“New Reference Practice for Cybersecurity: Harmonization between Regulations and Framework”

Marzo 6, 2025 E-MAGAZINE ENG, News ENG
"Nuova Prassi di Riferimento per la Cybersicurezza: Armonizzazione tra Normativa e Framework"

In March of last year, work began on the creation of a reference practice dedicated to the “Management System for Cybersecurity and Information Security,” which aligns with the UNI CEI EN ISO/IEC 27001 standard and the NIST CSF 2.0 Framework. This document is currently under public consultation and will be open for contributions until March 4, 2025. Interested parties can freely download it from the dedicated website.

The reference practice has been developed in collaboration with various entities operating in the sector, in response to an important need among organizations. The UNI CEI EN ISO/IEC 27001 standards and the NIST Cybersecurity Framework 2.0 serve as fundamental reference points in the landscape of cybersecurity. However, there are differing approaches and application methods between the two documents, which can create confusion for organizations wishing to align with both regulations.

The UNI CEI EN ISO/IEC 27001 standard is structured according to a management system, following the Harmonized Structure (HS) model and presenting specific requirements for obtaining accredited certification of the Information Security Management System (ISMS). This systemic approach allows for the implementation of controls and security measures in an organic and structured manner. On the other hand, the NIST Cybersecurity Framework 2.0 serves as an effective tool for assessing and improving an organization’s cybersecurity profile. However, it is important to note that not all controls required by UNI CEI EN ISO/IEC 27001 correspond to those in the NIST CSF.

With this in mind, the new reference practice aims to clarify and facilitate understanding of the differences and benefits related to both documents, promoting harmonization between the requirements of the UNI CEI EN ISO/IEC 27001 standard and the objectives outlined by the NIST CSF 2.0. This harmonization will allow organizations to effectively adapt their cybersecurity management system, ensuring a more secure and robust approach to information management.

The reference practice is enriched by two appendices, which provide clear and easily accessible overviews. These appendices highlight the interconnections between the key points of the UNI CEI EN ISO/IEC 27001 standard and those of the NIST Cybersecurity Framework. This practical tool thus aims to simplify the alignment process between the two documents, making the work of organizations in the field of cybersecurity easier and clearer.

With the evolution of technologies and cyber threats, companies and institutions increasingly find themselves facing significant challenges regarding information security. The creation of reference practices like the one currently underway represents a fundamental step to support organizations in improving not only their cybersecurity policies but also their overall resilience.

In summary, the new reference practice represents an important opportunity for organizations eager to integrate and harmonize their cybersecurity management systems in a coherent and structured way. The public consultation is an open invitation to all interested parties to actively contribute with suggestions and opinions so that the final document can best meet the needs of the market and institutions.

We invite you to follow our social media profiles to stay updated on all news related to cybersecurity and to actively participate in the debate on these essential topics. Your voice is important and can make a difference in the field of information security!

Share Button