Information Security Controls

This post summarizes information security or cybersecurity control inventories.

List of Information Security Control Catalogues

Information Security Control Catalogues:

  • ISO/IEC 27002
  • NIST SP 800-53
  • CIS CSC
  • OSA Control Catalogue
  • SWIFT CSCF
  • CSA CCM
  • 2022 ENS’s annex 2
  • Magerit’s Catalog of Elements

ISO/IEC 27002

ISO/IEC 27002 is officially titled “Information security, cybersecurity and privacy protection — Information security controls”, but it can be summarized as “Information security controls“.

https://www.iso.org/standard/75652.html

NIST SP 800-53

NIST Special Publication 800-53, abbreviated as NIST SP 800-53 or NIST 800-53, is a standard developed by NIST CSRC. Its title is “Security and Privacy Controls for Information Systems and Organizations”.

https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/

CIS Critical Security Controls (CSC)

CIS Critical Security Controls (CSC), or CIS Critical Security Controls for Effective Cyber Defense, is a series of publications with best practices related to cybersecurity. It was informally known as CIS 20 because it consisted of 20 controls, but that is no longer the case.

It is now issued by CIS (Center for Security). Previously, it was published by SANS.

Official link

OSA Control Catalogue

Open Security Architecture (OSA) includes a control catalogue. As of 2023, its latest release is 11.02. It is based on NIST SP 800-53.

https://www.opensecurityarchitecture.org/cms/library/0802control-catalogue

SWIFT CSCF

Customer Security Controls Framework (CSCF) is a security control framework within the SWIFT CSP (Customer Security Programme).

It is focused on financial institutions working within the SWIFT network.

As of 2023, the framework consist of 2 objectives, 7 principles and 32 controls.

https://www.swift.com/myswift/customer-security-programme-csp/security-controls

CSA CCM

CSA Cloud Controls Matrix (CSA CCM) is a cybersecurity control framework for cloud computing. It is developed by Cloud Star Alliance (CSA).

Official link

2022 ENS’s annex 2

The annex 2 of the 2022 version of the Esquema Nacional de Seguridad (ENS) of Spain includes a list of controls.

You can read this post about ENS.

Magerit’s Catalog of Elements

The book II of Risk management framework Magerit has a book II titled “Catalog of Elements” (“Catálogo de elementos” in Spanish) that contains a list of security countermeasures, that can be considered controls.

You can read this post about Magerit.

You might also be interested in…

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *