Cyber Security Standards, Cyber Safety, Network Security, Data Security, Information Security

Top 32 Cyber Security Standards

#1 NIST 800-53

The National Institute of Standards and Technology (NIST) Special Publication 800-53 is one of the most widely-used and accepted cyber security standards. This document provides a set of recommended security controls to help organizations protect their information systems and data. Additionally, 800-53 includes guidelines for implementing and managing these controls, which is particularly useful for organizations that need assistance with developing their own cyber security practices.

#2 ISO/IEC 27001

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have developed the ISO/IEC 27001 standard which sets out a code of practice for an Information Security Management System (ISMS). It outlines a series of steps that organizations can take in order to identify, manage and reduce the risks associated with information security. This standard is often paired with the ISO/IEC 27002 code of practice for information security management.

#3 SANS Top 20

The SANS Institute's Top 20 Critical Security Controls are a prioritized approach to cyber security. This list is derived from actual attacks, focusing on ensuring that basic security measures are in place. The controls are divided into four domains: Asset Identification, Secure Configuration, Vulnerability Remediation, and Incident Response. Following the SANS Top 20 is a great way to ensure your organization has a solid foundation for cyber security.

#4 PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure the security of credit and debit card transactions. This standard is developed and maintained by the Payment Card Industry Security Standards Council and is used to protect customers’ financial information from theft or fraud. Organizations that handle cardholder data must comply with the PCI DSS standard, which includes requirements for areas like network infrastructure, software design, and data storage.

#5 NIST 800-171

The National Institute of Standards and Technology (NIST) Special Publication 800-171 is a set of security requirements for protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations. CUI includes any information that does not hold classified or restricted status but still requires confidentiality. Organizations that handle CUI must adhere to the NIST 800-171 guidelines, which include requirements for areas such as personnel security, physical security, and access control.

#6 HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a US federal law that requires healthcare organizations to keep patient data secure and private. HIPAA’s administrative and technical safeguards establish guidelines for protecting both electronic and physical patient information. Organizations must also comply with the HIPAA Privacy Rule, which regulates how patient health information is shared and used

.

#7 DFARS

The Defense Federal Acquisition Regulation Supplement (DFARS) is a set of security standards developed by the United States Department of Defense (DoD). It provides security requirements for certain nonfederal systems that contain DoD information, including requirements for authentication, personnel screening, incident response, and access control. Additionally, it includes security requirements for electronic ordering, invoicing, and payments.

#8 CJIS Security Policy

The Criminal Justice Information Services (CJIS) Security Policy is a set of security standards developed by the Federal Bureau of Investigation (FBI). It provides strict requirements for accessing, storing, and transmitting sensitive criminal justice information and biometric data, as well as for the use of radios, telecommunications, wireless devices, and network hardware. All organizations that access or store CJIS data must comply with this policy.

#9 FISMA

The Federal Information Security Management Act (FISMA) is a set of security requirements created by the United States government to ensure the confidentiality, integrity, and availability of federal government information. FISMA includes detailed security requirements for areas such as physical security, personnel security, and system security. Organizations that work with the US federal government must adhere to the FISMA standard.

#10 ISO/IEC 27002

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have developed the ISO/IEC 27002 standard which provides a code of practice for information security management. This standard covers topics such as security policy, risk assessment, access control, and incident response. Organizations should consider this standard when developing their own security policies and procedures.