| NIST Cybersecurity Framework |
A framework providing a policy framework of computer security guidance for how private sector organizations in the US can assess and improve their ability to prevent, detect, and respond to cyber attacks. |
NIST |
2014 |
Identify, Protect, Detect, Respond, Recover |
| CIS Controls |
A set of cybersecurity best practices that provide specific and actionable ways to thwart the most pervasive attacks. |
CIS |
2013 |
Basic, Foundational, Organizational |
| ISO/IEC 27001 |
International standard on how to manage information security. |
ISO |
2005 |
Plan, Do, Check, Act |
| ISO/IEC 27002 |
A code of practice for information security controls. |
ISO |
2007 |
Security Controls |
| COBIT 2019 |
A governance framework for enterprise IT management and governance. |
ISACA |
2019 |
Governance System, Governance Components |
| GDPR |
General Data Protection Regulation; a regulation on data protection and privacy in the EU. |
EU |
2018 |
Data Protection Principles |
| PCI DSS |
Payment Card Industry Data Security Standard; a set of security standards designed to ensure that firms that accept, process, store or transmit credit card information maintain a secure environment. |
PCI Security Standards Council |
2006 |
Build & Maintain, Protect Cardholder Data, Maintain Vulnerability Management, Implement Strong Access Control Measures, Regularly Monitor, Maintain an Information Security Policy |
| NIST SP 800-53 |
Security and Privacy Controls for Information Systems and Organizations. |
NIST |
2005 |
Access Control, Awareness and Training, Audit and Accountability, Security Assessment |
| MITRE ATT&CK |
A knowledge base for cyber adversary behaviors, used to develop threat models and methodologies. |
MITRE |
2013 |
Tactics, Techniques, Procedures |
| Cybersecurity Maturity Model Certification (CMMC) |
A unifying standard for implementing cybersecurity across all nations in the defense industrial base. |
DoD |
2020 |
Domains, Practices |
| Critical Infrastructure Cybersecurity Framework (CICF) |
A framework focused on the cybersecurity of critical infrastructure sectors. |
CISA |
2018 |
Identify, Protect, Detect, Respond, Recover |
| Fair Information Practices |
A set of principles that govern the collection and use of personal information; used primarily in the realm of privacy. |
FTC |
1973 |
Notice/Awareness, Choice/Consent, Access/Participation |
| BISO Cybersecurity Framework |
A framework tailored towards the unique requirements and characteristics of higher education institutions. |
EDUCAUSE |
2019 |
Assess, Respond, Protect, Monitor |
| EU Cybersecurity Act |
Provides a framework for certification of cybersecurity products and services in the EU. |
EU |
2019 |
Security Certification, Cooperation |
| ICS-CERT |
Industrial Control Systems Cyber Emergency Response Team providing cybersecurity services for industrial control systems. |
DHS |
2011 |
Incident Response, Vulnerability Coordination |
| Cyber Assurance Framework |
A framework for organizations to evaluate their cybersecurity measures in a structured way. |
Cyber Assurance |
2020 |
Identify, Protect, Detect, Respond, Recover |
| TIC 3.0 |
Trustworthy Internet Connections; guidance provided by the CISA for securing external connections in government networks. |
CISA |
2019 |
Connectivity Standards, Security Controls |
| ISO/IEC 27032 |
Guidelines for cybersecurity, part of the ISO/IEC 27000 family. |
ISO |
2012 |
Stakeholder Engagement, Risk Management |
| CSA Cloud Controls Matrix |
A cybersecurity control framework for cloud computing, providing a way to assess the security and compliance needs of cloud providers. |
Cloud Security Alliance |
2013 |
Domain, Control, Implementation |
| Cybersecurity Framework for Critical Infrastructure |
NIST's guideline for cybersecurity risks to critical infrastructure sectors. |
NIST |
2018 |
Identify, Protect, Detect, Respond, Recover |
| Digital Operational Resilience Act (DORA) |
Legislation by the EU to enhance the digital operational resilience of financial entities. |
EU |
2022 |
ICT Risk Management, Incident Reporting, Testing |
| NIST SP 800-171 |
Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. |
NIST |
2016 |
Access Control, Awareness and Training, Incident Response |
| Risk Management Framework (RMF) |
