Standards
Manage multiple regulatory compliance frameworks and standards in one platform
NIST CSF
The NIST Cybersecurity Framework, also known as the NIST CSF, enhances Critical Infrastructure Cybersecurity by providing a mechanism for evaluating and enhancing the capacity of private and public sector entities that own, operate, or supply critical infrastructure to avoid, track, and react to cyber incidents. More..
NIST 800-53
NIST SP 800-53 was created to provide federal agencies with standards and guidelines for protecting and managing their information security systems, as well as to ensure the security of citizens' private data. More..
NIST 800-171
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Commerce Department, responsible for conducting research and establishing standards across all federal agencies. More..
NIST 800-82
The National Institute of Standards and Technology (NIST) Special Publication 800-82 offers detailed assistance regarding how to protect Industrial Control Systems (ICS), that are commonly used in the electric, water and wastewater, oil and natural gas, pulp and paper, pharmaceutical, chemical, food and beverage, as well as discrete manufacturing More..
NIST 800-46
The US Commerce Department's National Institute of Standards and Technology (NIST) is a non-regulatory body responsible for investigating and developing standards for all federal agencies. More..
ISO 27001
ISO/IEC 27001 is a member of the ISO 27000 family of standards. The ISO 27001 standard, which replaces the BS7799-2 standard, is internationally accepted as a specification for an Information Security Management System (ISMS). More..
PCI DSS
The Payment Card Industry Security Standards Council establishes technical and operational requirements to secure payment information. All retailers and organizations that process, handle, or distribute such info must follow the PCI DSS international standard. More..
HIPAA
The Health Insurance Portability and Transparency Act of 1996 (HIPAA), is a collection of regulations that ensure the lawful use and disclosure of protected health information (PHI). More..
GDPR
The General Data Protection Regulation (GDPR) is a European Union law that went into effect on May 25, 2018. It demands companies to protect personal data and enforce the privacy rights of anyone on EU State’s territory. More..
FFIEC
The Federal Financial Institutions Inspection Council (FFIEC) is a structured interagency body made up of five banking regulators who are in charge of the US federal government's audits of financial institutions. More..
COBIT 5
COBIT is an IT management framework created by ISACA (Information Systems Audit and Control Association), which helps organizations achieve their goals for governance and management of enterprise information and technology resources (IT). More..
NERC
The North American Electric Reliability Corporation (NERC) is a global regulatory authority that operates to reduce the risks associated with power grid infrastructure. More..
CCPA
The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that governs how businesses all over the world may handle California residents' personal information (PI). More..
MITRE ATT&CK
MITRE ATT&CK is a framework that organizes and categorizes the different approaches, strategies and procedures utilized by threat actors in the digital environment, assisting organizations in identifying cyber-defense gaps. More..
SIG
The Standardized Information Gathering (SIG) questionnaire is used to conduct an initial evaluation of suppliers, gathering information to determine how security risks are managed based on 18 individual risk controls. More..
GLBA
The Gramm-Leach-Bliley Act (GLBA), also recognized as the Financial Modernization Act of 1999, is a federal law in the United States that requires the protection of personally identifiable financial information relating to individuals. More..
NIST Privacy
The National Institute of Standards and Technology (NIST) recently released The Privacy Framework, which assists organizations in prioritizing privacy threats and outcomes, and achieving privacy goals regardless of company size, market, or industry. More..
DOD CMMC
The Department of Defense (DoD) created the DOD CMMC certification protocol to ensure that contractors have the safeguards in place to protect confidential data such as Federal Contract Information and Controlled Unclassified Information (CUI). More..
FERPA
The Family Educational Rights and Privacy Act (FERPA) of 1974, also known as the Buckley Amendment, is a Federal privacy law that protects the privacy of student education records. More..
NYDFS
The New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500) is a set of rules issued by the New York Department of Financial Services that imposes cybersecurity demands on all financial firms. More..
Soc 2
SOC 2 (System and Organization Controls 2) is an auditing process developed by the American Institute of CPAs (AICPA). Its primary initiative is to improve secure data management in organizations in order to gain privacy and security at both the business and personal levels. More..
CSA CMM
The Cloud Security Alliance (CSA) is the world’s leading organization helping to ensure a secure cloud computing environment. More..
NIST 800-207
Zero trust is a growing security model that is based on the principle of enforcing strict access controls. The Zero Trust concept focuses on the notion that organizations shouldn’t give immediate trust to any internal or external source, and must always examine and uphold anyone and anything that is requesting access to its systems. More..
SOX
Sarbanes-Oxley Act (SOX), is a regulation that was signed into law on July 30, 2002. For compliance, all institutional investors are expected to install and report internal accounting controls to the SEC (Securities and Exchange Commission). More..
CIS Controls
The CIS Critical Security Controls (CSC) are published by the Center for Internet Security (CIS) to assist organizations in better defending against well-known threats by converting critical security concepts into executable controls in order to reach a more comprehensive overall cybersecurity defensive strategy. More..
HECVAT
The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a risk assessment template that was created in 2016 specifically for higher education institutions to assess vendor risk. More..
ISO 27701
ISO 27701 is an addition to ISO 27001. ISO 27001-compliant organizations will be able to implement the requirements and controls of ISO 27701 as an extension to their existing security and privacy practices in order to achieve complete PII privacy. More..
CSA STAR
The Cloud Security Alliance (CSA) is an organization committed to securing cloud computing environments by sharing best practices and raising awareness of the risks involved. More..
COSO
The Committee of Sponsoring Organizations of the Treadway Commission (COSO), a voluntary private-sector initiative, was established in 1985 to improve business performance and governance through effective internal control, enterprise risk management (ERM) and fraud deterrence. More..
ISA/IEC 62443
The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) joined forces to develop the 62443 series. More..
NY SHIELD Act
On March 21, 2020, the data security provisions of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) came into force. More..
PSD2
The Payment Services Directive (PSD) of 2007, was replaced by the Revised Payment Services Directive (PSD2) in 2015. More..
ICDM
The Israeli Cyber Defense Methodology (ICDM), also known as The Corporate Defense Methodology is part of the National Defense Concept, which includes a variety of levels of security for the Israeli economy and organizational continuity. More..
ASVS
The Open Web Application Security Project (OWASP), is a non-profit international organization dedicated to improving the security of web applications. More..
FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide framework that created a standardized process for assessing, authorizing and continuously monitoring cloud services security. More..
