This dataset contains information on various cybersecurity frameworks, including their descriptions, sources, years established, and core components. It serves as a reference for understanding the different approaches organizations can adopt to enhance their cybersecurity posture.
| Framework Name | Description | Source | Year Established | Core Components |
|---|---|---|---|---|
| NIST Cybersecurity Framework | A framework providing a policy framework of computer security guidance for how private sector organizations in the US can assess and improve their ability to prevent, detect, and respond to cyber attacks. | NIST | 2014 | Identify, Protect, Detect, Respond, Recover |
| CIS Controls | A set of cybersecurity best practices that provide specific and actionable ways to thwart the most pervasive attacks. | CIS | 2013 | Basic, Foundational, Organizational |
| ISO/IEC 27001 | International standard on how to manage information security. | ISO | 2005 | Plan, Do, Check, Act |
| ISO/IEC 27002 | A code of practice for information security controls. | ISO | 2007 | Security Controls |
| COBIT 2019 | A governance framework for enterprise IT management and governance. | ISACA | 2019 | Governance System, Governance Components |
| GDPR | General Data Protection Regulation; a regulation on data protection and privacy in the EU. | EU | 2018 | Data Protection Principles |
| PCI DSS | Payment Card Industry Data Security Standard; a set of security standards designed to ensure that firms that accept, process, store or transmit credit card information maintain a secure environment. | PCI Security Standards Council | 2006 | Build & Maintain, Protect Cardholder Data, Maintain Vulnerability Management, Implement Strong Access Control Measures, Regularly Monitor, Maintain an Information Security Policy |
| NIST SP 800-53 | Security and Privacy Controls for Information Systems and Organizations. | NIST | 2005 | Access Control, Awareness and Training, Audit and Accountability, Security Assessment |
| MITRE ATT&CK | A knowledge base for cyber adversary behaviors, used to develop threat models and methodologies. | MITRE | 2013 | Tactics, Techniques, Procedures |
| Cybersecurity Maturity Model Certification (CMMC) | A unifying standard for implementing cybersecurity across all nations in the defense industrial base. | DoD | 2020 | Domains, Practices |
| Critical Infrastructure Cybersecurity Framework (CICF) | A framework focused on the cybersecurity of critical infrastructure sectors. | CISA | 2018 | Identify, Protect, Detect, Respond, Recover |
| Fair Information Practices | A set of principles that govern the collection and use of personal information; used primarily in the realm of privacy. | FTC | 1973 | Notice/Awareness, Choice/Consent, Access/Participation |
| BISO Cybersecurity Framework | A framework tailored towards the unique requirements and characteristics of higher education institutions. | EDUCAUSE | 2019 | Assess, Respond, Protect, Monitor |
| EU Cybersecurity Act | Provides a framework for certification of cybersecurity products and services in the EU. | EU | 2019 | Security Certification, Cooperation |
| ICS-CERT | Industrial Control Systems Cyber Emergency Response Team providing cybersecurity services for industrial control systems. | DHS | 2011 | Incident Response, Vulnerability Coordination |
| Cyber Assurance Framework | A framework for organizations to evaluate their cybersecurity measures in a structured way. | Cyber Assurance | 2020 | Identify, Protect, Detect, Respond, Recover |
| TIC 3.0 | Trustworthy Internet Connections; guidance provided by the CISA for securing external connections in government networks. | CISA | 2019 | Connectivity Standards, Security Controls |
| ISO/IEC 27032 | Guidelines for cybersecurity, part of the ISO/IEC 27000 family. | ISO | 2012 | Stakeholder Engagement, Risk Management |
| CSA Cloud Controls Matrix | A cybersecurity control framework for cloud computing, providing a way to assess the security and compliance needs of cloud providers. | Cloud Security Alliance | 2013 | Domain, Control, Implementation |
| Cybersecurity Framework for Critical Infrastructure | NIST's guideline for cybersecurity risks to critical infrastructure sectors. | NIST | 2018 | Identify, Protect, Detect, Respond, Recover |
| Digital Operational Resilience Act (DORA) | Legislation by the EU to enhance the digital operational resilience of financial entities. | EU | 2022 | ICT Risk Management, Incident Reporting, Testing |
