Standards
Manage multiple regulatory compliance frameworks and standards in one platform
NIST 800-53
NIST SP 800-53 defines how they manage their information security systems, in order to better protect both the agencies and private data. While NIST SP 800-53 applies to any federal organization (aside from national security agencies), many private sector entities have adopted controls from this framework and its guidelines cover any component of an information system that stores, processes or transmits information. More..
NIST 800-171
NIST SP 800-171 defines how to protect and distribute Controlled Unclassified Information (CUI), which is not strictly regulated by the federal government but is sensitive and requires safeguarding. More..
NIST 800-82
The NIST Special Publication 800-82 serves as a comprehensive guidance on how to secure Industrial Control Systems (ICS). It identifies typical threats and vulnerabilities to these systems and provides recommended security countermeasures to mitigate the associated risks. More..
ISO 27001
The ISO 27001 framework is the internationally recognized best practice framework for an Information Security Management System (ISMS). It is applicable to all organizations, irrespective of size, type or nature. More..
PCI DSS
These security standards are set by the Payment Card Industry Security Standards Council (American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc) to protect cardholder data. More..
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) provides standards on the lawful use and disclosure of protected health information – This includes names, addresses, phone numbers, Social Security numbers, medical records, financial information and more. More..
FFIEC
The Federal Financial Institutions Examination Council (FFIEC) is an interagency body comprising five banking regulators responsible for US federal government examinations of US financial institutions. The FFIEC creates uniform standards and principles and develops standardized reporting systems. More..
COBIT 5
COBIT is an IT management framework developed by the ISACA global benchmarking association to help develop, organize and implement strategies around information management and governance. It allows enterprises to align existing controls with a variety of other standards and regulatory compliance requirements. More..
NERC
The North American Electric Reliability Corporation (NERC) is an international regulatory organization that works to reduce risks to power grid infrastructure. More..
DOD CMMC
The DOD CMMC procedure has been developed by the Department of Defense (DoD) to certify that contractors are protecting sensitive data. More..
FERPA
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. More..
NYDFS
This is a set of cybersecurity regulations from the NY Department of Financial Services (DFS) protecting both the financial services industry and its consumers. More..
Soc 2
Developed by the American Institute of CPAs (AICPA), SOC 2 is an auditing procedure that ensures service providers securely manage data to protect the interests and privacy of both a business and its clients. More..