Cybersecurity Standards captures the public, machine-readable, and reference frameworks that establish best practices for protecting information systems, networks, software, and data from cyber threats. The landscape is anchored by NIST publications (CSF 2.0, SP 800-53, 800-171, 800-218 SSDF, RMF), ISO/IEC 27001 / 27002, the CIS Critical Security Controls and Benchmarks, OWASP Top 10 and ASVS, PCI DSS, HITRUST CSF, SOC 2 Trust Services Criteria, and FedRAMP / StateRAMP cloud authorizations.
URL: Visit APIs.json URL
- Type: Index
- Position: Reference
- Access: 3rd-Party
- x-type: topic
- CIS Controls, Compliance, CSF, Cybersecurity, FedRAMP, Frameworks, HIPAA, HITRUST, Information Security, ISO 27001, ISO 27002, NIST, NIST 800-171, NIST 800-218, NIST 800-53, OSCAL, OWASP, PCI DSS, Risk Management, SOC 2, SSDF, Standards
- Created: 2025-01-01
- Modified: 2026-04-28
Voluntary risk-based framework organizing cybersecurity activities into six core functions (Govern, Identify, Protect, Detect, Respond, Recover).
- Human URL: https://www.nist.gov/cyberframework
Catalog of security and privacy controls used as the basis of FedRAMP and RMF. Available in machine-readable OSCAL.
Requirements for protecting Controlled Unclassified Information in non-federal systems. Foundation of CMMC.
Secure Software Development Framework referenced by EO 14028 procurement attestations.
International standard for information security management systems (ISMS). 2022 revision aligns with ISO/IEC 27002:2022 controls.
- Human URL: https://www.iso.org/standard/27001
Prescriptive controls (v8.1) and benchmarks for OSes, cloud platforms, and applications.
- Human URL: https://www.cisecurity.org/controls
Web application and API risk lists plus the Application Security Verification Standard.
- Human URL: https://owasp.org/Top10/
Payment Card Industry Data Security Standard for cardholder data environments.
- Human URL: https://www.pcisecuritystandards.org/
AICPA reporting framework against Security, Availability, Processing Integrity, Confidentiality, Privacy.
Standardized approach for U.S. federal agencies to authorize cloud services, anchored on NIST 800-53 baselines.
- Human URL: https://www.fedramp.gov/
- Map organizational controls to multiple frameworks (NIST, ISO, CIS, SOC 2)
- Author and exchange machine-readable controls via OSCAL
- Demonstrate FedRAMP, PCI DSS, SOC 2, ISO 27001 compliance
- Reference OWASP Top 10 in application security reviews
- Track CMMC alignment via NIST 800-171 implementation
- Building a unified compliance program across cloud customers
- Procurement attestations for federal contracts (EO 14028, FedRAMP)
- Vendor risk assessments using SOC 2 / ISO 27001 reports
- Application security baselines using OWASP ASVS
- Translating CSF outcomes to control implementations in 800-53 / ISO 27002
- NIST CSF
- NIST CSRC
- OSCAL Content
- ISO 27001
- CIS
- OWASP
- PCI Security Standards Council
- AICPA SOC 2
- FedRAMP
- HITRUST
FN: Kin Lane
Email: kin@apievangelist.com