| NIST SP 800-171 | Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. | NIST | 2016 | Access Control, Awareness and Training, Incident Response |
| Risk Management Framework (RMF) | A structured process for integrating information security and risk management activities into the system development life cycle. | NIST | 2014 | Categorize, Select, Implement, Assess, Authorize, Monitor |
| ISO/IEC 27035 | Information security incident management; provides guidelines for incident management. | ISO | 2011 | Preparation, Detection, Response, Lessons Learned |
| Zero Trust Security Model | A security framework based on the principle of not trusting anything inside or outside the network by default. | NIST | 2010 | Verify, Limit Access, Assume Breach |
| Ransomware Preparedness Framework | Specialized framework dedicating to combatting ransomware attacks through proactive measures. | Cybersecurity & Infrastructure Security Agency | 2021 | Preparation, Detection, Response, Recovery |
| Global Cybersecurity Agenda (GCA) | An initiative led by ITU to promote cybersecurity globally. | International Telecommunication Union | 2007 | Capacity Building, International Cooperation, Cybercrime |
| Cyber Assurance Framework (CAF) | Framework developed for UK public sector organizations by the National Cyber Security Centre. | NCSC UK | 2019 | Governance, Risk Management, Assurance |
| Evolve Cybersecurity Framework | A comprehensive framework for emerging technology cybersecurity tools and strategies. | Tech America | 2020 | Assessment, Strategy, Execution |
| UK National Cyber Security Strategy | The UK government's strategy for cyber security to protect against cyber threats to the UK. | UK Government | 2022 | Defend, Deter, Develop |
| Privacy Guidelines for Personal Information | Guidelines established for protecting personal information in the digital age. | OECD | 2013 | Collection Limitation, Data Quality, Security Safeguards |
| Federated Cybersecurity Framework | A framework designed to allow different organizations to share threat intelligence collaboratively. | NIST | 2022 | Collaboration, Communications, Processes |
| Canadian Cyber Security Strategy | Canada's strategy to protect its information technology and critical infrastructure from cyber threats. | Canadian Government | 2018 | Leadership, Partnerships, Resilience |
| Cybersecurity Workforce Framework (NICE Framework) | A framework that identifies and defines the roles, skills, and knowledge required for the cybersecurity workforce. | NIST | 2017 | Categories, Specialty Areas, Work Roles |
| Security Framework for IoT | Framework specifically designed to address the unique security challenges Internet of Things devices bring. | NIST | 2020 | Identify, Protect, Detect, Respond, Recover |
| GDPR Compliance Framework | Framework providing guidance for organizations to achieve compliance with GDPR. | EU | 2018 | Awareness, Information Audits, Ambiguity Reduction |
| Health Insurance Portability and Accountability Act (HIPAA) Security Rule | Regulations for safeguarding electronic protected health information. | US Government | 2003 | Administrative Safeguards, Physical Safeguards, Technical Safeguards |
| Information Security Forum (ISF) Standard of Good Practice | A comprehensive framework and guidance on information security best practices. | ISF | 2020 | Governance, Risk Management, Information Security |
| Risk and Vulnerability Management Framework | A framework for managing cybersecurity risks in enterprise environments. | CISA | 2021 | Risk Assessment, Risk Mitigation, Ongoing Monitoring |
| American Bar Association Cybersecurity Principles | A set of principles related to cybersecurity for lawyers and law firms. | ABA | 2016 | Governance, Risk Management, Incident Response |
| European Union Agency for Cybersecurity (ENISA) Guidelines | Comprehensive guidelines provided by the EU for cybersecurity in various sectors and services. | ENISA | 2004 | Risk Assessment, Incident Response, Security Measures |
| Data Breach Response Framework | A framework that guides organizations on how to respond to data breaches effectively and legally. | NIST | 2020 | Preparation, Detection, Notification, Analysis |
| Cybersecurity Framework for Healthcare | Guidelines for improving the cybersecurity posture of healthcare organizations in the US. | HHS | 2017 | Risk Analysis, Access Control, Incident Response |
