SOC 2 is a standardized framework created by AICPA to demonstrate a company's security posture to potential customers.

ISO 27001:2022 is a global benchmark that demonstrates an optional Information Security Management System (ISMS) and is commonly used by businesses selling to customers outside of the US.

ISO 27017 provides guidance for information security controls applicable to the use and provision of cloud services.

PCI-DSS is a set of industry-mandated requirements to secure credit card data and provides support for Self-Assessment Questionnaire (SAQ) D, Service Provider (SP), and Report on Compliance (ROC) preparation.

NIST CSF is a voluntary guidance framework based on existing standards, guidelines, and practices, designed to help organizations manage and reduce cybersecurity risk.

NIST 800-171 is a set of recommended requirements for protecting the confidentiality of controlled unclassified information (CUI) for those working with the US government.

NIST 800-53 is a catalog of security and privacy controls for all U.S. federal information systems except those related to national security.

FedRAMP is a security framework that cloud service providers and cloud-based products must comply with in order to serve US Federal Agencies.

The AWS Foundational Technical Review (FTR) is a mandatory requirement for accessing several AWS Partner benefits, including the AWS Competency Program and the AWS ISV Accelerate Program.

Minimum Viable Secure Product (MVSP) is a minimalistic security checklist for B2B software and business process outsourcing suppliers.

The Open Finance Data Security Standard (OFDSS) is a cloud-first security framework that enhances data security for FinTech companies.

GDPR is a regulation by the European Union (EU) that protects the personal data and privacy of EU citizens.

HIPAA is a regulation in the United States (US) that aims to secure Protected Health Information (PHI).

CCPA/CPRA is a California regulation that provides new data privacy rights for residents.

ISO 27701 extends ISO 27001 by specifying the requirements for establishing, implementing, maintaining, and continually improving a privacy information management system (PIMS).

ISO 27018 establishes controls to protect Personally Identifiable Information (PII) in public cloud computing environments.

Microsoft SSPA is a mandatory compliance program for Microsoft suppliers working with Personal Data and/or Microsoft Confidential Data.

US Data Privacy (USDP) framework centralizes privacy regulations in CA, CO, CT, UT, and VA based on the Fair Information Practice Principles, and can be used to attest to compliance with new state privacy regulations as they are introduced.

FERPA The Family Educational Rights and Privacy Act provides guidelines for protecting student education records in the education industry.

COPPA The Children's Online Privacy Protection Act provides guidelines for protecting children's personal information in the retail and education industries.

HITRUST The Health Information Trust Alliance Common Security Framework is a comprehensive security and privacy framework specifically tailored for healthcare organizations.

SOX ITGC refers to a collection of IT controls that must be in place for organizations to achieve compliance with the Sarbanes-Oxley Act.

COSO which stands for the Committee of Sponsoring Organizations of the Treadway Commission is a set of guidelines that helps organizations design and implement internal controls to achieve their objectives.

ITIL is a framework for effectively managing IT services throughout the entire service lifecycle.

COBIT or Control Objectives for Information and Related Technology, is an IT governance framework created by ISACA (Information Systems Audit and Control Association) to help organizations govern and manage IT holistically.

Cybersecurity Capability Maturity Model (C2M2): A maturity model developed by the U.S. Department of Energy to assess and improve the cybersecurity capabilities of energy sector organizations.

Capability Maturity Model Integration (CMMI): A maturity model that provides a set of best practices for process improvement across multiple disciplines, including cybersecurity.

Cybersecurity Framework (CSF): A framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines for managing and reducing cybersecurity risk for organizations of all sizes and sectors.

ISO/IEC 27001: A widely recognized international standard for information security management that provides a systematic approach to managing sensitive company information.

NIST Risk Management Framework (RMF): A framework developed by NIST that provides a structured approach to managing cybersecurity risk for federal agencies and their contractors.

Open FAIR (Factor Analysis of Information Risk): A risk management framework that provides a standardized way to analyze and quantify information risk.

Payment Card Industry Data Security Standard (PCI DSS): A set of security standards established by major credit card companies to protect against credit card fraud.

Risk Management Maturity Model (RMMM): A maturity model that provides a framework for assessing and improving an organization's risk management processes.

The Resilience Capability Maturity Model (RCMM): A maturity model developed by the Software Engineering Institute to assess and improve an organization's resilience in the face of cyber threats and other disruptions.

SANS Top 20 Critical Security Controls: A prioritized set of security controls designed to provide a roadmap for effective cybersecurity risk management.