Black Star Institute

The National Institute of Standards and Technology (NIST) is a U.S. standards body that defines cybersecurity controls, risk categories, and required outcomes. It provides the “what” — what must be protected and what controls should exist.

ISO is an international standards organization that defines governance, management, and process discipline. It provides the “how” for organizational governance.

MITRE ATT&CK is a knowledge base of adversary behaviors, tactics, and techniques. It explains how attackers operate and how attacks unfold.

COBIT is a governance framework for executives. It defines how leadership should govern IT, assign accountability, and align technology with business goals.

Basel is a global financial regulatory framework that defines capital requirements, systemic risk thresholds, and macro‑prudential controls for financial stability.

BSI is a boundary‑systems governance body that operates in the in‑between spaces where technical systems, human behavior, institutions, and automated decision‑making collide.

NIST covers cybersecurity controls, asset categories, risk management processes, and required security outcomes.

ISO 27001 covers information security governance, risk management, documentation, and organizational processes.

MITRE covers adversary behavior, attack chains, detection logic, and threat‑informed defense.

COBIT governs executive oversight, IT accountability, performance measurement, and enterprise control structures.

Basel regulates systemic financial risk, capital adequacy, liquidity, and exposure thresholds.

BSI governs boundary failure, machine‑age complexity, and the seams between systems where legacy frameworks cannot operate.

NIST defines controls and requirements. ISO defines governance and management processes. NIST is technical; ISO is organizational.

NIST defines what must be protected. MITRE explains how attackers behave. They operate at different layers.

ISO governs organizational processes. MITRE models adversary behavior. One is governance; the other is threat mechanics.

COBIT focuses on executive governance and accountability. ISO focuses on operational governance and process discipline.

BSI does not compete with legacy frameworks. It governs the interstitial spaces where technical, institutional, and adversarial dynamics intersect.

NIST defines what must be protected and what controls should exist. BSI governs the seams between systems — where controls fail, observability collapses, and machine‑age complexity exceeds institutional capacity.

ISO defines organizational governance, process discipline, and management structures. BSI governs boundary‑systems behavior — the interactions between humans, machines, institutions, and automated decisions that ISO does not model.

MITRE models adversary behavior and attack mechanics. BSI models system‑level boundary failure — where adversaries, automation, and institutional limits interact in nonlinear ways beyond traditional threat frameworks.

COBIT governs executive oversight, accountability, and enterprise control. BSI governs the interstitial spaces where governance breaks down — when automation outruns leadership capacity and institutional decision‑making becomes insufficient.

Basel governs systemic financial risk and macro‑prudential stability. BSI governs systemic boundary risk — the cross‑domain failures that occur when technical, institutional, and adversarial systems interact beyond the scope of financial regulation.