| ISO 22301 Business Continuity Management | A framework that outlines the best practices for managing a business continuity management system. | ISO | 2019 | Understand, Plan, Implement, Test |
| US Cybersecurity Strategy | The Federal Government's strategic plan to enhance US cybersecurity posture. | US Government | 2023 | Leadership, Partnerships, Cyber Resilience |
| Structured Cybersecurity Risk Assessment Framework | A structured approach to assess, manage, and mitigate cybersecurity risks. | CISA | 2021 | Risk Identification, Risk Analysis, Risk Governance |
| Incident Command System (ICS) for Cybersecurity | A standardized approach in managing responses to cybersecurity incidents. | FEMA | 2020 | Prepare, Respond, Recovery, Mitigation |
| Cloud Security Framework (CSF) | A framework that provides guidelines to address key aspects of cloud security. | Cloud Security Alliance | 2020 | Governance, Security Controls, Compliance |
| National Cybersecurity Strategy (Singapore) | Singapore's strategy to enhance its cybersecurity capabilities and resilience. | Singapore Government | 2020 | Cyber Awareness, Cyber Defense, Cyber Resilience |
| Cyber Threat Intelligence Sharing Framework | Framework designed to facilitate sharing of threat intelligence among organizations. | NIST | 2019 | Collection, Analysis, Dissemination |
| British Standards Institution Cyber Security Standards | A set of standards for managing cybersecurity risks across organizations. | BSI | 2020 | Governance, Risk Management, Operational Controls |
| Security and Privacy in AI Framework | A framework providing guidelines for integrating security and privacy into AI systems. | NIST | 2021 | Risk Assessment, Data Governance, Model Management |
| Zero Trust Architecture (ZTA) Framework | A security model that requires strict identity verification for every person and device trying to access resources on a private network. | NIST | 2020 | Never Trust, Always Verify |
| Cybersecurity for Smart Cities Framework | A framework tailored for addressing cybersecurity challenges in the context of smart cities. | NIST | 2020 | Identity Management, Access Control, Data Protection |
| Remote Work Cybersecurity Framework | Guidelines for ensuring cybersecurity in remote work environments. | CISA | 2021 | Threat Awareness, Home Security, Secure Connections |
| Incident Response Plan Template | A structured template for organizations to develop their incident response strategies and plans. | NIST | 2021 | Preparation, Identification, Containment, Eradication, Recovery |
| Data Protection Impact Assessment (DPIA) Framework | A framework to help organizations assess the privacy risks of their projects. | EU | 2018 | Describe, Assess, Consult, Mitigate |
| Mobile Device Management (MDM) Framework | Guidelines for securing the use of mobile devices in a business environment. | NIST | 2021 | Device Enrollment, Security Policies, Monitoring |
| Cybersecurity Capability Maturity Model (C2M2) | A model that helps organizations evaluate and improve their cybersecurity capabilities. | DOE | 2014 | Domain, Capability Areas, Maturity Levels |
| Supply Chain Risk Management Framework | Guidelines for identifying and managing cybersecurity risks in supply chains. | NIST | 2020 | Supply Chain Context, Risk Assessment, Risk Mitigation |
| Cybersecurity Assessment Frameworks for Telecommunications (CAFT) | Guidelines designed for evaluating cybersecurity in telecommunications sectors. | ITU | 2020 | Risk Management, Incident Reporting, Compliance |
| Digital Privacy Framework | A framework for managing and protecting digital privacy across organizations. | NIST | 2021 | Governance, Compliance, Data Protection |
| Incident Management and Cyber Defence Framework | A framework designed to manage incidents efficiently while defending systems against attacks. | NCSC | 2020 | Preparation, Identification, Containment, Recovery |
| Privacy by Design Framework | A principle-based approach that embeds privacy into the design specifications of technologies, business practices, and physical infrastructures. | ICO | 2012 | Proactive, Default Settings, Embedded into Design |
| Open Web Application Security Project (OWASP) Top Ten | A document outlining the top ten security risks related to web applications. | OWASP | 2021 | Injection, Broken Authentication, Sensitive Data Exposure |
