Control

The Secure Controls Framework (SCF) integrates both cybersecurity and privacy requirements to help companies operationalize both cybersecurity and privacy by default.

The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services applying and enhancing NIST High baseline.

A National Institute of Standards and Technology (NIST) cybersecurity framework for organizations looking to select security controls for a high-impact system: where the consequences of compromised confidentiality, integrity, and availability of information are high.

The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense's (DoD) verification mechanism designed for contractors selling to DOD, that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks. CMMC Level 4 & 5: Review, documentation and reporting of the sustainment of the security controls with continuous monitoring and process improvements.

The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services applying and enhancing NIST Moderate baseline

A National Institute of Standards and Technology (NIST) cybersecurity framework for organizations looking to select security controls for a moderate-impact system: where the consequences of compromised confidentiality, integrity, and availability of information are moderate.

The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense's (DoD) verification mechanism designed for contractors selling to DOD, that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks. CMMC Level 3: Demonstrates good cyber hygiene and the effectiveness of control implementation.

National Institute of Standards and Technology (NIST) Special Publication 800-171 – provides recommended security controls for Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations.

A prioritized set of best practices created to protect against the ever-changing cyberattack threat landscape.

International Organization for Standardization (ISO) for Information security standards and control objectives published within publications ISO 27001 and IS0 27002.

Common Criteria (CC) is an international set of specifications and guidelines designed to evaluate information security products and systems. Common Criteria, officially known as the Common Criteria for Information Technology Security Evaluation, was developed to certify that products and systems meet a pre-defined security standard for government deployments. Security products that have undergone successful testing and evaluation are awarded Common Criteria certification. The standard was developed by the governments of the U.S., Canada, Germany, France, the UK and the Netherlands in 1994.

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy. The report can play an important role in oversight of the organization, vendor management programs, internal corporate governance and risk management processes, and regulatory oversight.

The Payment Card Industry Data Security (PCI DSS) Standard is an information security standard for organizations that handle branded credit cards.

The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services applying NIST Low baseline (typically SaaS with no PII)

A National Institute of Standards and Technology (NIST) cybersecurity framework for organizations looking to select security controls for a low-impact system: where the consequences of compromised confidentiality, integrity, and availability of information are low.

The Health Insurance Portability and Accountability Act (HIPAA) is the main U.S. Federal law that sets the standard for the privacy and security of personal health records.

The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense's (DoD) verification mechanism designed for contractors selling to DOD, that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks. CMMC Level 2: Documented policies, procedures, and strategic plans.

The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense's (DoD) verification mechanism designed for contractors selling to DOD, that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks. CMMC Level 1: Basic Cyber Hygiene, the foundation to higher levels of the CMMC model.

A National Institute of Standards and Technology (NIST) policy guideline helping private sector organizations to assess and to improve their ability to prevent, detect, and respond to cyber-attacks.

The Control Objectives for Information and Related Technologies (COBIT) is ISACA's framework for information technology (IT) management and IT governance.