|
| ISO 27001-27005 | International (ISO) | ISMS requirements (27001), controls (27002), implementation (27003), metrics (27004), risk management (27005) |
| BSI 200-1 to 200-4 | Germany (BSI) | ISMS (200-1), IT-Grundschutz methodology (200-2), risk analysis (200-3), BCM (200-4) |
| BSI Grundschutz Compendium | Germany (BSI) | Catalog of specific security measures organized by building blocks (modules) |
| NIST Cybersecurity Framework | USA (NIST) | Five functions: Identify, Protect, Detect, Respond, Recover |
| ICT Minimal Standard | Switzerland | Minimum security baseline for Swiss critical infrastructure, based on NIST CSF |
How they relate:
- ISO 27001 is the most widely used international certification standard for ISMS
- BSI Grundschutz provides a very detailed, prescriptive German approach (popular in DACH region)
- NIST CSF is popular in the US and increasingly worldwide; more high-level and flexible
- ICT Minimal Standard is Switzerland's adaptation for national critical infrastructure
Tip: For exams, know that ISO 27001 is the requirements standard (certifiable), while 27002 is the controls catalog (guidance).
Go deeper:
ISO/IEC 27001 (Wikipedia DE) — Der weltweit wichtigste ISMS-Standard und seine Anforderungen.
BSI IT-Grundschutz (offizielle BSI-Seite) — Die deutsche Grundschutz-Methodik direkt von der Behörde.
NIST Cybersecurity Framework (Wikipedia EN) — CSF 2.0 mit den nun sechs Funktionen (inkl. Govern).