Department of Defense (DoD) Risk Management Framework (RMF) process for identifying, implementing, assessing, and managing cybersecurity capabilities and services. Provides a set of standards that enable DoD agencies to effectively manage cybersecurity risk and make more informed, risk-based decisions.

The Federal Risk and Authorization Management Program (FedRAMP®) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP empowers agencies to use modern cloud technologies, with emphasis on security and protection of federal information, and helps accelerate the adoption of secure, cloud solutions.

Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment to help organizations identify their risks and determine their cybersecurity preparedness.

The Federal Information Security Modernization Act is a U.S legislation that defines guidelines and standards for federal programs and contractors to protect government information, operations, and assets against threats.

The General Data Protection Regulation (GDPR) is a legal framework that requires organizations to safeguard personal data and uphold the privacy rights of anyone in European Union territory. GDPR sets guidelines for the collection and processing of personal information of individuals within the European Union.

HIPAA is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.

HITRUST Common Security Framework (HITRUST CSF) is a certifiable framework that provides the structure, transparency, guidance, and cross-references to authoritative sources organizations globally need to be certain of their data protection compliance. The initial development of the HITRUST CSF leveraged nationally and internationally accepted security and privacy-related regulations, standards, and frameworks–including ISO, NIST, PCI, HIPAA, and GDPR–to ensure a comprehensive set of security and privacy controls and continually incorporates additional authoritative sources. The HITRUST CSF standardizes these requirements, providing clarity and consistency and reducing the burden of compliance.

ISO 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO 27001 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

NIST SP 800-171 is a NIST Special Publication that provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI). Defense contractors must implement the recommended requirements contained in NIST SP 800-171 to demonstrate their provision of adequate security to protect the covered defense information included in their defense contracts, as required by DFARS clause 252.204-7012.

PCI Data Security Standard (PCI DSS) is a global standard that provides a baseline of technical and operational requirements for security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council.