A structured process for integrating information security and risk management activities into the system development life cycle. |
NIST |
2014 |
Categorize, Select, Implement, Assess, Authorize, Monitor |
| ISO/IEC 27035 |
Information security incident management; provides guidelines for incident management. |
ISO |
2011 |
Preparation, Detection, Response, Lessons Learned |
| Zero Trust Security Model |
A security framework based on the principle of not trusting anything inside or outside the network by default. |
NIST |
2010 |
Verify, Limit Access, Assume Breach |
| Ransomware Preparedness Framework |
Specialized framework dedicating to combatting ransomware attacks through proactive measures. |
Cybersecurity & Infrastructure Security Agency |
2021 |
Preparation, Detection, Response, Recovery |
| Global Cybersecurity Agenda (GCA) |
An initiative led by ITU to promote cybersecurity globally. |
International Telecommunication Union |
2007 |
Capacity Building, International Cooperation, Cybercrime |
| Cyber Assurance Framework (CAF) |
Framework developed for UK public sector organizations by the National Cyber Security Centre. |
NCSC UK |
2019 |
Governance, Risk Management, Assurance |
| Evolve Cybersecurity Framework |
A comprehensive framework for emerging technology cybersecurity tools and strategies. |
Tech America |
2020 |
Assessment, Strategy, Execution |
| UK National Cyber Security Strategy |
The UK government's strategy for cyber security to protect against cyber threats to the UK. |
UK Government |
2022 |
Defend, Deter, Develop |
| Privacy Guidelines for Personal Information |
Guidelines established for protecting personal information in the digital age. |
OECD |
2013 |
Collection Limitation, Data Quality, Security Safeguards |
| Federated Cybersecurity Framework |
A framework designed to allow different organizations to share threat intelligence collaboratively. |
NIST |
2022 |
Collaboration, Communications, Processes |
| Canadian Cyber Security Strategy |
Canada's strategy to protect its information technology and critical infrastructure from cyber threats. |
Canadian Government |
2018 |
Leadership, Partnerships, Resilience |
| Cybersecurity Workforce Framework (NICE Framework) |
A framework that identifies and defines the roles, skills, and knowledge required for the cybersecurity workforce. |
NIST |
2017 |
Categories, Specialty Areas, Work Roles |
| Security Framework for IoT |
Framework specifically designed to address the unique security challenges Internet of Things devices bring. |
NIST |
2020 |
Identify, Protect, Detect, Respond, Recover |
| GDPR Compliance Framework |
Framework providing guidance for organizations to achieve compliance with GDPR. |
EU |
2018 |
Awareness, Information Audits, Ambiguity Reduction |
| Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
Regulations for safeguarding electronic protected health information. |
US Government |
2003 |
Administrative Safeguards, Physical Safeguards, Technical Safeguards |
| Information Security Forum (ISF) Standard of Good Practice |
A comprehensive framework and guidance on information security best practices. |
ISF |
2020 |
Governance, Risk Management, Information Security |
| Risk and Vulnerability Management Framework |
A framework for managing cybersecurity risks in enterprise environments. |
CISA |
2021 |
Risk Assessment, Risk Mitigation, Ongoing Monitoring |
| American Bar Association Cybersecurity Principles |
A set of principles related to cybersecurity for lawyers and law firms. |
ABA |
2016 |
Governance, Risk Management, Incident Response |
| European Union Agency for Cybersecurity (ENISA) Guidelines |
Comprehensive guidelines provided by the EU for cybersecurity in various sectors and services. |
ENISA |
2004 |
Risk Assessment, Incident Response, Security Measures |
| Data Breach Response Framework |
A framework that guides organizations on how to respond to data breaches effectively and legally. |
NIST |
2020 |
Preparation, Detection, Notification, Analysis |
| Cybersecurity Framework for Healthcare |
Guidelines for improving the cybersecurity posture of healthcare organizations in the US. |
HHS |
2017 |
Risk Analysis, Access Control, Incident Response |
| ISO 22301 Business Continuity Management |
A framework that outlines the best practices for managing a business continuity management system. |
ISO |
2019 |
Understand, Plan, Implement, Test |
