ISO 27002 – A set of guidelines for managing information security, designed to help organizations establish, maintain, and improve their Information Security Management System (ISMS). Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
ISO 27005 – An international standard for IT risk management, helping organizations effectively protect sensitive data and anticipate the consequences of cyberattacks through the identification and assessment of security risks.
ISO/IEC 27017 – A standard for cloud service security, focused on providers. It supports the implementation of cloud-specific security controls and is compatible with ISO/IEC 27002 and 27001.
ISO 27018 – An international standard designed specifically for the protection of personal data in cloud computing. It extends ISO 27002 implementation guidance within ISO/IEC 27001 and provides recommendations for protecting personal data stored in the cloud.
ISO/IEC 27035 – An international standard offering detailed guidance for establishing an effective incident management process. It covers all phases, from initial detection to closure and post-incident analysis.
ISO 27701 – A privacy framework extending ISO 27001, helping organizations meet GDPR and other privacy law requirements.
ISO 22301 – An international standard for business continuity management. It sets requirements for planning, implementing, and maintaining a management system that protects organizations from disruptions, reduces their likelihood, and ensures fast recovery after incidents or disasters.
PCI DSS – The Payment Card Industry Data Security Standard regulating the processing of major credit card brands. Managed by the PCI Security Standards Council, it is mandatory for card processors. The goal is to improve cardholder data protection and reduce credit card fraud.
SOC 2 – A framework developed by AICPA (The American Institute of Certified Public Accountants) to help organizations protect customer data from unauthorized access and incidents. It focuses on five key areas: security, availability, processing integrity, confidentiality, and privacy.
NIST Cybersecurity Framework (CSF) 2.0 – The updated version of the original framework from the U.S. National Institute of Standards and Technology (NIST). Designed to help organizations manage and reduce cybersecurity risks.
NIST SP 800-171 – A publication outlining required security standards and practices for non-government organizations that handle CUI (Controlled Unclassified Information) in their networks and information systems.
NIST SP 800-53 – A security standard providing a catalog of controls for privacy and information system protection. Originally developed for U.S. federal agencies, since revision 5 it is applicable more broadly.
HIPAA (Health Insurance Portability and Accountability Act) – U.S. legislation protecting personal health information (PHI) maintained by covered entities, granting patients rights regarding their data.
FedRAMP (Federal Risk and Authorization Management Program) – A U.S. government compliance program offering a standardized approach to security assessment, authorization, and continuous monitoring for cloud service providers working with federal agencies.
CMMC (Cybersecurity Maturity Model Certification) – An assessment framework and certification program designed to increase confidence in compliance with various U.S. NIST-published standards.
