Key Frameworks
ISO 27701
An international standard that acts as a privacy extension to the ISO 27001 to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS)
ISO 27002
An international standard that provides best practice recommendations on information security controls for use by those responsible for initiating, implementing, or maintaining information security management systems (ISMS)
Center for Internet Security (CIS)
Consensus-developed secure configuration guidelines for hardening (benchmarks) and prescriptive, prioritized, and simplified sets of cybersecurity best practices (configuration guides)
Cloud Security Alliance's Reference Architecture
A methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business
Risk Management Framework (RMF)
A process that integrates security and risk management activities into the system development life cycle through an approach to security control selection and specification that considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations
Cybersecurity Framework (CSF)
A set of industry standards and best practices created by NIST to help organizations manage cybersecurity risks
System and Organization Controls (SOC)
A suite of reports produced during an audit which is used by service organizations to issue validated reports of internal controls over those information systems to the users of those services
Cloud Security Alliance's Cloud Control Matrix
Designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider
ISO 31000
An international standard for enterprise risk management that provides a universally recognized paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies, and paradigms that differed between industries, subject matters, and regions
ISO 27001
An international standard that details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS)