Compliance Policies
International Security Compliance Frameworks
- ISO/IEC 27001
- ISO/IEC 27002
- SOC 1 / SOC 2 / SOC 3 (AICPA TSC)
- PCI/DSS v4 (PCI/DSS v3)
- ANSI/ISA 62443-2013 (ISA-62443-2009)
- COBIT 5
- CIS CSC: (previously SANS Critical Security Controls)
- CCM - Cloud Controls Matrix, CSA - Cloud Security Alliance [Online, 2024-04-03]
US State & Federal Policy Frameworks
- CSF 1.x - NIST Cybersecurity Framework
- NIST CSF 2.x - NIST Cybersecurity Framework (NIST 2, NIST CSF)
- NIST 800-37 - Risk Management Framework
- NIST 800-53 - Security and Privacy Controls (Revision 5.) (Revision 4.)
- NIST 800-63 - Digital Identity Guidelines[Online, 2024-04-03]
- NIST 800-171 - Framework to Help Non-Federal Organizations Protect Controlled Unclassified Information (CUI)
- NIST CIF - Critical Infrastructure Framework
- FedRAMP - Federal Risk and Authorization Management Program
- NERC/CIP - Critical Infrastructure Protection
- CJIS - Criminal Justic Information Services Security Policy
- CNSSI No. 1253 - Security Categorization and Control Selection for National Security Systems
- FISMA - Federal Information Security Management Act
- HIPAA - Health Insurance Portability and Accountability Act
- DFARS - Defense Federal Acquisition Regulation Supplement
- CMMC - DoD’s Cybersecurity Maturity Model Certification
- DoD Cloud Computing Impact Levels (IL2, IL4, IL5, IL6)
- DoD STIGs - Security Technical Implementation Guides
- DoD SRGs - Security Requirements Guides
- DoD 8500.2 Instruction
- ICS-500-27 - Intelligence Community Standard
- NIAP PPs - Protection Profiles
- IRS BUSR - Internal Revenue Service Basicu UNIX Security Requirements
US Comercial Policy Frameworks
- HISTRUST CSF, A framework that tries to integrate other highly adopted frameworks into one comprehensive framework, HITRUST Alliance [Online, 2024-04-03]
- UL 2900 - general software cyber security requirements for (1 - network connectable products, 2 - healthcare systems, 3 - security and life safety signaling systems)
Non-US Regional Policy Frameworks
- EU - NIS2
- Australia - ISM - Information Security Manual
- France - ANSSI: Bonnes Pratiques
- Japan - ISMAP - Information System Security Management and Assessment Program
- Japan - FISC - Center for Financial Industry Information Systems[Online, 2024-04-03]
- Saudi Arabia - NCA CCC - Cloud Cybersecurity Controls - Adaptation of international and US Federal Frameworks
- Singapore - ABS-CCIG - Association of Banks in Singapore Cloud Computing Implementation Guide
- Spain - CNN STIC - regulations, guidelines, guides and recommendations developed by the National Cryptologic Centre (RHEL9 instance)
Financial Sector Specific Frameworks
- CRI Profile - Cyber Risk Intitute - The Profile [Online, 2024-04-03]
- IBM Cloud Framework for Financial Services
- 23 NYCRR 500
Privacy related Frameworks
- GLBA - Gramm-Leach-Bliley Act
- CCPA - California Consumer Privacy Act
- GDPR - General Data Protection Regulation
- HIPAA - Health Insurance Portability and Accountability Act
info alert: This article is a stub.
Last modification was made about 1 year ago.
- ComplianceAsCode - Compliance As Code is open source project providing implementation guidance for securing opensource other projects.