Security

NIST CSF

What is the NIST CSF? The NIST Cybersecurity Framework, also known as the NIST CSF, enhances Critical Infrastructure Cybersecurity by providing a mechanism for evaluating and enhancing the capacity...
Security

CIS Controls

What are the CIS Controls? The CIS Critical Security Controls (CSC) are published by the Center for Internet Security (CIS) to assist organizations in better defending against well-known threats...
Security

OWASP ASVS

What is the OWASP ASVS? The Open Web Application Security Project (OWASP), is a non-profit international organization dedicated to improving the security of web applications. All of OWASP’s resources...
Privacy

CCPA

What is the CCPA Act? The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that governs how businesses all over the world may handle California residents’...
Privacy

GDPR

What is the GDPR? The General Data Protection Regulation (GDPR) is a European Union law that went into effect on May 25, 2018. It demands companies to protect personal...
Privacy

ISO 27701

What is ISO/IEC 27701? ISO/IEC 27701 establishes guidelines and describes standards for implementing, designing, maintaining, and continuing to improve a Privacy Information Management System as a complement to ISO/IEC...
Compliance

PCI DSS

What is PCI DSS? The Payment Card Industry Security Standards Council establishes technical and operational requirements to secure payment information. All retailers and organizations that process, handle, or distribute...
Compliance

FFIEC

What is the FFIEC? The Federal Financial Institutions Inspection Council (FFIEC) is a structured interagency body made up of five banking regulators who are in charge of the US...
Compliance

CMMC

What is the CMMC Standard? The CMMC certification methodology was developed by the Department of Defense (DoD) to guarantee that contractors have safeguards in place to secure sensitive data...
Compliance

HIPAA

What is HIPAA? The Health Insurance Portability and Transparency Act of 1996 (HIPAA), is a collection of regulations that ensure the lawful use and disclosure of protected health information...
Compliance

SOX

What is the Sarbanes-Oxley Act? Sarbanes-Oxley Act (SOX), is a regulation that was signed into law on July 30, 2002. For compliance, all institutional investors are expected to install...
Compliance

NERC CIP

What is NERC CIP compliance? The North American Electric Reliability Corporation (NERC) is a global regulatory authority that operates to reduce the risks associated with power grid infrastructure. This...
Compliance

NYDFS

What is the NYDFS Cybersecurity Regulation? The New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500) is a set of rules issued by the New York...
Security

HECVAT

What is HECVAT? The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a risk assessment template that was created in 2016 specifically for higher education institutions to assess vendor...
Privacy

FERPA

What is FERPA? The Family Educational Rights and Privacy Act (FERPA) of 1974, also known as the Buckley Amendment, is a Federal privacy law that protects the privacy of...
Security

COSO

What is the COSO Framework? The Committee of Sponsoring Organizations of the Treadway Commission (COSO), a voluntary private-sector initiative, was established in 1985 to improve business performance and governance...
Security

NIST 800-46

What is the NIST SP 800-46 framework? The US Commerce Department’s National Institute of Standards and Technology (NIST) is a non-regulatory body responsible for investigating and developing standards for...
Compliance

PSD2

What is PSD2? The Payment Services Directive (PSD) of 2007, was replaced by the Revised Payment Services Directive (PSD2) in 2015. PSD2 is a European Union (EU) Directive, administered...
Security

COBIT 5

What is COBIT 5? COBIT is an IT management framework created by ISACA (Information Systems Audit and Control Association), which helps organizations achieve their goals for governance and management...
Security

ICDM

What is the ICDM Framework? The Israeli Cyber Defense Methodology (ICDM), also known as The Corporate Defense Methodology is part of the National Defense Concept, which includes a variety...
Compliance

FedRAMP

What is FedRAMP? The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide framework that created a standardized process for assessing, authorizing and continuously monitoring cloud services...
Security

MITRE ATT&CK

What is the MITRE ATT&CK Framework? MITRE ATT&CK is a framework that organizes and categorizes the different approaches, strategies and procedures utilized by threat actors in the digital environment,...
Security

CSA

What is the CSA? The Cloud Security Alliance (CSA) is an organization committed to securing cloud computing environments by sharing best practices and raising awareness of the risks involved....
Compliance

GLBA

What is the GLBA Act? The Gramm-Leach-Bliley Act (GLBA), also recognized as the Financial Modernization Act of 1999, is a federal law in the United States that requires the...