Standards

Manage multiple regulatory compliance frameworks
and standards in one platform

Centraleyes enables cyber risk teams to easily create and define frameworks to fit their specific needs, or choose from tens of pre-populated integrated risk and compliance frameworks. By mapping shared controls across frameworks, Centraleyes allows for a quicker, automated compliance process.

All Standards |Security

Insider Risk Mitigation

What is Insider Risk Mitigation (IRMPE)? In September 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) published the Insider Risk Mitigation Self-Assessment Tool (IRMPE). The IRMPE is a tool that allows businesses to evaluate their risk of insider threats. The Insider Risk Self-Assessment is intended to help business owners…

Ransomware Readiness Assessment

What is the Ransomware Readiness Assessment? The Ransomware Readiness Assessment (RRA) was released by the US Cybersecurity and Infrastructure Security Agency (CISA) in June 2021 as the latest addition to its Cyber Security Evaluation Tool (CSET). The RRA is a no-cost service to help any organization, regardless of size, understand…

FINRA

What is FINRA? FINRA, the Financial Industry Regulatory Authority, is a non-profit self regulatory organization that ensures the integrity of the market, allowing investors and firms to participate with confidence. FINRA is authorized by Congress to protect America’s investors by assuring that the broker-dealer sector functions fairly and ethically. They…

OWASP MASVS

What is OWASP MASVS? The Open Web Application Security Project (OWASP) is a non-profit international organization dedicated to improving the security of web applications. All of OWASP’s resources are freely accessible and easy to find on their website, enabling any company to enhance and develop the security and protection of…

NIST 800-82

What is the NIST SP 800-82 framework? The National Institute of Standards and Technology (NIST) Special Publication 800-82 offers detailed assistance regarding how to protect Industrial Control Systems (ICS), that are commonly used in the electric, water and wastewater, oil and natural gas, pulp and paper, pharmaceutical, chemical, food and…

NIST 800-207 (Zero Trust)

What is the Zero Trust Model? Zero trust is a growing security model that is based on the principle of enforcing strict access controls. The Zero Trust concept focuses on the notion that organizations shouldn’t give immediate trust to any internal or external source, and must always examine and uphold…

HECVAT

What is HECVAT? The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a risk assessment template that was created in 2016 specifically for higher education institutions to assess vendor risk. HECVAT was created by the Higher Education Information Security Council (HEISC) Shared Assessments Working Group, in collaboration with Internet2 and…

NIST SP 800-53

What is the NIST SP 800-53 framework? NIST SP 800-53 was created to provide federal agencies with standards and guidelines for protecting and managing their information security systems, as well as to ensure the security of citizens’ private data. It applies to any federal organization (except national security agencies) and,…

COSO

What is the COSO Framework? The Committee of Sponsoring Organizations of the Treadway Commission (COSO), a voluntary private-sector initiative, was established in 1985 to improve business performance and governance through effective internal control, enterprise risk management (ERM) and fraud deterrence. In 1992, COSO developed the Internal Control-Integrated Framework, a model…

NIST 800-46

What is the NIST SP 800-46 framework? The US Commerce Department’s National Institute of Standards and Technology (NIST) is a non-regulatory body responsible for investigating and developing standards for all federal agencies. The NIST 800-46 framework assists companies of all sizes, sectors and industries in safeguarding their IT systems and…

COBIT 5

What is COBIT 5? COBIT is an IT management framework created by ISACA (Information Systems Audit and Control Association), which helps organizations achieve their goals for governance and management of enterprise information and technology resources (IT). COBIT 5’s most recent version, was released in 2012. Simply put, COBIT 5 enables…

ICDM

What is the ICDM Framework? The Israeli Cyber Defense Methodology (ICDM), also known as The Corporate Defense Methodology is part of the National Defense Concept, which includes a variety of levels of security for the Israeli economy and organizational continuity. This methodology has been developed by Israel National Cyber Directorate…

OWASP ASVS

What is the OWASP ASVS? The Open Web Application Security Project (OWASP), is a non-profit international organization dedicated to improving the security of web applications. All of OWASP’s resources are freely accessible and easy to find on their website, enabling any company to enhance and develop the security and protection…

MITRE ATT&CK

What is the MITRE ATT&CK Framework? MITRE ATT&CK is a framework that organizes and categorizes the different approaches, strategies and procedures utilized by threat actors in the digital environment, assisting organizations in identifying cyber-defense gaps. The basis for MITRE ATT&CK came from Lockheed Martin’s Cyber Kill Chain. ​The framework aims…

ISO 27001

What is ISO/IEC 27001? ISO/IEC 27001 is a member of the ISO 27000 family of standards. The ISO 27001 standard, which replaces the BS7799-2 standard, is internationally accepted as a specification for an Information Security Management System (ISMS). It is one of the most widely used information security principles worldwide.…

CIS Controls

What are the CIS Controls? The CIS Critical Security Controls (CSC) are published by the Center for Internet Security (CIS) to assist organizations in better defending against well-known threats by converting critical security concepts into executable controls in order to reach a more comprehensive overall cybersecurity defensive strategy. The most…

CSA

What is the CSA? The Cloud Security Alliance (CSA) is an organization committed to securing cloud computing environments by sharing best practices and raising awareness of the risks involved. CSA draws on the subject matter of industry experts to provide cloud security-specific research, products and education. The CSA Security Trust…

NIST CSF

What is the NIST CSF? The NIST Cybersecurity Framework, also known as the NIST CSF, enhances Critical Infrastructure Cybersecurity by providing a mechanism for evaluating and enhancing the capacity of private and public sector entities that own, operate, or supply critical infrastructure to avoid, track, and react to cyber incidents.…