Information security management system (ISMS) (ISO/IEC 27000 Family) – ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27003, ISO/IEC 27004, ISO/IEC 27005, ISO/IEC 27006, and ISO/IEC 27007: These standards set the guidelines for maintaining & managing the infrastructure mainly for the company’s data centers to follow the certain legal, technical and physical policies to ensure confidentiality, integrity.
Common Criteria (ISO/IEC 15408): This standard established for the certification of IT products
ISO/IEC 18043: This standard helps organisation for deployment, and to established the operations of intrusion detection systems (IPS) within organisation’s IT infrastructure
Center of Internet Security, CIS (https://www.cisecurity.org/): CIS establish the security benchmarks for mobile devices, network devices, server operating systems, virtualisation platforms and cloud platforms, endpoints (Desktops), and web browsers. CIS standard establishes the benchmarks for security configuration guides and to govern the industry widely accept and are available for free. Most security auditing organisations used these benchmarks to evaluate the security configuration of IT infrastructure.
ISO 22301:2012: Standard is for Business Continuity Management System (BCMS)
National Information Security Technology (NIST) Standard Specification: This Standarad is an US-based agency that publishes cybersecurity-related standards. Majority of the cryptography-related standards comes from the NIST standard and different countries across the world majorly uses these standards. NIST 800-115 is an important standard for assessing the IT system.
SANS Security Policy Resource: This standard contains templates related to network devices, servers, and application security guidelines.
ISO 28000: ISO standard carries specification for security management systems for SCMS – Supply Chain Management System.
OWASP Foundation: OWASP is a non-profit organisation that continuously helps organisation in terms of setting up security compliances and standard for Web Application, mobile, web services, etc. In majority, the security auditing organisations follows these Top 10 security issues to categorise security vulnerabilities followed by the OWASP release guidelines.
ISO/IEC 27037: Is a guidelines for the identification, collection, acquisition, and preservation of digital evidence.
Payment Card Industry Data Security Standard (PCI DSS):It established the financials payment standards and organisation’s and sellers’ requirements to the transact credit card payments securely.
Cloud Security Alliance (CSA): Is a non-profit organisation that continuously publishes the best security standard practices focusing on the cloud security platforms.
ISO/SAE 21434: It covers the objective of automation in the domain of cybersecurity. It includes the list of requirements which are related to the cyber security risk management. It does also cover the cybersecurity process framework which helps to OEMs to come on a common platform and communicate risks related to security advisories.
ISO/IEC 20243-1: This standard refers Open Trusted Technology ProviderTM Standard (O-TTPS). ISO/IEC 20243-1 standard helps in mitigating the maliciously tainted and counterfeit products.
ISO/IEC 27400:2022: It provides the set of guidelines for IoT solutions. Also, it provides a list of risks, principles, and controls for the security and privacy for Internet of things (IOT) solutions.