What are cybersecurity standards?
Cybersecurity standards are collections of best practices created by experts to protect organizations from cyber threats and help improve their cybersecurity posture.
Cybersecurity frameworks are generally applicable to all organizations, regardless of their size, industry, or sector.
This page details the common cyber security compliance standards that form a strong basis for any cybersecurity strategy.
Free PDF download: Cybersecurity 101 – A guide for SMBs
Cybersecurity requires careful coordination of people, processes, systems, networks, and technology. Find out how to get started with the basics of cybersecurity while keeping costs to a minimum.
DFARS (Defense Federal Acquisition Regulation Supplement)
The DFARS is a DoD (Department of Defense) specific supplement to the FAR (Federal Acquisition Regulation). It provides acquisition regulations that are specific to the DoD.
DoD government acquisition officials, contractors, and subcontractors doing business with the DoD must adhere to the regulations in the DFARS.
Learn more about DFARs >>
Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) is a United States federal law enacted as Title III of the E-Government Act of 2002.
FISMA was put in place to strengthen information security within federal agencies, NIST, and the OMB (Office of Management and Budget).
It requires federal agencies to implement information security programs to ensure their information and IT systems’ confidentiality, integrity, and availability, including those provided or managed by other agencies or contractors.
Learn more about FISMA >>
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA), also known as the Kennedy–Kassebaum Act, is a federal law enacted in 1996.
It aims to make it easier for people to keep their health insurance when they change jobs, protect the confidentiality and security of health care information, and help the health care industry control its administrative costs.
Learn more about HIPAA >>
The international standard ISO 22301:2012 provides a best-practice framework for implementing an optimized BCMS (business continuity management system).
This enables organizations to minimize business disruption and continue operating in the event of an incident.
Learn more about ISO 22301 >>
ISO 27001 is the international standard that describes the requirements for an ISMS (information security management system).
The standard’s framework is designed to help organizations manage their security practices in one place, consistently and cost-effectively.
Learn more about ISO 27001 >>
ISO 27002 is the companion standard for ISO 27001. Organizations cannot certify to ISO 27002, but the standard aids ISO 27001 implementation by providing best practice guidance on applying the controls listed in Annex A of the standard
Learn more about ISO 27002 >>
ISO 27031 provides a framework of methods and processes improving an organization's ICT readiness to ensure business continuity.
Achieving compliance with ISO 27031 helps organizations understand the threats to ICT services, ensuring their safety in the event of an unplanned incident.
Learn more about ISO 27031 >>
ISO 27032 is the international standard offering guidance on cybersecurity management. It provides guidance on addressing a wide range of cybersecurity risks, including user endpoint security, network security, and critical infrastructure protection.
Learn more about ISO 27032 >>
ISO 27701 specifies the requirements for a PIMS (privacy information management system) based on the requirements of ISO 27001. It is extended by a set of privacy-specific requirements, control objectives, and controls.
Organizations that have implemented ISO 27001 can use ISO 27701 to extend their security efforts to cover privacy management. This can help demonstrate compliance with data protection laws such as the CCPA and the EU GDPR.
Learn more about ISO 27701 >>
NIST Cybersecurity Framework (CSF)
The NIST CSF is a voluntary framework primarily intended for critical infrastructure organizations to manage and mitigate cybersecurity risk based on existing best practices.
However, the NIST CSF has proven flexible enough to be implemented by non-US and non-critical infrastructure organizations.
Learn more about the NIST CSF >>
Ready to simplify your security? Let’s get started.
Let us share our expertise and support you on your journey to cybersecurity best practices.