| US Cybersecurity Strategy |
The Federal Government's strategic plan to enhance US cybersecurity posture. |
US Government |
2023 |
Leadership, Partnerships, Cyber Resilience |
| Structured Cybersecurity Risk Assessment Framework |
A structured approach to assess, manage, and mitigate cybersecurity risks. |
CISA |
2021 |
Risk Identification, Risk Analysis, Risk Governance |
| Incident Command System (ICS) for Cybersecurity |
A standardized approach in managing responses to cybersecurity incidents. |
FEMA |
2020 |
Prepare, Respond, Recovery, Mitigation |
| Cloud Security Framework (CSF) |
A framework that provides guidelines to address key aspects of cloud security. |
Cloud Security Alliance |
2020 |
Governance, Security Controls, Compliance |
| National Cybersecurity Strategy (Singapore) |
Singapore's strategy to enhance its cybersecurity capabilities and resilience. |
Singapore Government |
2020 |
Cyber Awareness, Cyber Defense, Cyber Resilience |
| Cyber Threat Intelligence Sharing Framework |
Framework designed to facilitate sharing of threat intelligence among organizations. |
NIST |
2019 |
Collection, Analysis, Dissemination |
| British Standards Institution Cyber Security Standards |
A set of standards for managing cybersecurity risks across organizations. |
BSI |
2020 |
Governance, Risk Management, Operational Controls |
| Security and Privacy in AI Framework |
A framework providing guidelines for integrating security and privacy into AI systems. |
NIST |
2021 |
Risk Assessment, Data Governance, Model Management |
| Zero Trust Architecture (ZTA) Framework |
A security model that requires strict identity verification for every person and device trying to access resources on a private network. |
NIST |
2020 |
Never Trust, Always Verify |
| Cybersecurity for Smart Cities Framework |
A framework tailored for addressing cybersecurity challenges in the context of smart cities. |
NIST |
2020 |
Identity Management, Access Control, Data Protection |
| Remote Work Cybersecurity Framework |
Guidelines for ensuring cybersecurity in remote work environments. |
CISA |
2021 |
Threat Awareness, Home Security, Secure Connections |
| Incident Response Plan Template |
A structured template for organizations to develop their incident response strategies and plans. |
NIST |
2021 |
Preparation, Identification, Containment, Eradication, Recovery |
| Data Protection Impact Assessment (DPIA) Framework |
A framework to help organizations assess the privacy risks of their projects. |
EU |
2018 |
Describe, Assess, Consult, Mitigate |
| Mobile Device Management (MDM) Framework |
Guidelines for securing the use of mobile devices in a business environment. |
NIST |
2021 |
Device Enrollment, Security Policies, Monitoring |
| Cybersecurity Capability Maturity Model (C2M2) |
A model that helps organizations evaluate and improve their cybersecurity capabilities. |
DOE |
2014 |
Domain, Capability Areas, Maturity Levels |
| Supply Chain Risk Management Framework |
Guidelines for identifying and managing cybersecurity risks in supply chains. |
NIST |
2020 |
Supply Chain Context, Risk Assessment, Risk Mitigation |
| Cybersecurity Assessment Frameworks for Telecommunications (CAFT) |
Guidelines designed for evaluating cybersecurity in telecommunications sectors. |
ITU |
2020 |
Risk Management, Incident Reporting, Compliance |
| Digital Privacy Framework |
A framework for managing and protecting digital privacy across organizations. |
NIST |
2021 |
Governance, Compliance, Data Protection |
| Incident Management and Cyber Defence Framework |
A framework designed to manage incidents efficiently while defending systems against attacks. |
NCSC |
2020 |
Preparation, Identification, Containment, Recovery |
| Privacy by Design Framework |
A principle-based approach that embeds privacy into the design specifications of technologies, business practices, and physical infrastructures. |
ICO |
2012 |
Proactive, Default Settings, Embedded into Design |
| Open Web Application Security Project (OWASP) Top Ten |
A document outlining the top ten security risks related to web applications. |
OWASP |
2021 |
Injection, Broken Authentication, Sensitive Data Exposure |
| Threat and Vulnerability Management Framework |
A comprehensive approach to managing vulnerabilities and related threats. |
CIS |
2020 |
Identify, Assess, Mitigate, Monitor |
