Information Security Controls

This post summarizes information security or cybersecurity control inventories.

List of Information Security Control Catalogues

Information Security Control Catalogues:

• ISO/IEC 27002
• NIST SP 800-53
• OSA Control Catalogue
• SWIFT CSCF

ISO/IEC 27002

ISO/IEC 27002 is officially titled “Information security, cybersecurity and privacy protection — Information security controls”, but it can be summarized as “Information security controls“.

https://www.iso.org/standard/75652.html

NIST SP 800-53

NIST Special Publication 800-53, abbreviated as NIST SP 800-53 or NIST 800-53, is a standard developed by NIST CSRC. Its title is “Security and Privacy Controls for Information Systems and Organizations”.

https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/

OSA Control Catalogue

Open Security Architecture (OSA) includes a control catalogue. As of 2023, its latest release is 11.02. It is based on NIST SP 800-53.

https://www.opensecurityarchitecture.org/cms/library/0802control-catalogue

SWIFT CSCF

Customer Security Controls Framework (CSCF) is a security control framework within the SWIFT CSP (Customer Security Programme).

It is focused on financial institutions working within the SWIFT network.

As of 2023, the framework consist of 2 objectives, 7 principles and 32 controls.

https://www.swift.com/myswift/customer-security-programme-csp/security-controls

You might also be interested in…

• IT Security Frameworks for Organization
• Enterprise IT Security Architecture Framework