Framework Categories

The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks.

The NIST AI Risk Management Framework provides a comprehensive approach for organizations to design, develop, deploy, and use AI systems in a responsible and trustworthy manner.

ISO/IEC 27005 provides guidelines for information security risk management supporting ISO/IEC 27001.

FAIR is the only international standard quantitative model for information security and operational risk.

The CIS Critical Security Controls are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and networks.

NIST SP 800-207 defines zero trust architecture for preventing data breaches and limiting internal lateral movement.

ISO/IEC 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.

The NIST Privacy Framework enables organizations to take a comprehensive, risk-based approach to privacy.

The CTI-CMM is a community-driven framework designed to provide CTI programs with a roadmap to improve stakeholder support. It helps organizations assess and enhance their cyber threat intelligence capabilities through structured maturity levels and capability areas.

The Detection Engineering Maturity Matrix helps security operations teams measure capabilities and maturity of their detection function. It provides a high-level roadmap for organizations looking to build or expand detection engineering teams through people, process, technology, and detection content dimensions.