FedRAMP (Federal Risk and Authorization Management Program) is a U.S. government-wide initiative that provides a standardized framework for assessing, authorizing, and continuously monitoring the security of cloud services used by federal agencies
SABSA – Sherwood Applied Business Security Architecture
SABSA (Sherwood Applied Business Security Architecture) is a business-driven security framework created by John Sherwood in the mid-1990s. It aims to develop a security strategy that aligns with an organization’s overall business goals, focusing on both technical security and business needs.
TOGAF – The Open Group Architecture Framework
TOGAF is a comprehensive framework that guides organizations in designing, planning, implementing, and managing their enterprise architecture. Initially developed in 1995 by The Open Group, TOGAF has evolved into the most popular and trusted enterprise architecture framework worldwide.
GRC – Governance Risk Compliance
Governance, Risk, and Compliance (GRC) is a comprehensive concept that describes the processes and policies designed for risk management, regulatory compliance, and information security protection within an organization.
AICPA – American Institute of Certified Public Accountants – SOC2
The American Institute of Certified Public Accountants (AICPA) SOC 2 (Service Organization Control 2) framework is a set of guidelines and requirements for service providers to demonstrate their ability to maintain a secure and reliable system for processing and storing customer data.
FISMA – Federal Information Security Modernization Act
The Federal Information Security Management Act (FISMA) is a United States federal law that was enacted in 2002 to establish a framework for ensuring the security of government information and systems
HIPAA – Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law that was passed in 1996. HIPAA sets national standards for the protection of individuals? health information, including electronic health records (EHRs).
GDPR – General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a comprehensive data protection framework that was introduced by the European Union (EU) in May 2018. The GDPR aims to provide individuals with greater control over their personal data, while also placing obligations on organizations that process personal data to ensure that they are handling it in a responsible and transparent manner.
National Institute of Standards and Technology (NIST) Special Publication 800-53
The National Institute of Standards and Technology (NIST) Special Publication 800-53 provides guidelines for the selection, implementation, and assessment of security and privacy controls for federal information systems and organizations. The publication is a framework that provides a comprehensive set of security and privacy controls for information systems and organizations and is intended to be used as a reference for securing information and information systems.
ISO/IEC – 27001
ISO 27001 is a globally recognized standard for information security management systems (ISMS) that provides a systematic approach for managing and protecting sensitive information assets