You shouldn't 'use' Annex A controls!

I know this might sound counterintuitive but Annex A is not really a list of controls.

It serves a completely different purpose that is often misunderstood.

NIST SP 800-53 on the other hand is a real control catalogue.it

catalogue.it describes over 1,000 controls organised into 20 control families.

‣ Access Control (AC)

‣ Awareness and Training (AT)

‣ Audit and Accountability (AU)

‣ Assessment, Authorization, and Monitoring (CA)

‣ Configuration Management (CM)‣ Contingency Planning (CP)

‣ Identification and Authentication (IA)

‣ Incident Response (IR)

‣ Maintenance (MA)

‣ Media Protection (MP)

‣ Physical and Environmental Protection (PE)

‣ Planning (PL)‣ Program Management (PM)

‣ Personnel Security (PS)

‣ PII Processing and Transparency (PT)

‣ Risk Assessment (RA)

‣ System and Services Acquisition (SA)

‣ System and Communications Protection (SC)

‣ System and Information Integrity (SI)

‣ Supply Chain Risk Management (SR)

Want to understand how Annex is really meant to be understood and how to combine ISO 27001 with NIST SP 800-53?linkedin.com/safety/go?…