Framework References

nist rmf

NIST Risk Management Framework (RMF)

The Risk Management Framework (RMF) is a set of criteria that dictate how United States government IT systems must be architected, secured, and monitored.

nist rmf
sox

SARBANES-OXLEY (SOX)

SOX compliance is not just a legal obligation but also a good business practice. The goal of the legislation is to increase transparency in the financial reporting by corporations and to require a formalized system of checks and balances in each company.

sox
cmmc

CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC)

The CMMC measures the maturity of an organization’s cybersecurity processes and practices across five levels covering seventeen domains. The domains are broad categories of critical security functions such as Access Control, Identification and Authentication, Incident Response, etc. much like the control families from the NIST 800-53 security controls standard.

cmmc
hipaa

Health Insurance Portability and Accountability Act (HIPAA)

Through a series of interlocking regulatory rules, HIPAA compliance is a living culture that health care organizations must implement into their business in order to protect the privacy, security, and integrity of protected health information.

hipaa
cis

CIS CRITICAL CONTROLS

The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks.

cis
csf

THE NIST CYBERSECURITY FRAMEWORK (CSF)

The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.

csf
fedramp

FEDERAL RISK AND AUTHORIZATION MANAGEMENT PROGRAM (FEDRAMP)

The FedRAMP security controls are based on NIST SP 800-53 Revision 4 baselines and contain controls above the NIST baseline that address the unique elements of cloud computing.

fedramp
cjis

THE CRIMINAL JUSTICE INFORMATION SERVICES (CJIS)

CJIS compliance keeps networks on the same page when it comes to data security and encryption, and ensures that sensitive criminal justice intel is locked down.

cjis
CDM

Continuous Diagnostics and Mitigation (CDM)

The Cybersecurity and Infrastructure Security Agency’s Continuous Diagnostics and Mitigation (CDM) Program is leading the effort to reduce cyber risk and provide visibility across the federal government.

CDM
pci dss

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council.

pci dss
nerc cip

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Plan

The North American Electric Reliability Corporation Critical Infrastructure Protection plan is a set of requirements designed to secure the assets required for operating North America’s bulk electric system.

nerc cip
ARS

Acceptable Risk Safeguards (ARS)

The Centers for Medicare & Medicaid Services (CMS) Acceptable Risk Safeguards (ARS) provides guidance to CMS and its contractors as to the minimum acceptable level of required security controls that must be implemented by CMS and CMS contractors to protect CMS’ information and information systems, including CMS Sensitive Information.

ARS
additional publications

Additional Publications and Best Practices

additional publications

You are now leaving Qmulos

Qmulos provides links to web sites of other organizations in order to provide visitors with certain information. A link does not constitute an endorsement of content, viewpoint, policies, products or services of that web site. Once you link to another web site not maintained by Qmulos, you are subject to the terms and conditions of that web site, including but not limited to its privacy policy.

You will be redirected to
in 7 seconds...

Click the link above to continue or CANCEL