| Threat and Vulnerability Management Framework | A comprehensive approach to managing vulnerabilities and related threats. | CIS | 2020 | Identify, Assess, Mitigate, Monitor |
| Cybersecurity Framework for Academic Institutions | Guidelines developed for improving cybersecurity posture in educational institutions. | EDUCAUSE | 2018 | Governance, Risk Management, Response Planning |
| Enterprise Architecture for Cybersecurity Framework | A framework used to align cybersecurity strategies with organizational objectives. | NIST | 2020 | Strategies, Models, Frameworks |
| Digital Forensics Framework | Framework designed for conducting digital forensic investigations. | NIST | 2021 | Collection, Examination, Analysis, Reporting |
| Facilitating Collaborative Cybersecurity Framework | A framework to aid collaboration between organizations for improved cybersecurity posture. | CISA | 2022 | Collaboration, Communication, Information Sharing |
| Blockchain Security Framework | Framework addressing security considerations specific to blockchain technologies. | NIST | 2020 | Data Integrity, Access Control, Privacy Preservation |
| Unified Security Framework (USF) | A holistic security architecture integrating several security frameworks for enterprise security. | Gartner | 2019 | Physical Security, IT Security, Employee Training |
| Graylog Cybersecurity Framework | Structured approach to using Graylog technology for security logging and monitoring. | Graylog | 2021 | Logging, Monitoring, Analysis |
| Cybersecurity Operational Risk Management Framework | A framework tailored to manage operational risks in cybersecurity. | ISO | 2023 | Identify, Assess, Manage, Monitor |
| Threat Modelling Framework | Guidelines for identifying, assessing, and mitigating threats in system designs. | OWASP | 2020 | Identify Assets, Identify Threats, Assess Vulnerabilities |
| Fraud Prevention Cybersecurity Framework | Framework to prevent fraud through cybersecurity measures. | Fraud Prevention Association | 2021 | Access Controls, Authentication, Monitoring |
| Social Media Cybersecurity Guidelines | Guidelines aimed at managing cybersecurity risks stemming from social media use. | NIST | 2020 | Privacy Practices, Secure Accounts, Incident Reporting |
| Compliance and Cybersecurity Assessment Framework | A framework to support organizations in achieving compliance while managing cybersecurity risks. | NIST | 2021 | Risk Assessment, Control Implementation, Audit |
| Cybersecurity Human Factors Framework | A framework addressing the human aspects of cybersecurity risk, including training and behavior. | NIST | 2019 | Create Awareness, Promote Good Practices, Continuous Improvement |
| Privacy in the Digital Age Framework | Standards and best practices for safeguarding privacy in a digital world. | FTC | 2022 | Notice, Choice, Access |
| International Cyber Security Framework | Guidelines for international cooperation and information sharing in cybersecurity. | UNCITRAL | 2020 | Coordination, Standardization, Mutual Assistance |
| Cybersecurity Baseline Framework | Framework for establishing minimum cybersecurity practices across different industries. | CISA | 2020 | Access Control, Asset Management, Incident Response |
| Cybersecurity Incident Response Framework | Guidelines that help organizations plan and execute responses to cybersecurity incidents. | CISA | 2020 | Pre-incident Planning, Detection, Response, Post-incident Handling |
| Cybersecurity Management Framework for Telecommunication | Guidelines for managing cybersecurity risks in telecommunication organizations. | ITU | 2021 | Risk Assessment, Incident Management, Compliance |
| CISO Cybersecurity Maturity Assessment Framework | Framework for Chief Information Security Officers to assess their cybersecurity maturity. | CISO | 2022 | Assess, Benchmark, Improve |
| Security Incident Management Framework | A structured approach to managing security incidents within an organization. | NIST | 2021 | Preparation, Detection, Analysis, Response |
| Cybersecurity Metrics and Reporting Framework | Guidelines for establishing metrics to report on cybersecurity performance and effectiveness. | NIST | 2021 | Define Metrics, Data Collection, Performance Reporting |