| Cybersecurity Framework for Academic Institutions |
Guidelines developed for improving cybersecurity posture in educational institutions. |
EDUCAUSE |
2018 |
Governance, Risk Management, Response Planning |
| Enterprise Architecture for Cybersecurity Framework |
A framework used to align cybersecurity strategies with organizational objectives. |
NIST |
2020 |
Strategies, Models, Frameworks |
| Digital Forensics Framework |
Framework designed for conducting digital forensic investigations. |
NIST |
2021 |
Collection, Examination, Analysis, Reporting |
| Facilitating Collaborative Cybersecurity Framework |
A framework to aid collaboration between organizations for improved cybersecurity posture. |
CISA |
2022 |
Collaboration, Communication, Information Sharing |
| Blockchain Security Framework |
Framework addressing security considerations specific to blockchain technologies. |
NIST |
2020 |
Data Integrity, Access Control, Privacy Preservation |
| Unified Security Framework (USF) |
A holistic security architecture integrating several security frameworks for enterprise security. |
Gartner |
2019 |
Physical Security, IT Security, Employee Training |
| Graylog Cybersecurity Framework |
Structured approach to using Graylog technology for security logging and monitoring. |
Graylog |
2021 |
Logging, Monitoring, Analysis |
| Cybersecurity Operational Risk Management Framework |
A framework tailored to manage operational risks in cybersecurity. |
ISO |
2023 |
Identify, Assess, Manage, Monitor |
| Threat Modelling Framework |
Guidelines for identifying, assessing, and mitigating threats in system designs. |
OWASP |
2020 |
Identify Assets, Identify Threats, Assess Vulnerabilities |
| Fraud Prevention Cybersecurity Framework |
Framework to prevent fraud through cybersecurity measures. |
Fraud Prevention Association |
2021 |
Access Controls, Authentication, Monitoring |
| Social Media Cybersecurity Guidelines |
Guidelines aimed at managing cybersecurity risks stemming from social media use. |
NIST |
2020 |
Privacy Practices, Secure Accounts, Incident Reporting |
| Compliance and Cybersecurity Assessment Framework |
A framework to support organizations in achieving compliance while managing cybersecurity risks. |
NIST |
2021 |
Risk Assessment, Control Implementation, Audit |
| Cybersecurity Human Factors Framework |
A framework addressing the human aspects of cybersecurity risk, including training and behavior. |
NIST |
2019 |
Create Awareness, Promote Good Practices, Continuous Improvement |
| Privacy in the Digital Age Framework |
Standards and best practices for safeguarding privacy in a digital world. |
FTC |
2022 |
Notice, Choice, Access |
| International Cyber Security Framework |
Guidelines for international cooperation and information sharing in cybersecurity. |
UNCITRAL |
2020 |
Coordination, Standardization, Mutual Assistance |
| Cybersecurity Baseline Framework |
Framework for establishing minimum cybersecurity practices across different industries. |
CISA |
2020 |
Access Control, Asset Management, Incident Response |
| Cybersecurity Incident Response Framework |
Guidelines that help organizations plan and execute responses to cybersecurity incidents. |
CISA |
2020 |
Pre-incident Planning, Detection, Response, Post-incident Handling |
| Cybersecurity Management Framework for Telecommunication |
Guidelines for managing cybersecurity risks in telecommunication organizations. |
ITU |
2021 |
Risk Assessment, Incident Management, Compliance |
| CISO Cybersecurity Maturity Assessment Framework |
Framework for Chief Information Security Officers to assess their cybersecurity maturity. |
CISO |
2022 |
Assess, Benchmark, Improve |
| Security Incident Management Framework |
A structured approach to managing security incidents within an organization. |
NIST |
2021 |
Preparation, Detection, Analysis, Response |
| Cybersecurity Metrics and Reporting Framework |
Guidelines for establishing metrics to report on cybersecurity performance and effectiveness. |
NIST |
2021 |
Define Metrics, Data Collection, Performance Reporting |
| Risk Management Framework for Cybersecurity for Government Agencies |
Guidelines for implementing risk management practices for cybersecurity in government bodies. |
US Government |
2022 |
Risk Identification, Risk Assessment, Risk Mitigation |
