ISO/IEC 27001 is an international standard to manage information security. The standard details requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). Many organizations/corporations across the world leverage ISO 27001 to certify their systems are considered secure and are following best practices. In some circumstances, ISO 27001 is applied beyond terrestrial system elements to include elements within the space segment as well. Therefore, to help bridge the gap between SPARTA countermeasures and ISO 27001 a mapping has been performed. This mapping was performed using NIST’s published mapping between NIST 800-53 rev5 and ISO 270001. According to NIST, “the mapping of SP 800-53 Revision 5 controls to ISO/IEC 27001:2022 requirements and controls reflects whether the implementation of a security control from Special Publication 800-53 satisfies the intent of the mapped security requirement or control from ISO/IEC 27001 and conversely, whether the implementation of a security requirement or security control from ISO/IEC 27001 satisfies the intent of the mapped control from Special Publication 800-53.” There could be gaps or mistakes within the NIST to ISO mappings as this is the as-provided mapping from NIST and the space system context was not considered in this initial mapping. Improvements will be made in future releases of SPARTA and driven by community feedback.
The intent of mapping SPARTA countermeasures to standards like NIST SP 800-53 and ISO 27001 is to provide SPARTA users with additional perspective of the security principle as well as how the SPARTA countermeasure aligns with compliance/regulatory/best practices published by such standards bodies.