Journal of Intelligent Systems and Internet of Things JISIoT 2690-6791 2769-786X 10.54216/JISIoT https://www.americaspg.com/journals/show/4191 2019 2019 College of Computing and Information Technology, Information Technology Department, Shaqra University, 11961, Riyadh 11961, Saudi Arabia Saleh Saleh The proliferation of Internet of Things (IoT) technologies has transformed digital ecosystems, creating highly interconnected environments that demand robust and adaptive cybersecurity governance. Despite their widespread adoption, existing Information Technology Governance (ITG) frameworks—such as the NIST Cybersecurity Framework (CSF), ISOIEC 27001, Center for Internet Security (CIS) Controls, and ISAIEC 62443 vary considerably in scope, applicability, and alignment with the unique characteristics of IoT infrastructures. The absence of a unified approach to address IoT-specific challenges such as device heterogeneity, data provenance, and real-time monitoring underscores the need for a comprehensive comparative analysis. This study conducts a qualitative synthesis and thematic comparison of leading cybersecurity governance frameworks to evaluate their effectiveness in ensuring compliance and resilience within IoT-enabled environments. Each framework was examined across recurring governance domains, including risk management orientation, scalability, control comprehensiveness, interoperability, and contextual adaptability. The analysis integrated findings from scholarly literature, international standards documentation, and expert reports, allowing the identification of emergent patterns, convergences, and gaps in the frameworks’ conceptual foundations and implementation practices. The findings indicate that NIST CSF provides a highly flexible, sector-neutral architecture fostering adaptive governance, whereas ISOIEC 27001 offers formalized, audit-oriented structures suitable for organizations emphasizing certification and policy compliance. The CIS Controls framework emerges as practical and accessible, favoring rapid implementation and community-driven updates, while ISAIEC 62443 demonstrates unparalleled domain specificity and defense-in-depth design for industrial and cyber-physical systems. Nevertheless, all frameworks exhibit limitations when addressing IoT-centric issues such as dynamic risk contexts, interoperability among heterogeneous devices, and integration of operational and information technology governance layers. The study concludes that a composite, layered governance approach—anchored in the structural rigor of ISOIEC 27001, the adaptability of NIST CSF, the practicality of CIS Controls, and the industrial depth of ISAIEC 62443—can offer a more holistic foundation for IoT cybersecurity compliance. 2025 2025 458 487 10.54216/JISIoT.170230 https://www.americaspg.com/articleinfo/18/show/4191