Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
28 views1 page

Risk and Security Control Frameworks

This document discusses various risk and security frameworks that organizations use to describe, model, and document risk, performance requirements, and security controls. It outlines frameworks from the National Institute of Standards and Technology (NIST), such as the Risk Management Framework and standards for security categorization, as well as frameworks from the International Organization for Standardization including guidance on information security management systems. Additional frameworks mentioned include COBIT, CSA STAR, FedRAMP, and PCI-DSS.

Uploaded by

S4chinmay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
28 views1 page

Risk and Security Control Frameworks

This document discusses various risk and security frameworks that organizations use to describe, model, and document risk, performance requirements, and security controls. It outlines frameworks from the National Institute of Standards and Technology (NIST), such as the Risk Management Framework and standards for security categorization, as well as frameworks from the International Organization for Standardization including guidance on information security management systems. Additional frameworks mentioned include COBIT, CSA STAR, FedRAMP, and PCI-DSS.

Uploaded by

S4chinmay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Risk and Security Control Frameworks

Organizations often use frameworks as tools to describe, model, and document risk to the
organization, performance requirements, and security controls. You should be familiar with
the risk and security frameworks commonly associated with the industry, including the
following:

National Institute of Standards and Technology --

 NIST SP 800-37: Guide for applying Risk Management Framework (RMF)


 NIST SP 800-53: Catalog of security controls for use in conjunction with the RMF
 NIST FIPS 140-2: Cryptographic module approval list
 NIST FIPS 199: Standards for security categorization

International Standards Organization

 ISO 27000 series: International Organization for Standardization (ISO) guidance on


information security, particularly:
o ISO 27001: The information security management system (ISMS)
o ISO 27002: Security controls list for use with the ISMS
 COBIT: ISACA framework for security management and governance
 CSA STAR: The Cloud Security Alliance Security Trust, Assurance, and Risk
program for cloud service providers
 FedRAMP: U.S. federal government framework for cloud service providers
 PCI-DSS: The Payment Card Industry Data Security Standard

You might also like