This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Cybersecurity Frameworkâs prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.
Link to NIST CyberSecurity Framework
Security and Privacy Controls for Information Systems and Organizations
This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile cyber attacks, natural disasters, structural failures, and human errors. The controls are customizable and implemented as part of an organization-wide process that manages information security and privacy risk.
The ISO/IEC 27000 family of standards helps organizations keep information assets secure.
Using this family of standards will help an organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to it by third parties.
ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).
There are more than a dozen standards in the 27000 family.
Read About ISO/IEC 27000
Additional Resources
Information technology — Security techniques — Information security management systems — Requirements
This International Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
The CIS Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The CIS Controls are a relatively short list of high-priority, highly effective defensive actions that provide a "must-do, do-first" starting point for every enterprise seeking to improve their cyber defense.
Link to Center for Internet Security (CIS)
Download CIS Controls
Information security standards for the electrical power industry.
Link to CIP Standards
Mapping to Critical Security Controls
CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
The Cloud Security Alliance promotes implementing best practices for providing security assurance within the domain of cloud computing and has delivered a practical, actionable roadmap for organizations seeking to adopt the cloud paradigm
Standard for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements
This standard applies to network-connectable products that shall be evaluated and tested for vulnerabilities, software weaknesses and malware. It describes requirements regarding the software developer (vendor or other supply chain member) risk management process for their product; methods by which a product shall be evaluated and tested for the presence of vulnerabilities, software weaknesses and malware; and, requirements regarding the presence of security risk controls in the architecture and design of a product.
BS EN 62676-1-1 – Video surveillance systems for use in security applications, Part 1-1: System requirements – General
This standard gives recommendations for CCTV installed for use in security and specifies minimum requirements. It specifies the minimum performance and functional requirements which should be agreed by the customer and installer as well as law enforcement agencies where needed. The standard also applies where the system shares detection, triggering, interconnection, control, communication or power supply with another security application such as an intruder alarm system.