# Frameworks * [Cybersecurity Maturity Model Certification (CMMC)](https://dodcio.defense.gov/CMMC/) * A framework designed by the U.S. Department of Defense to enhance and standardize the cybersecurity practices of defense contractors, ensuring the protection of sensitive information and improving overall security posture. * National Institute of Standards and Technology (NIST ) * [NIST Cybersecurity Framework (CSF)](https://www.nist.gov/cyberframework) * A set of guidelines and best practices to help organizations manage and improve their cybersecurity risk management processes, providing a flexible and customizable approach to enhancing cybersecurity resilience. * [NIST SP 800-53 Rev.5 Security and Privacy Controls for Information Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final) * A comprehensive set of security controls and guidelines for federal information systems in the United States. * [NIST SP 800-53A Rev.5 Assessing Security and Privacy Controls in Information Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/53/a/r5/final) * [NIST SP 800-53B Control Baselines for Information Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/53/b/upd1/final) * [NIST SP 800-171 Rev.2 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final) * A set of requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations. * [NIST SP 800-171A Assessing Security Requirements for Controlled Unclassified Information](https://csrc.nist.gov/pubs/sp/800/171/a/final) * [NIST 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171](https://csrc.nist.gov/pubs/sp/800/172/final) * [NIST 800-172A Assessing Enhanced Security Requirements for Controlled Unclassified Information](https://csrc.nist.gov/pubs/sp/800/172/a/final) * Federal Information Security Modernization Program ([FedRAMP](https://www.fedramp.gov)) * A U.S. government program that standardizes the security assessment, authorization, and continuous monitoring processes for cloud products and services, promoting a more secure environment for federal government data in the cloud. * [ISO 27001 Information security, cybersecurity, and privacy protection](https://www.iso.org/standard/27001) * An international standard for information security management systems (ISMS). It provides a framework for organizations to establish, implement, maintain, and continually improve an ISMS, ensuring the confidentiality, integrity, and availability of information * [SOC 2](https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2) * A framework developed by the American Institute of CPAs (AICPA) for managing and securing sensitive data. * Center for Internet Security ([CIS](https://www.cisecurity.org/controls)) * A set of best practices and guidelines designed to help organizations strengthen their cybersecurity posture * Payment Card Industry Data Security Standard ([PCI-DSS](https://www.pcisecuritystandards.org)) * A set of security standards designed to ensure the secure handling of payment card information during payment transactions. Developed by the Payment Card Industry Security Standards Council (PCI SSC), this standard applies to organizations that handle, process, or store credit card data * Cloud Security Alliance Cloud Control Matrix ([CCM](https://cloudsecurityalliance.org/research/cloud-controls-matrix/)) * A set of security controls and guidelines developed by the Cloud Security Alliance (CSA) to help organizations assess and manage the security risks associated with cloud computing. It provides a framework that organizations can use to evaluate the security posture of cloud service providers and ensure that appropriate security measures are in place * Adobe's Common Control Framework ([CCF](https://www.adobe.com/trust/compliance/adobe-ccf.html)) * Adobe has created a CCF that serves as an open, foundational security framework, streamlining over 1,350 requirements into Adobe-specific controls aligned with industry standards. * Sarbanes-Oxely Act ([SOX](https://sarbanes-oxley-act.com)) * General Data Protection Regulation ([GDPR](https://gdpr-info.eu)) * A data protection and privacy regulation in the European Union (EU). It governs the processing of personal data, providing individuals with greater control over their data and imposing obligations on organizations to handle personal information responsibly, ensuring transparency, and implementing robust security measures. * Health Insurance Portability and Accountability Act ([HIPAA](https://www.hhs.gov/hipaa/index.html)) * A U.S. federal law that sets standards for the protection and confidential handling of individuals' health information. HIPAA mandates secure storage, transmission, and privacy practices in the healthcare industry to safeguard patients' sensitive data and ensure the integrity of healthcare information systems.