I was recently asked on the CISSP subreddit about the difference between due care and due diligence.
The concepts are similar, but different by a small nuance.
Page 24 of the official study guide gives a very good overview.
Even though we’re in IT, I find it helpful to look at the problem through a money lens:
Let’s say a bank has taken the due care to establish a policy that all checks cashed must be endorsed.
The manager performs his due diligence when he reviews the checks at the end of the shift to ensure each one is endorsed.
Due diligence is practicing what you took the due care to preach.