Cybersecurity Frameworks and Standards

• ISO/IEC 27001:2013 - An international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

• NIST Cybersecurity Framework - A framework that provides a voluntary, risk-based approach to managing cybersecurity risk for critical infrastructure sectors.

  • NIST SP 800-53

  • NIST SP 800-115

• CIS Controls - A set of cybersecurity best practices developed by the Center for Internet Security (CIS) that helps organizations implement specific security measures to protect against the most common cyber attacks.

• Payment Card Industry Data Security Standard (PCI DSS) - A standard that outlines the security requirements for businesses that process credit card payments.

• Health Insurance Portability and Accountability Act (HIPAA) Security Rule - A standard that outlines the security requirements for protecting electronic protected health information (ePHI) in the healthcare industry.

• Federal Risk and Authorization Management Program (FedRAMP) - A standard that outlines the security requirements for cloud service providers that want to offer services to the federal government.

• IEC 62443 - A series of international standards that provide guidelines for securing industrial control systems (ICS) and critical infrastructure.

• Cloud Security Alliance (CSA) Cloud Controls Matrix - A framework that provides guidance for organizations to assess the security of cloud service providers.

• Cybersecurity Capability Maturity Model (C2M2) - A framework that provides a standardized way to evaluate and improve an organization's cybersecurity maturity.

• GDPR - General Data Protection Regulation - A set of regulations to strengthen data protection in the EU.

• Criminal Justice Information Systems

• NSA IAM