Framework References
NIST Risk Management Framework (RMF)
Intelligence Community Standard (ICS) 500-27
SARBANES-OXLEY (SOX)
CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC)
Health Insurance Portability and Accountability Act (HIPAA)
CIS CRITICAL CONTROLS
THE NIST CYBERSECURITY FRAMEWORK (CSF)
FEDERAL RISK AND AUTHORIZATION MANAGEMENT PROGRAM (FEDRAMP)
THE CRIMINAL JUSTICE INFORMATION SERVICES (CJIS)
Continuous Diagnostics and Mitigation (CDM)
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Plan
Acceptable Risk Safeguards (ARS)
Additional Publications and Best Practices
NIST SPECIAL PUBLICATIONS
- SP 800-18 (Security Plans)
- SP 800-30 (Risk Assessment)
- SP 800-34 (Contingency Planning)
- SP 800-37 (Risk Management Framework)
- SP 800-39 (Organizational Risk Management)
- SP 800-53 (Security Controls)
- SP 800-53A (Security Controls Assessment)
- SP 800-59 (National Security Systems)
- SP 800-60 (Security Categorization), Vol 1
- SP 800-60 (Security Categorization), Vol 2
- SP 800-61 (Incident Response Planning)
- SP 800-82 (Industrial Control Systems)
- SP 800-137 (Continuous Monitoring)
- SP 800-171r (Controlled Unclassified Information), (CUI)