Standards
Manage multiple regulatory compliance frameworks and standards in one platform
NIST CSF
The NIST Cybersecurity Framework (CSF) was published in 2018, for the benefit of private and public sector organizations. It has been widely adopted as a structure for assessing and improving the ability to prevent, detect and respond to cyber incidents. More..
NIST 800-53
NIST SP 800-53 defines how they manage their information security systems, in order to better protect both the agencies and private data. While NIST SP 800-53 applies to any federal organization (aside from national security agencies), many private sector entities have adopted controls from this framework and its guidelines cover any component of an information system that stores, processes or transmits information. More..
NIST 800-171
NIST SP 800-171 defines how to protect and distribute Controlled Unclassified Information (CUI), which is not strictly regulated by the federal government but is sensitive and requires safeguarding. More..
NIST 800-82
The NIST Special Publication 800-82 serves as a comprehensive guidance on how to secure Industrial Control Systems (ICS). It identifies typical threats and vulnerabilities to these systems and provides recommended security countermeasures to mitigate the associated risks. More..
NIST 800-46
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the US Commerce Department, tasked with researching and establishing standards across all federal agencies. More..
ISO 27001
The ISO 27001 framework is the internationally recognized best practice framework for an Information Security Management System (ISMS). It is applicable to all organizations, irrespective of size, type or nature. More..
PCI DSS
These security standards are set by the Payment Card Industry Security Standards Council (American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc) to protect cardholder data. More..
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) provides standards on the lawful use and disclosure of protected health information – This includes names, addresses, phone numbers, Social Security numbers, medical records, financial information and more. More..
GDPR
The General Data Protection Regulation (GDPR) is a European Union law requiring organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory. More..
FFIEC
The Federal Financial Institutions Examination Council (FFIEC) is an interagency body comprising five banking regulators responsible for US federal government examinations of US financial institutions. The FFIEC creates uniform standards and principles and develops standardized reporting systems. More..
COBIT 5
COBIT is an IT management framework developed by the ISACA global benchmarking association to help develop, organize and implement strategies around information management and governance. It allows enterprises to align existing controls with a variety of other standards and regulatory compliance requirements. More..
NERC
The North American Electric Reliability Corporation (NERC) is an international regulatory organization that works to reduce risks to power grid infrastructure. More..
CCPA
The California Consumer Privacy Act (CCPA) regulates how businesses handle the personal information (PI) of California residents. CCPA applies to any for-profit businesses in the world selling the personal information of more than 50,000 California residents annually, deriving more than 50 percent of annual revenue from such information or with an annual gross revenue exceeding $25 million. More..
MITRE ATT&CK
MITRE ATT&CK is a platform that organizes and categorizes various types of tactics, techniques, and procedures used by threat actors in the digital world, helping organizations pinpoint gaps in their cyber-defenses. MITRE ATT&CK is based on Lockheed Martin’s Cyber Kill Chain. More..
SIG
The Standardized Information Gathering (SIG) questionnaire is used to perform an initial assessment of vendors, gathering information to determine how security risks are managed across 18 different risk domains. More..
GLBA
The Gramm-Leach-Bliley Act (GLBA) also known as the Financial Modernization Act of 1999, is a US federal law to protect the privacy and security of personally identifiable financial information. More..
NIST Privacy
The National Institute of Standards and Technology (NIST) recently published The Privacy Framework which helps organizations prioritize privacy risks and outcomes and achieve privacy goals, regardless of business size, sector, or industry. More..
DOD CMMC
The DOD CMMC procedure has been developed by the Department of Defense (DoD) to certify that contractors are protecting sensitive data. More..
FERPA
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. More..
NYDFS
This is a set of cybersecurity regulations from the NY Department of Financial Services (DFS) protecting both the financial services industry and its consumers. More..
Soc 2
Developed by the American Institute of CPAs (AICPA), SOC 2 is an auditing procedure that ensures service providers securely manage data to protect the interests and privacy of both a business and its clients. More..
CSA CMM
The Cloud Security Alliance (CSA) is the world’s leading organization helping to ensure a secure cloud computing environment. More..
NIST 800-207
Zero Trust security is an IT security model, developed by a Forrester analyst, that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter. More..
