top of page

Frameworks & Standards

Frameworks:

NIST Cybersecurity Framework (NIST CSF) – Developed by the National Institute of Standards and Technology (NIST), USA.

ISO/IEC 27001 – Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

COBIT – Managed by ISACA (Information Systems Audit and Control Association).

CIS Controls – Created by the Center for Internet Security (CIS).

PCI DSS – Overseen by the PCI Security Standards Council (PCI SSC).

SOC 2 – Administered by the American Institute of Certified Public Accountants (AICPA).

HITRUST CSF – Created and managed by the Health Information Trust Alliance (HITRUST).

MITRE ATT&CK – Managed by MITRE, a U.S. government-funded research organization.

SABSA – Developed by The SABSA Institute.

ITIL Security Management – Owned by Axelos.

Standards:

ISO/IEC 27001 – Published by ISO and IEC.
ISO/IEC 27002 – Published by ISO and IEC.
ISO/IEC 27701 – Published by ISO and IEC.
NIST SP 800-53 – Developed by NIST, USA.
ISO/IEC 27005 – Published by ISO and IEC.
PCI DSS – Overseen by PCI Security Standards Council.
NIST SP 800-171 – Developed by NIST, USA.
ISO/IEC 27017 – Published by ISO and IEC.
GDPR – Regulated by the European Union (EU).
SOX – Regulated by the U.S. Congress (Sarbanes-Oxley Act).

UK-specific frameworks and standards:

Cyber Essentials – Developed by the UK Government's National Cyber Security Centre (NCSC). It is a certification scheme to help organizations protect themselves against common cyber threats.

BS 10012 – Published by the British Standards Institution (BSI), this standard is for personal information management and helps organizations comply with GDPR requirements.

UK Data Protection Act 2018 – A UK-specific regulation that works alongside GDPR to regulate the handling of personal data within the UK.

NCSC 10 Steps to Cyber Security – A framework developed by the UK's National Cyber Security Centre to guide organizations in reducing cyber risk.

bottom of page