What are cybersecurity standards?
Cybersecurity standards are collections of best practice, created by experts to protect organisations from cyber threats.
Cybersecurity standards and frameworks are generally applicable to all organizations, regardless of their size, industry or sector.
This page details the common cyber security compliance standards that form a strong basis for any cybersecurity strategy.
DFARS (Defense Federal Acquisition Regulation Supplement)
The DFARS is a DoD (Department of Defense) specific supplement to the FAR (Federal Acquisition Regulation). It provides acquisition regulations that are specific to the DoD.
DoD government acquisition officials, contractors and subcontractors doing business with the DoD must adhere to the regulations in the DFARS.
Learn more about DFARs >>
Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) is a United States federal law that was enacted as Title III of the E-Government Act of 2002.
FISMA was put in place to strengthen information security within federal agencies, NIST, and the OMB (Office of Management and Budget).
It requires federal agencies to implement information security programs to ensure the confidentiality, integrity, and availability of their information and IT systems, including those provided or managed by other agencies or contractors.
Learn more about FISMA >>
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA), also known as the Kennedy–Kassebaum Act, is a federal law that was enacted in 1996.
It aims to make it easier for people to keep their health insurance when they change jobs, to protect the confidentiality and security of health care information, and to help the health care industry control its administrative costs.
Learn more about HIPAA >>
The international standard ISO 22301:2012 provides a best-practice framework for implementing an optimised BCMS (business continuity management system).
This enables organizations to minimise business disruption and continue operating in the event of an incident.
Learn more about ISO 22301 >>
ISO 27001 is the international standard that describes the requirements for an ISMS (information security management system).
The standard’s framework is designed to help organizations manage their security practices in one place, consistently and cost-effectively.
Learn more about ISO 27001 >>
ISO 27002 is the companion standard for ISO 27001. Organizations cannot certify to ISO 27002, but the standard aids ISO 27001 implementation by providing best practice guidance on applying the controls listed in Annex A of the standard
Learn more about ISO 27002 >>
ISO 27031 provides a framework of methods and processes improving an organization's ICT readiness to ensure business continuity.
Achieving compliance to ISO 27031 helps organizations understand the threats to ICT services, ensuring their safety in the event of an unplanned incident.
Learn more about ISO 27031 >>
ISO 27032 is the international standard offering guidance on cybersecurity management. It provides guidance on addressing a wide range of cybersecurity risks, including user endpoint security, network security, and critical infrastructure protection.
Learn more about ISO 27032 >>
ISO 27701 specifies the requirements for a PIMS (privacy information management system) based on the requirements of ISO 27001.
It is extended by a set of privacy-specific requirements, control objectives and controls.
Organizations that have implemented ISO 27001 will be able to use ISO 27701 to extend their security efforts to cover privacy management.
This can help demonstrate compliance with data protection laws such as the CCPA and the EU GDPR.
Learn more about ISO 27701 >>
NIST Cybersecurity Framework (CSF)
The NIST CSF is a voluntary framework primarily intended for critical infrastructure organizations to manage and mitigate cybersecurity risk based on existing best practice.
However, the NIST CSF has proven to be flexible enough to also be implemented by non-US and non-critical infrastructure organizations.
Learn more about the NIST CSF >>