| Malware Analysis and Incident Response Framework |
Framework for analyzing malware and managing responses to malware incidents. |
NIST |
2020 |
Collection, Analysis, Response Strategies |
| Research Cybersecurity Guidelines |
Guidelines for safeguarding research data and projects against cybersecurity threats. |
NSF |
2021 |
Data Management, Security Controls, Incident Response |
| Information Assurance Framework (IAF) |
A methodology to evaluate and improve information assurance capabilities. |
CISA |
2020 |
Assessment Criteria, Technical Controls, Audit Tools |
| Public Sector Cybersecurity Framework |
Comprehensive guidelines tailored for enhancing cybersecurity in public sector organizations. |
CISA |
2021 |
Governance, Risk Management, Incident Handling |
| User Education and Awareness Cybersecurity Framework |
Framework developing user training and awareness programs for cybersecurity. |
NIST |
2020 |
Awareness Programs, Training Materials, Assessments |
| System Development Life Cycle (SDLC) and Cybersecurity Framework |
Integrating security practices into the software development lifecycle. |
OWASP |
2021 |
Requirements Gathering, Design, Development, Testing |
| Data Loss Prevention (DLP) Framework |
Framework focused on strategies for preventing the loss of sensitive data. |
CISA |
2020 |
Discovery, Protection, Monitoring |
| Cybersecurity Resilience Framework |
A framework aimed at building resilience against cybersecurity incidents in organizations. |
CIS |
2021 |
Prevent, Prepare, Respond, Recover |
| Phishing Prevention Cybersecurity Framework |
Framework designed to protect organizations from phishing attacks. |
NIST |
2020 |
User Education, Technical Controls, Reporting Mechanisms |
| Cybersecurity for Nonprofits Framework |
Guidelines tailored for improving cybersecurity in nonprofit organizations. |
CISA |
2020 |
Risk Assessment, Training, Incident Response |
| Embedded Systems Cybersecurity Framework |
Guidelines designed to protect embedded systems against cybersecurity threats. |
NIST |
2021 |
Security Requirements, Threat Modeling, Assurance |
| Cybersecurity and Privacy Framework for Public Health |
Addressing cybersecurity and privacy concerns in public health organizations and systems. |
CDC |
2021 |
Data Protection, Risk Management, Incident Response |
| Smart Manufacturing Cybersecurity Framework |
Framework designed for addressing cybersecurity in the context of smart manufacturing. |
NIST |
2021 |
Identify, Protect, Detect, Respond, Recover |
| Intelligent Transportation Systems Cybersecurity Framework |
Guidance for managing cybersecurity risks in intelligent transportation systems. |
NIST |
2022 |
Risk Assessment, Vulnerability Testing, Incident Management |
| Secure Development Lifecycle (SDL) Guidelines |
Security practices integrated into application development processes. |
Microsoft |
2021 |
Training, Threat Modeling, Security Testing |
| Cybersecurity Strategy for Agriculture |
Framework for managing cybersecurity risks in the agriculture sector. |
USDA |
2021 |
Education, Collaboration, Risk Management |
| Cyber Incident Communication Framework |
A framework for managing communication during cybersecurity incidents. |
NIST |
2021 |
Coordination, Communication Plans, Stakeholder Engagement |
| Government Cybersecurity Guidelines for Local Authorities |
Guidelines tailored for local government authorities on managing cybersecurity risks. |
CISA |
2021 |
Cyber Risk Assessment, Incident Response Planning |
| Virtual Private Network (VPN) Security Framework |
A framework for securing VPNs used in corporate environments. |
CISA |
2020 |
User Authentication, Encryption Protocols, Access Control |
| Remote Access Security Guidelines |
Guidelines to secure remote access connections for an organization. |
CISA |
2021 |
Authentication, Encryption, Access Controls |
| Smart Grid Cybersecurity Framework |
Guidelines specifically focused on managing cybersecurity risks in smart grid technology. |
NIST |
2022 |
Risk Assessment, Incident Response, Information Sharing |
| AI Cybersecurity Threat Assessment Framework |
Framework designed to assess threats posed by AI technologies in cybersecurity. |
NIST |
2022 |
Threat Identification, Impact Analysis, Risk Management |
| Cybersecurity Insurer Guidelines |
Framework developed for insurance companies to assess cybersecurity in potential clients. |
