This post summarizes information security or cybersecurity control inventories.
List of Information Security Control Catalogues
Information Security Control Catalogues:
- ISO/IEC 27002
- NIST SP 800-53
- CIS CSC
- OSA Control Catalogue
- SWIFT CSCF
- CSA CCM
ISO/IEC 27002
ISO/IEC 27002 is officially titled “Information security, cybersecurity and privacy protection — Information security controls”, but it can be summarized as “Information security controls“.
https://www.iso.org/standard/75652.html
NIST SP 800-53
NIST Special Publication 800-53, abbreviated as NIST SP 800-53 or NIST 800-53, is a standard developed by NIST CSRC. Its title is “Security and Privacy Controls for Information Systems and Organizations”.
https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/
CIS Critical Security Controls (CSC)
CIS Critical Security Controls (CSC), or CIS Critical Security Controls for Effective Cyber Defense, is a series of publications with best practices related to cybersecurity. It was informally known as CIS 20 because it consisted of 20 controls, but that is no longer the case.
It is now issued by CIS (Center for Security). Previously, it was published by SANS.
OSA Control Catalogue
Open Security Architecture (OSA) includes a control catalogue. As of 2023, its latest release is 11.02. It is based on NIST SP 800-53.
https://www.opensecurityarchitecture.org/cms/library/0802control-catalogue
SWIFT CSCF
Customer Security Controls Framework (CSCF) is a security control framework within the SWIFT CSP (Customer Security Programme).
It is focused on financial institutions working within the SWIFT network.
As of 2023, the framework consist of 2 objectives, 7 principles and 32 controls.
https://www.swift.com/myswift/customer-security-programme-csp/security-controls
CSA CCM
CSA Cloud Controls Matrix (CSA CCM) is a cybersecurity control framework for cloud computing. It is developed by Cloud Star Alliance (CSA).
[…] Information Security Controls […]