Cybersecurity Frameworks and Standards

  • ISO/IEC 27001:2013 - An international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

  • NIST Cybersecurity Framework - A framework that provides a voluntary, risk-based approach to managing cybersecurity risk for critical infrastructure sectors.

    • NIST SP 800-53

    • NIST SP 800-115

  • CIS Controls - A set of cybersecurity best practices developed by the Center for Internet Security (CIS) that helps organizations implement specific security measures to protect against the most common cyber attacks.

  • Payment Card Industry Data Security Standard (PCI DSS) - A standard that outlines the security requirements for businesses that process credit card payments.

  • Health Insurance Portability and Accountability Act (HIPAA) Security Rule - A standard that outlines the security requirements for protecting electronic protected health information (ePHI) in the healthcare industry.

  • Federal Risk and Authorization Management Program (FedRAMP) - A standard that outlines the security requirements for cloud service providers that want to offer services to the federal government.

  • IEC 62443 - A series of international standards that provide guidelines for securing industrial control systems (ICS) and critical infrastructure.

  • Cloud Security Alliance (CSA) Cloud Controls Matrix - A framework that provides guidance for organizations to assess the security of cloud service providers.

  • Cybersecurity Capability Maturity Model (C2M2) - A framework that provides a standardized way to evaluate and improve an organization's cybersecurity maturity.

  • GDPR - General Data Protection Regulation - A set of regulations to strengthen data protection in the EU.

  • Criminal Justice Information Systems

  • NSA IAM

PreviousPageNextCREST

Last updated