What do security standards and regulations like ISO 27001, NIS2, DORA and NYDFS have in common? A lot actually. We’ve mapped out the shared requirements for you.
The cybersecurity landscape is flooded with regulations as governments worldwide respond to complex and frequent cyber threats, data breaches, and national security worries. CISOs across various sectors must now navigate a web of compliance requirements that vary by region and industry. However, the core requirements of security standards and regulations like ISO 27001, NIS2, DORA and NYDFS are often very similar.
“The big secret about regulations and security standards is that they are all essentially the same.”
Four of our top global security and risk management experts have taken the ISO 27001 standard and mapped it against these key regulations:
- The Network and Information Security Directive 2 (NIS2)
- Raises the baseline across critical sectors in Europe and moves organizations toward prevention, accountability, and context‑driven risk reduction.
- The Digital Operational Resilience Act (DORA)
- Sets a single, principle-based standard for operational resilience in the EU financial sector. Applies across twenty financial entity types and introduces EU‑level oversight for critical third‑party providers.
- The NYDFS Cybersecurity Regulation (23 NYCRR Part 500)
- Sets prescriptive expectations for financial institutions in New York, including board cybersecurity expertise, mandatory social‑engineering exercises, tabletop drills, and crisis management testing.
The result is a practical whitepaper outlining their common security policies, controls, and activities to help you kick-start your security risk management journey.
Download the whitepaper to discover
- What each of these regulations means in practice
- Where and to whom they apply
- What these regulations have in common, and
- What you can start doing right now to become compliant with all of them
