Standard for personnel risk assessment, training, and security awareness. Part of the NERC CIP cybersecurity framework for the protection of the US Bulk Electric System.

Standard for the implementation of a physical security program for the protection of Critical Cyber Assets. Part of the NERC CIP cybersecurity framework for the protection of the US Bulk Electric System.

This prudential practice guide (PPG) targets areas where APRA’s ongoing supervisory activities continue to identify weaknesses. Topics addressed include the importance of an overarching framework, systematic IT asset life-cycle management, effective monit ...

Requirements for reporting disturbances or unusual occurrences, suspected or determined to be caused by sabotage. Part of the NERC CIP cyber security framework for the protection of the US Bulk Electric System.

This project supports the US Department of Homeland Security (DHS) Software Assurance Tools and R&D Requirements Identification Program. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of sof ...

Guidance on integrating essential information technology (IT) security steps into an established IT system development life cycle (SDLC)

The second edition of the Cloud Security Alliance (CSA) published guidelines for secure cloud computing, including an architectural framework, authoritative definition of cloud computing, and recommendations around cloud security. The CSA report tackles ...

Requires that Responsible Entities have minimum security management controls in place to protect Critical Cyber Assets. Part of the NERC CIP cyber security framework for the protection of the US Bulk Electric System.

This document describes the foundations of metrics, discusses application of these metrics to control system environments, introduces a metrics taxonomy, and suggests usage of metrics to achieve operational excellence. The security metrics work package ...

An framework for risk-sensitive secure software development. SAMM includes guidance on: 1) Evaluating an organization's existing software security practices; 2) Building a balanced software security program in well-defined iterations; 3) Demonstrating con ...

Instructions, recommendations, and considerations for interim measures to recover information system services after a disruption. The guide defines a seven-step contingency planning process that an organization may apply to develop and maintain a viable c ...

As part of the ongoing initiative to develop a unified information security framework for the federal government and its contractors, NIST has included security controls in its catalog for both national security and non national security systems. The upda ...

Contains an appendix cross-mapping HIPAA privacy and security requirements with various NIST 800 Series information security standards.

Standard for methods, processes, and procedures for securing cyber assets. Part of the NERC CIP cybersecurity framework for the protection of the US Bulk Electric System.

This Guide identifies and describes the key characteristics that make up any effective risk assessment methodology, thus providing a common set of criteria for evaluating any given risk assessment methodology against a clearly defined common set of essent ...

A practical framework for model-based risk management of security-critical systems by exploiting the synthesis of risk analysis methods with semiformal specification methods, supported by an adaptable open source tool-integration platform. Accompanied by

A standard for information security controls, including information risk analysis, security architecture, securing business applications, monitoring compliance, information classification, and information security strategy. (Free registration required for

VerIS is a set of metric definitions designed to provide a common language for describing security incidents in a structured and repeatable manner. The framework's goal is to lay a foundation on which security practitioners can constructively and coop ...