Compliance Standards Library
-
Understanding the Differences Between NIST CSF 1.1 and 2.0
What is the NIST Cybersecurity Framework (CSF)? The NIST Cybersecurity Framework (CSF) pro...
-
HITRUST CSF
For more information about the HITRUST Assessment, please visit the official HITRUST Asses...
-
Integrating Climate Change Considerations into your ISMS following the ISO 27001 2024 Amendment
The ISO 27001 2024 amendment introduces an update, emphasizing the importance of addressing...
-
ISO 42001 AI Management System (AIMS)
ISO/IEC 42001:2023 is a standard specifying requirements and guidance for establishing, imp...
-
UK Cyber Essentials & Australian Essential 8
What are UK Cyber Essentials and the Australian Essential 8? UK Cyber Essentials and Austr...
-
PCI 4.0 Frequently Asked Questions
What is PCI 4.0? PCI 4.0 is the most current version of PCI. What is different about PCI ...
-
PCI Requirement Changes
What is the official requirement-by-requirement change log? Straight from the PCI Standa...
-
NIST 800-53
What is NIST SP 800-53? NIST SP 800-53 (Rev. 5) is the catalog of the most detailed and co...
-
US Data Privacy
US Data Privacy (USDP) is a compliance framework exclusive to Vanta. It unifies controls an...
-
Open Finance Data Security Standard (OFDSS)
What is OFDSS? The Open Finance Data Security Standard (OFDSS) is a next-generation compl...
-
ISO 27001:2022 Frequently Asked Questions
What is ISO 27001:2022? ISO 27001:2022 is the most current version of ISO 27001. The 2022 ...
-
Understanding an ISO Internal Audit
As a part of your ISO compliance, your organization must conduct an internal audit. Interna...
-
ISO 27001
What is ISO 27001? ISO 27001:2022 is the most current version of ISO 27001 that specifies ...
-
ISO 27018
ISO 27018 establishes controls to protect Personally Identifiable Information (PII) in publ...
-
ISO 27017
ISO 27017 provides guidelines for information security controls applicable to providing and...
-
ISO 27701
ISO 27701 is a certifiable extension of ISO 27001 that specifies the requirements for estab...
-
NIST CSF (Cybersecurity Framework)
NIST CSF is voluntary guidance based on existing standards, guidelines, and practices for o...
-
NIST 800-171
What is NIST 800-171? NIST 800-171 is a NIST Special Publication that provides requirement...
-
Minimum Viable Security Product (MVSP)
Minimum Viable Secure Product is a minimalistic security checklist for B2B software and bus...
-
AWS Foundational Technical Review (FTR)
The AWS Foundational Technical Review (FTR) enables you to identify and remediate risks in ...
-
Microsoft Supplier Security & Privacy Assurance Program (SSPA)
Data compliance and protection are paramount to modern business, and Microsoft has created ...
-
SOX IT General Controls (ITGC)
SOX ITGC is a set of IT controls required to comply with the Sarbanes-Oxley Act. SOX compli...