| Risk Management Framework for Cybersecurity for Government Agencies | Guidelines for implementing risk management practices for cybersecurity in government bodies. | US Government | 2022 | Risk Identification, Risk Assessment, Risk Mitigation |
| Malware Analysis and Incident Response Framework | Framework for analyzing malware and managing responses to malware incidents. | NIST | 2020 | Collection, Analysis, Response Strategies |
| Research Cybersecurity Guidelines | Guidelines for safeguarding research data and projects against cybersecurity threats. | NSF | 2021 | Data Management, Security Controls, Incident Response |
| Information Assurance Framework (IAF) | A methodology to evaluate and improve information assurance capabilities. | CISA | 2020 | Assessment Criteria, Technical Controls, Audit Tools |
| Public Sector Cybersecurity Framework | Comprehensive guidelines tailored for enhancing cybersecurity in public sector organizations. | CISA | 2021 | Governance, Risk Management, Incident Handling |
| User Education and Awareness Cybersecurity Framework | Framework developing user training and awareness programs for cybersecurity. | NIST | 2020 | Awareness Programs, Training Materials, Assessments |
| System Development Life Cycle (SDLC) and Cybersecurity Framework | Integrating security practices into the software development lifecycle. | OWASP | 2021 | Requirements Gathering, Design, Development, Testing |
| Data Loss Prevention (DLP) Framework | Framework focused on strategies for preventing the loss of sensitive data. | CISA | 2020 | Discovery, Protection, Monitoring |
| Cybersecurity Resilience Framework | A framework aimed at building resilience against cybersecurity incidents in organizations. | CIS | 2021 | Prevent, Prepare, Respond, Recover |
| Phishing Prevention Cybersecurity Framework | Framework designed to protect organizations from phishing attacks. | NIST | 2020 | User Education, Technical Controls, Reporting Mechanisms |
| Cybersecurity for Nonprofits Framework | Guidelines tailored for improving cybersecurity in nonprofit organizations. | CISA | 2020 | Risk Assessment, Training, Incident Response |
| Embedded Systems Cybersecurity Framework | Guidelines designed to protect embedded systems against cybersecurity threats. | NIST | 2021 | Security Requirements, Threat Modeling, Assurance |
| Cybersecurity and Privacy Framework for Public Health | Addressing cybersecurity and privacy concerns in public health organizations and systems. | CDC | 2021 | Data Protection, Risk Management, Incident Response |
| Smart Manufacturing Cybersecurity Framework | Framework designed for addressing cybersecurity in the context of smart manufacturing. | NIST | 2021 | Identify, Protect, Detect, Respond, Recover |
| Intelligent Transportation Systems Cybersecurity Framework | Guidance for managing cybersecurity risks in intelligent transportation systems. | NIST | 2022 | Risk Assessment, Vulnerability Testing, Incident Management |
| Secure Development Lifecycle (SDL) Guidelines | Security practices integrated into application development processes. | Microsoft | 2021 | Training, Threat Modeling, Security Testing |
| Cybersecurity Strategy for Agriculture | Framework for managing cybersecurity risks in the agriculture sector. | USDA | 2021 | Education, Collaboration, Risk Management |
| Cyber Incident Communication Framework | A framework for managing communication during cybersecurity incidents. | NIST | 2021 | Coordination, Communication Plans, Stakeholder Engagement |
| Government Cybersecurity Guidelines for Local Authorities | Guidelines tailored for local government authorities on managing cybersecurity risks. | CISA | 2021 | Cyber Risk Assessment, Incident Response Planning |
| Virtual Private Network (VPN) Security Framework | A framework for securing VPNs used in corporate environments. | CISA | 2020 | User Authentication, Encryption Protocols, Access Control |
| Remote Access Security Guidelines | Guidelines to secure remote access connections for an organization. | CISA | 2021 | Authentication, Encryption, Access Controls |
| Smart Grid Cybersecurity Framework | Guidelines specifically focused on managing cybersecurity risks in smart grid technology. | NIST | 2022 | Risk Assessment, Incident Response, Information Sharing |
| AI Cybersecurity Threat Assessment Framework | Framework designed to assess threats posed by AI technologies in cybersecurity. | NIST | 2022 | Threat Identification, Impact Analysis, Risk Management |
