Reference Schemes - ATO Pathways

Shorthand	Name	Published by	Ref. Count
anssi	ANSSI: Bonnes pratiques	ssi.gouv.fr	61
cce	CCE: Common Configuration Enumeration	ncp.nist.gov	5168
cci	CCI: Control Correlation Identifier	public.cyber.mil	5100
cis_aliyun	CIS for Ubuntu Linux Enterprise Server	cisecurity.org	295
cis-csc	CSC: Critical Security Controls	cisecurity.org	18
cis_debian	CIS for Debian Linux	benchmarks.cisecurity.org	2
cis_kubernetes	CIS for Kubernetes	cisecurity.org	139
cis_oracle	CIS for Oracle Linux	cisecurity.org	1
cis_rhel	CIS for Red Hat Enterprise Linux	cisecurity.org	560
cis_suse	CIS for SuSE Linux Enterprise Server	cisecurity.org	237
cis_ubuntu	CIS for Ubuntu Linux Enterprise Server	cisecurity.org	322
cjis	CJIS: Criminal Justice Information Services Security Policy	fbi.gov	15
cni-cnncert-rhel9	CCN STIC for RHEL9 (CNN-STIC-610A22)	ccn-cert.cni.es	37
cnss	CNSSI No. 1253: Security Categorization and Control Selection for National Security Systems	cnss.gov	0
cobit5	COBIT®: Control Objectives for Information and Related Technologies	isaca.org	69
cui	SP 800-171 Rev. 1: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations	nvlpubs.nist.gov	39
dcid	DCID 6/9, Physical Security Standards for Sensitive Compartmented Information Facilities (SCIFs) was approved by the Director of Central Intelligence (DCI) on 30 January 1994.		0
hipaa	HIPAA: Health Insurance Portability and Accountability Act	gpo.gov	46
isa-62443-2009	ISA-62443-2-1-2009, Security for Industrial Automation and Control Systems Part 2-1: Establishing an Industrial Automation and Control Systems Security Program	isa.org	49
isa-62443-2013	ANSI/ISA-62443-3-3 (99.03.03)-2013 Security for industrial automation and control systems Part 3-3: System security requirements and security levels	isa.org	44
ism	ISM: Information Security Manual	cyber.gov.au	53
iso27001-2013	ISO/IEC 27001	iso.org	83
nerc-cip	CIP: Critical Infrastructure Protection	nerc.com	61
nist-csf	Framework for Improving Critical Infrastructure Cybersecurity	nvlpubs.nist.gov	47
nist-r4	NIST Special Publication 800-53 (Revision 4): Security and Privacy Controls for Federal Information Systems and Organizations	nvlpubs.nist.gov	310
nist-r5	NIST Special Publication 800-53 (Revision 5): Security and Privacy Controls for Federal Information Systems and Organizations	nvlpubs.nist.gov	0
ospp	OSPP: Protection Profile for General Purpose Operating Systems	niap-ccevs.org	43
pcidss3	PCI DSS v3: Payment Card Industry Data Security Standard	pcisecuritystandards.org	66
pcidss4	PCI DSS v4: Payment Card Industry Data Security Standard	docs-prv.pcisecuritystandards.org	65
stig-app	App SRG: Application Server Security Requirements Guide	public.cyber.mil	112
stig-os	GPOS SRG: General Purpose Operating System Security Requirements Guide	public.cyber.mil	187
stigref	STIG References, Finding IDs and Rule IDs	public.cyber.mil	2583
stig-unix	STIG: Security Technical Implementation Guides for UNIX/Linux Operating Systems	public.cyber.mil	2429

anssi

ANSSI: Bonnes pratiques

ssi.gouv.fr

61

cce

CCE: Common Configuration Enumeration

ncp.nist.gov

5168

cci

CCI: Control Correlation Identifier

public.cyber.mil

5100

cis_aliyun

CIS for Ubuntu Linux Enterprise Server

cisecurity.org

295

cis-csc

CSC: Critical Security Controls

cisecurity.org

18

cis_debian

CIS for Debian Linux

benchmarks.cisecurity.org

2

cis_kubernetes

CIS for Kubernetes

cisecurity.org

139

cis_oracle

CIS for Oracle Linux

cisecurity.org

1

cis_rhel

CIS for Red Hat Enterprise Linux

cisecurity.org

560

cis_suse

CIS for SuSE Linux Enterprise Server

cisecurity.org

237

cis_ubuntu

CIS for Ubuntu Linux Enterprise Server

cisecurity.org

322

cjis

CJIS: Criminal Justice Information Services Security Policy

fbi.gov

15

cni-cnncert-rhel9

CCN STIC for RHEL9 (CNN-STIC-610A22)

ccn-cert.cni.es

37

cnss

CNSSI No. 1253: Security Categorization and Control Selection for National Security Systems

cnss.gov

0

cobit5

COBIT®: Control Objectives for Information and Related Technologies

isaca.org

69

cui

SP 800-171 Rev. 1: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

nvlpubs.nist.gov

39

dcid

DCID 6/9, Physical Security Standards for Sensitive Compartmented Information Facilities (SCIFs) was approved by the Director of Central Intelligence (DCI) on 30 January 1994.

0

hipaa

HIPAA: Health Insurance Portability and Accountability Act

gpo.gov

46

isa-62443-2009

ISA-62443-2-1-2009, Security for Industrial Automation and Control Systems Part 2-1: Establishing an Industrial Automation and Control Systems Security Program

isa.org

49

isa-62443-2013

ANSI/ISA-62443-3-3 (99.03.03)-2013 Security for industrial automation and control systems Part 3-3: System security requirements and security levels

isa.org

44

ism

ISM: Information Security Manual

cyber.gov.au

53

iso27001-2013

ISO/IEC 27001

iso.org

83

nerc-cip

CIP: Critical Infrastructure Protection

nerc.com

61

nist-csf

Framework for Improving Critical Infrastructure Cybersecurity

nvlpubs.nist.gov

47

nist-r4

NIST Special Publication 800-53 (Revision 4): Security and Privacy Controls for Federal Information Systems and Organizations

nvlpubs.nist.gov

310

nist-r5

NIST Special Publication 800-53 (Revision 5): Security and Privacy Controls for Federal Information Systems and Organizations

nvlpubs.nist.gov

0

ospp

OSPP: Protection Profile for General Purpose Operating Systems

niap-ccevs.org

43

pcidss3

PCI DSS v3: Payment Card Industry Data Security Standard

pcisecuritystandards.org

66

pcidss4

PCI DSS v4: Payment Card Industry Data Security Standard

docs-prv.pcisecuritystandards.org

65

stig-app

App SRG: Application Server Security Requirements Guide

public.cyber.mil

112

stig-os

GPOS SRG: General Purpose Operating System Security Requirements Guide

public.cyber.mil

187

stigref

STIG References, Finding IDs and Rule IDs

public.cyber.mil

2583

stig-unix

STIG: Security Technical Implementation Guides for UNIX/Linux Operating Systems

public.cyber.mil

2429