Cybersecurity Frameworks and Standards
Last updated
Was this helpful?
Last updated
Was this helpful?
Was this helpful?
ISO/IEC 27001:2013 - An international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
NIST Cybersecurity Framework - A framework that provides a voluntary, risk-based approach to managing cybersecurity risk for critical infrastructure sectors.
NIST SP 800-53
NIST SP 800-115
CIS Controls - A set of cybersecurity best practices developed by the Center for Internet Security (CIS) that helps organizations implement specific security measures to protect against the most common cyber attacks.
Payment Card Industry Data Security Standard (PCI DSS) - A standard that outlines the security requirements for businesses that process credit card payments.
Health Insurance Portability and Accountability Act (HIPAA) Security Rule - A standard that outlines the security requirements for protecting electronic protected health information (ePHI) in the healthcare industry.
Federal Risk and Authorization Management Program (FedRAMP) - A standard that outlines the security requirements for cloud service providers that want to offer services to the federal government.
IEC 62443 - A series of international standards that provide guidelines for securing industrial control systems (ICS) and critical infrastructure.
Cloud Security Alliance (CSA) Cloud Controls Matrix - A framework that provides guidance for organizations to assess the security of cloud service providers.
Cybersecurity Capability Maturity Model (C2M2) - A framework that provides a standardized way to evaluate and improve an organization's cybersecurity maturity.
GDPR - General Data Protection Regulation - A set of regulations to strengthen data protection in the EU.
Criminal Justice Information Systems
NSA IAM