| Cybersecurity Insurer Guidelines | Framework developed for insurance companies to assess cybersecurity in potential clients. | NIST | 2022 | Risk Assessment, Underwriting Guidelines, Security Audits |
| Biometric Data Protection Framework | Guidelines focused on protecting biometric data in organizations. | NIST | 2021 | Data Encryption, Access Control, Monitoring |
| Home Network Security Framework | A framework providing guidelines to secure home networks. | CISA | 2021 | Network Configuration, Device Security, Maintenance |
| Gaming Cybersecurity Guidelines | Framework for securing online gaming environments and player data. | NIST | 2021 | Threat Modeling, Compliance, Data Protection |
| Enterprise Incident Response Framework | Comprehensive guidelines for managing incidents within enterprise environments. | CISA | 2021 | Detection, Analysis, Containment, Recovery |
| Cybersecurity Framework for Small Businesses | Guidelines specifically designed to address the cybersecurity needs of small businesses. | NIST | 2021 | Risk Assessment, Implementation, Continuous Monitoring |
| Cybersecurity Reset Framework | Framework for recovering from cybersecurity incidents and improving resiliency. | CISA | 2022 | Response, Recovery, Learning |
| Data Governance Framework for Cybersecurity | Guidelines for managing the governance of data in relation to cybersecurity. | NIST | 2021 | Roles and Responsibilities, Compliance, Risk Management |
| Network Security Monitoring Framework | Framework for implementing effective network security monitoring programs. | CISA | 2021 | Collect, Analyze, Respond |
| Healthcare Cybersecurity Framework (HCSF) | Framework aimed at improving cybersecurity in the healthcare sector. | HHS | 2021 | Access Control, Monitoring, Incident Response |
| Cybersecurity Investment Framework | Guidelines for organizations to assess cybersecurity investment and return. | CISA | 2021 | Risk Assessment, Cost-Benefit Analysis, Performance Metrics |
| Digital Twin Cybersecurity Framework | A framework focusing on the security considerations of digital twin technology. | NIST | 2022 | Threat Modeling, Risk Assessment, Monitoring |
| Cybersecurity Maturity Model for Manufacturing | A framework designed for enhancing cybersecurity posture in manufacturing sectors. | NIST | 2022 | Identify, Protect, Detect, Respond, Recover |
| Cybersecurity Education Framework | Framework aimed at developing education programs for cybersecurity professionals. | NIST | 2021 | Competency Development, Training, Accreditation |
| Intellectual Property Protection Framework | Guidelines for protecting intellectual property through cybersecurity measures. | NIST | 2021 | Identification, Risk Assessment, Protection Strategies |
| Cybersecurity Standards for Retail | Framework addressing cybersecurity standards in retail sectors. | NIST | 2020 | Access Control, Transaction Security, Incident Management |
| Social Engineering Prevention Framework | Framework designed to combat and prevent social engineering attacks. | NIST | 2021 | Awareness Training, Incident Reporting, Security Policies |
| Healthcare Data Privacy Framework | Guidelines for protecting patient information and health data privacy. | HHS | 2021 | Access Controls, Data Encryption, Incident Response |
| Remote Work Cybersecurity Best Practices | Guidelines for enhancing cybersecurity in remote work environments. | NIST | 2022 | Secure Authentication, Network Security, User Training |
| Cybersecurity Risk Analysis Framework | Framework designed for analyzing and prioritizing cybersecurity risks. | CISA | 2021 | Risk Identification, Risk Evaluation, Mitigation Planning |
| Smart Device Security Framework | Guidelines for securing connected smart devices in personal and corporate environments. | CISA | 2021 | Access Control, Configuration Management, Monitoring |
| Cybersecurity Incident Recovery Framework | A framework focused on effectively recovering from cybersecurity incidents. | NIST | 2022 | Response Planning, Recovery Strategies, Lessons Learned |
| Financial Sector Cybersecurity Framework | Guidelines for enhancing cybersecurity within financial institutions. | NIST | 2021 | Risk Assessment, Data Protection, Incident Response |
| Education Sector Cybersecurity Best Practices | Framework providing best practices for cybersecurity in educational institutions. | CISA | 2021 | Awareness Campaigns, Incident Management, Technical Controls |