NIST |
2022 |
Risk Assessment, Underwriting Guidelines, Security Audits |
| Biometric Data Protection Framework |
Guidelines focused on protecting biometric data in organizations. |
NIST |
2021 |
Data Encryption, Access Control, Monitoring |
| Home Network Security Framework |
A framework providing guidelines to secure home networks. |
CISA |
2021 |
Network Configuration, Device Security, Maintenance |
| Gaming Cybersecurity Guidelines |
Framework for securing online gaming environments and player data. |
NIST |
2021 |
Threat Modeling, Compliance, Data Protection |
| Enterprise Incident Response Framework |
Comprehensive guidelines for managing incidents within enterprise environments. |
CISA |
2021 |
Detection, Analysis, Containment, Recovery |
| Cybersecurity Framework for Small Businesses |
Guidelines specifically designed to address the cybersecurity needs of small businesses. |
NIST |
2021 |
Risk Assessment, Implementation, Continuous Monitoring |
| Cybersecurity Reset Framework |
Framework for recovering from cybersecurity incidents and improving resiliency. |
CISA |
2022 |
Response, Recovery, Learning |
| Data Governance Framework for Cybersecurity |
Guidelines for managing the governance of data in relation to cybersecurity. |
NIST |
2021 |
Roles and Responsibilities, Compliance, Risk Management |
| Network Security Monitoring Framework |
Framework for implementing effective network security monitoring programs. |
CISA |
2021 |
Collect, Analyze, Respond |
| Healthcare Cybersecurity Framework (HCSF) |
Framework aimed at improving cybersecurity in the healthcare sector. |
HHS |
2021 |
Access Control, Monitoring, Incident Response |
| Cybersecurity Investment Framework |
Guidelines for organizations to assess cybersecurity investment and return. |
CISA |
2021 |
Risk Assessment, Cost-Benefit Analysis, Performance Metrics |
| Digital Twin Cybersecurity Framework |
A framework focusing on the security considerations of digital twin technology. |
NIST |
2022 |
Threat Modeling, Risk Assessment, Monitoring |
| Cybersecurity Maturity Model for Manufacturing |
A framework designed for enhancing cybersecurity posture in manufacturing sectors. |
NIST |
2022 |
Identify, Protect, Detect, Respond, Recover |
| Cybersecurity Education Framework |
Framework aimed at developing education programs for cybersecurity professionals. |
NIST |
2021 |
Competency Development, Training, Accreditation |
| Intellectual Property Protection Framework |
Guidelines for protecting intellectual property through cybersecurity measures. |
NIST |
2021 |
Identification, Risk Assessment, Protection Strategies |
| Cybersecurity Standards for Retail |
Framework addressing cybersecurity standards in retail sectors. |
NIST |
2020 |
Access Control, Transaction Security, Incident Management |
| Social Engineering Prevention Framework |
Framework designed to combat and prevent social engineering attacks. |
NIST |
2021 |
Awareness Training, Incident Reporting, Security Policies |
| Healthcare Data Privacy Framework |
Guidelines for protecting patient information and health data privacy. |
HHS |
2021 |
Access Controls, Data Encryption, Incident Response |
| Remote Work Cybersecurity Best Practices |
Guidelines for enhancing cybersecurity in remote work environments. |
NIST |
2022 |
Secure Authentication, Network Security, User Training |
| Cybersecurity Risk Analysis Framework |
Framework designed for analyzing and prioritizing cybersecurity risks. |
CISA |
2021 |
Risk Identification, Risk Evaluation, Mitigation Planning |
| Smart Device Security Framework |
Guidelines for securing connected smart devices in personal and corporate environments. |
CISA |
2021 |
Access Control, Configuration Management, Monitoring |
| Cybersecurity Incident Recovery Framework |
A framework focused on effectively recovering from cybersecurity incidents. |
NIST |
2022 |
Response Planning, Recovery Strategies, Lessons Learned |
| Financial Sector Cybersecurity Framework |
Guidelines for enhancing cybersecurity within financial institutions. |
NIST |
2021 |
Risk Assessment, Data Protection, Incident Response |
| Education Sector Cybersecurity Best Practices |
Framework providing best practices for cybersecurity in educational institutions. |
CISA |
2021 |
Awareness Campaigns, Incident Management, Technical Controls |