# Standards*

Name Description Category
AICPA SOC SOC for Service Organizations Auditing and Assurance
ANSI/BICSI 002-2019 Data Center Design and Implementation Best Practices Datacenter Design
ISO 28000:2022 Security and resilience - Security management systems - Requirements Supply Chain
ISO 31000:2018 Risk management Risk Management
ISO/IEC 15408-1:2022 Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model Common Criteria
ISO/IEC 17788:2014 Information technology - Cloud computing - Overview and vocabulary Cloud Computing
ISO/IEC 17789:2014 Information technology - Cloud computing - Reference architecture Cloud Computing
ISO/IEC 19086:2016 Information technology - Cloud computing - Service level agreement (SLA) framework SLAs
ISO/IEC 19941:2017 Information technology - Cloud computing - Interoperability and portability Cloud Computing
ISO/IEC 19944:2017 Information technology - Cloud computing - Cloud services and devices: Data flow, data categories and data use Cloud Computing
ISO/IEC 20000-1:2019 Information technology - Service management - Part 1: Service management system requirements
ISO/IEC 27001:2013 Information technology - Security techniques - Information security management systems - Requirements ISMS
ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection - Information security controls Best Practices
ISO/IEC 27005:2018 Information technology - Security techniques - Information security risk management Risk Management
ISO/IEC 27017:2015 Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services Cloud Computing
ISO/IEC 27018:2019 Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors PII in the Cloud
ISO/IEC 27034:2011 Information technology - Security techniques - Application security ONF/ANF
ISO/IEC 27036-1:2021 Cybersecurity - Supplier relationships - Part 1: Overview and concepts Supplier Relations
ISO/IEC 27037:2012 Information technology - Security techniques - Guidelines for identification, collection, acquisition and preservation of digital evidence Forensics
ISO/IEC 27040:2015 Information technology - Security techniques - Storage security Storage Security
ISO/IEC 27041:2015 Information technology - Security techniques - Guidance on assuring suitability and adequacy of incident investigative method Forensics
ISO/IEC 27042:2015 Information technology - Security techniques - Guidelines for the analysis and interpretation of digital evidence Forensics
ISO/IEC 27043:2015 Information technology - Security techniques - Incident investigation principles and processes Forensics
ISO/IEC 27050-1:2019 Information technology - Electronic discovery - Part 1: Overview and concepts eDiscovery
ISO/IEC 29100:2011 Information technology - Security techniques - Privacy framework
NFPA 70 National Electrical Code Datacenter Design
NFPA 75 Standard for the Fire Protection of Information Technology Equipment Datacenter Design
NFPA 76 Standard for the Fire Protection of Telecommunications Facilities Datacenter Design
NIST FIPS 140-3 Security Requirements for Cryptographic Modules Auditing and Assurance
NIST SP 500-292 Cloud Computing Reference Architecture Cloud Computing
NIST SP 500-293 Cloud Computing Technology Roadmap Cloud Computing
NIST SP 800-12 Rev. 1 An Introduction to Information Security
NIST SP 800-30 Guide for Conducting Risk Assessments Risk
NIST SP 800-37 Rev. 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy Risk
NIST SP 800-40 Rev. 3 Guide to Enterprise Patch Management Technologies
NIST SP 800-53 Rev. 5 Security and Privacy Controls for Federal Information Systems and Organizations
NIST SP 800-63 Digital Identity Guidelines Forensics
NIST SP 800-92 Guide to Computer Security Log Management
NIST SP 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) Breach Reporting
NIST SP 800-123 Guide to General Server Security
NIST SP 800-145 The NIST Definition of Cloud Computing Cloud Computing
NIST SP 800-146 Cloud Computing Synopsis and Recommendations
NIST SP 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations Supply Chain
PCI DSS Payment Card Industry Data Security Standards Security Management and Controls
Uptime Institute Tier Standards Security Management and Controls