Information Security Controls

This post summarizes information security or cybersecurity control inventories.

List of Information Security Control Catalogues

Information Security Control Catalogues:

  • ISO/IEC 27002
  • NIST SP 800-53
  • OSA Control Catalogue

ISO/IEC 27002

ISO/IEC 27002 is officially titled “Information security, cybersecurity and privacy protection — Information security controls”, but it can be summarized as “Information security controls“.

NIST SP 800-53

NIST Special Publication 800-53, abbreviated as NIST SP 800-53 or NIST 800-53, is a standard developed by NIST CSRC. Its title is “Security and Privacy Controls for Information Systems and Organizations”.

CIS Critical Security Controls (CSC)

CIS Critical Security Controls (CSC), or CIS Critical Security Controls for Effective Cyber Defense, is a series of publications with best practices related to cybersecurity. It was informally known as CIS 20 because it consisted of 20 controls, but that is no longer the case.

It is now issued by CIS (Center for Security). Previously, it was published by SANS.

Official link

OSA Control Catalogue

Open Security Architecture (OSA) includes a control catalogue. As of 2023, its latest release is 11.02. It is based on NIST SP 800-53.


Customer Security Controls Framework (CSCF) is a security control framework within the SWIFT CSP (Customer Security Programme).

It is focused on financial institutions working within the SWIFT network.

As of 2023, the framework consist of 2 objectives, 7 principles and 32 controls.


CSA Cloud Controls Matrix (CSA CCM) is a cybersecurity control framework for cloud computing. It is developed by Cloud Star Alliance (CSA).

Official link

You might also be interested in…

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *