You've landed upon a new page being designed specifically for the latest exam objectives. This page is currently under design review and will be updated routinely.
#
Standards*
Name | Description | Category |
---|---|---|
AICPA SOC | SOC for Service Organizations | Auditing and Assurance |
ANSI/BICSI 002-2019 | Data Center Design and Implementation Best Practices | Datacenter Design |
ISO 28000:2022 | Security and resilience - Security management systems - Requirements | Supply Chain |
ISO 31000:2018 | Risk management | Risk Management |
ISO/IEC 15408-1:2022 | Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model | Common Criteria |
ISO/IEC 17788:2014 | Information technology - Cloud computing - Overview and vocabulary | Cloud Computing |
ISO/IEC 17789:2014 | Information technology - Cloud computing - Reference architecture | Cloud Computing |
ISO/IEC 19086:2016 | Information technology - Cloud computing - Service level agreement (SLA) framework | SLAs |
ISO/IEC 19941:2017 | Information technology - Cloud computing - Interoperability and portability | Cloud Computing |
ISO/IEC 19944:2017 | Information technology - Cloud computing - Cloud services and devices: Data flow, data categories and data use | Cloud Computing |
ISO/IEC 20000-1:2019 | Information technology - Service management - Part 1: Service management system requirements | |
ISO/IEC 27001:2013 | Information technology - Security techniques - Information security management systems - Requirements | ISMS |
ISO/IEC 27002:2022 | Information security, cybersecurity and privacy protection - Information security controls | Best Practices |
ISO/IEC 27005:2018 | Information technology - Security techniques - Information security risk management | Risk Management |
ISO/IEC 27017:2015 | Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services | Cloud Computing |
ISO/IEC 27018:2019 | Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors | PII in the Cloud |
ISO/IEC 27034:2011 | Information technology - Security techniques - Application security | ONF/ANF |
ISO/IEC 27036-1:2021 | Cybersecurity - Supplier relationships - Part 1: Overview and concepts | Supplier Relations |
ISO/IEC 27037:2012 | Information technology - Security techniques - Guidelines for identification, collection, acquisition and preservation of digital evidence | Forensics |
ISO/IEC 27040:2015 | Information technology - Security techniques - Storage security | Storage Security |
ISO/IEC 27041:2015 | Information technology - Security techniques - Guidance on assuring suitability and adequacy of incident investigative method | Forensics |
ISO/IEC 27042:2015 | Information technology - Security techniques - Guidelines for the analysis and interpretation of digital evidence | Forensics |
ISO/IEC 27043:2015 | Information technology - Security techniques - Incident investigation principles and processes | Forensics |
ISO/IEC 27050-1:2019 | Information technology - Electronic discovery - Part 1: Overview and concepts | eDiscovery |
ISO/IEC 29100:2011 | Information technology - Security techniques - Privacy framework | |
NFPA 70 | National Electrical Code | Datacenter Design |
NFPA 75 | Standard for the Fire Protection of Information Technology Equipment | Datacenter Design |
NFPA 76 | Standard for the Fire Protection of Telecommunications Facilities | Datacenter Design |
NIST FIPS 140-3 | Security Requirements for Cryptographic Modules | Auditing and Assurance |
NIST SP 500-292 | Cloud Computing Reference Architecture | Cloud Computing |
NIST SP 500-293 | Cloud Computing Technology Roadmap | Cloud Computing |
NIST SP 800-12 Rev. 1 | An Introduction to Information Security | |
NIST SP 800-30 | Guide for Conducting Risk Assessments | Risk |
NIST SP 800-37 Rev. 2 | Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy | Risk |
NIST SP 800-40 Rev. 3 | Guide to Enterprise Patch Management Technologies | |
NIST SP 800-53 Rev. 5 | Security and Privacy Controls for Federal Information Systems and Organizations | |
NIST SP 800-63 | Digital Identity Guidelines | Forensics |
NIST SP 800-92 | Guide to Computer Security Log Management | |
NIST SP 800-122 | Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) | Breach Reporting |
NIST SP 800-123 | Guide to General Server Security | |
NIST SP 800-145 | The NIST Definition of Cloud Computing | Cloud Computing |
NIST SP 800-146 | Cloud Computing Synopsis and Recommendations | |
NIST SP 800-161 | Supply Chain Risk Management Practices for Federal Information Systems and Organizations | Supply Chain |
PCI DSS | Payment Card Industry Data Security Standards | Security Management and Controls |
Uptime Institute Tier Standards | Security Management and Controls |