This page contains links to various framework information. Its intended to provide links to security frameworks you may consider for use in your business. Below is a list of commonly used security frameworks.
| Security Framework | Description |
|---|---|
| NIST Cybersecurity Framework | A risk-based framework developed by the National Institute of Standards and Technology (NIST) that provides guidance for improving cybersecurity posture by managing and reducing cyber risks. |
| ISO/IEC 27001 | An international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). |
| CIS Controls | A set of best practices for cybersecurity developed by the Center for Internet Security (CIS) that provides a prioritized approach to safeguarding systems and data against common cyber threats. |
| PCI DSS | The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure the protection of cardholder data for organizations that process payment transactions. |
| COBIT | Control Objectives for Information and Related Technologies (COBIT) is a framework that provides a comprehensive set of controls and best practices for IT governance and management. |
| OWASP Top 10 | The Open Web Application Security Project (OWASP) Top 10 is a list of the most critical web application security risks, providing guidance on how to mitigate and address these vulnerabilities. |
| MITRE ATT&CK | A knowledge base and framework that provides information on the tactics, techniques, and procedures (TTPs) used by adversaries during cyber attacks, helping organizations improve their defenses. |
| HIPAA Security Rule | The Health Insurance Portability and Accountability Act (HIPAA) Security Rule sets standards for protecting electronic protected health information (ePHI) in the healthcare industry. |
| GDPR | The General Data Protection Regulation (GDPR) is a regulation in the European Union (EU) that addresses the protection and privacy of personal data and imposes obligations on organizations. |
| FedRAMP | The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach for assessing and authorizing cloud computing services used by U.S. government agencies. |
| CMMC | The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the Defense Industrial Base (DIB) to protect sensitive government information. |
Please note that this list is not exhaustive, and there are many other security frameworks and standards available. The selection provided represents some widely recognized frameworks in various domains of cybersecurity and data protection.