Cybersecurity Standards and Frameworks

What are cybersecurity frameworks and standards?

Cybersecurity standards are collections of best practices created by experts to protect organizations from cyber threats and help improve their cybersecurity posture. Cybersecurity frameworks are generally applicable to all organizations, regardless of their size, industry, or sector. Frameworks are often referred to as a standard. In reality, most frameworks are merely a repository of specific controls that are organized by control families (e.g., NIST CSF, ISO 27002, NIST SP 800-171, NIST SP 800-53, etc.).

DFARS (Defense Federal Acquisition Regulation Supplement)

The DFARS is a DoD (Department of Defense) specific supplement to the FAR (Federal Acquisition Regulation). It provides acquisition regulations that are specific to the DoD. DoD government acquisition officials, contractors, and subcontractors doing business with the DoD must adhere to the regulations in the DFARS.

Learn more about DFARs

Federal Information Security Management Act (FISMA)

The Federal Information Security Management Act (FISMA) is a United States federal law enacted as Title III of the E-Government Act of 2002.
FISMA was put in place to strengthen information security within federal agencies, NIST, and the OMB (Office of Management and Budget). It requires federal agencies to implement information security programs to ensure their information and IT systems’ confidentiality, integrity, and availability, including those provided or managed by other agencies or contractors.

Learn more about FISMA

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA), also known as the Kennedy–Kassebaum Act, is a federal law enacted in 1996. It aims to make it easier for people to keep their health insurance when they change jobs, protect the confidentiality and security of health care information, and help the health care industry control its administrative costs.

Learn more about HIPAA

ISO/IEC 27001

ISO 27001 is the international standard that describes the requirements for an ISMS (information security management system). The standard’s framework is designed to help organizations manage their security practices in one place, consistently and cost-effectively.

Learn more about ISO 27001

NIST Cybersecurity Framework (CSF)

The NIST CSF is a voluntary framework primarily intended for critical infrastructure organizations to manage and mitigate cybersecurity risk based on existing best practices. However, the NIST CSF has proven flexible enough to be implemented by non-US and non-critical infrastructure organizations.

Learn more about the NIST CSF

Print Friendly, PDF & Email