Compliance
FACTA
Summary The Fair and Accurate Credit Transactions Act (FACTA) of 2003, amending the Fair Credit Reporting Act, adds provisions designed to improve the accuracy of consumers' credit-related records. Definitions Definition Requirements 157-A. Study on ...
FCRA
Summary The Fair Credit Reporting Act (FCRA) regulates the way credit reporting agencies can collect, access, use and share the data they collect in consumer reports, referencing personal and sensitive information. The version used in this section is ...
CERT-J
Summary The SEI CERT® Oracle® Secure Coding Standard for Java™ provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. This standard, published in 2011, covers security issues. Definitions ...
CERT-C
Summary The SEI CERT C Coding Standard, 2016 Edition provides rules for secure coding in the C programming language. These rules and recommendations are used to develop safe, reliable, and secure systems, for example by eliminating undefined ...
CPRA
Summary The California Privacy Rights Act CPRA is a data privacy law that takes effect on January 1, 2023. It makes a variety of amendments to the requirements in the California Consumer Privacy Act (CCPA). The version used in this section is CPRA of ...
CCPA
Summary The California Consumer Privacy Act of 2018 (CCPA) gives users and consumers more control over the personal information that businesses collect about them. It is the most influential state-level consumer privacy law passed in the U.S. The ...
BIZEC-APP
Summary The BIZEC APP/11 standard comprises the most critical and the most common security defects and technical risks in SAP ABAP applications. This version corresponds to the year 2012. Definitions Definition Requirements APP-01. ABAP command ...
Agile Alliance
Summary The Agile Manifesto uncovers better ways of developing software by doing it and helping others do it. This work values individuals and interactions over processes and tools, working software over comprehensive documentation, customer ...
NIST CSF
Summary The NIST Cybersecurity Framework is a guidance based on existing standards, guidelines and practices for organizations to better manage and reduce cybersecurity risk. This set of requirements was developed by the National Institute of ...
OWASP-M TOP 10
Summary OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. OWASP-M Top Ten classifies mobile security risks and provides ...
CWE TOP 25
Summary Common Weakness Enumeration Top 25 (CWE Top 25) is a demonstrative list and valuable community resource of the most common and impactful issues experienced over the previous two calendar years. It can help developers, testers and users to ...
SOC2®
Summary These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems used ...
PCI DSS
Summary PCI DSS is the global data security standard adopted by payment card brands for all entities that process, store or transmit cardholder data and/or sensitive authentication data. It consists of several steps that mirror security best ...
OWASP TOP 10
Summary The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. The version used in this section is OWASP Top 10:2021. ...
OWASP ASVS
Summary The OWASP Application Security Verification Standard project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. The version used in this ...
NIST 800-63B
Summary NIST Special Publication 800-63B is a digital identity guideline that provides recommendations on types of authentication processes that may be used at various Authenticator Assurance Levels (AALs). It applies to the digital authentication of ...
NIST 800-53
Summary NIST SP 800-53 defines the standards and guidelines for federal agencies to architect and manage their information security systems. It was established to provide guidance for the protection of agency's and citizen's private data. The version ...
NERC CIP
Summary The North American Electric Reliability Corporation Reliability Standards are developed using an industry-driven, ANSI-accredited process that ensures the process is open to anyone who is directly and materially affected by the reliability of ...
ISO/IEC 27001
Summary ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the ...
HIPAA
Summary The Health Insurance Portability and Accountability Act of 1996 required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. The ...
GDPR
Summary This regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. The version used in this section is GDPR - OJ L 119, ...
ePrivacy Directive
Summary ePrivacy Directive is an important legal instrument for privacy in the digital age, and more specifically for the confidentiality of communications and the rules regarding tracking and monitoring. The version used in this section is Directive ...
CWE™
Summary Common Weakness Enumeration is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation and prevention ...
CIS
Summary The Center for Internet Security Controls are a prioritized set of safeguards to mitigate the most prevalent cyberattacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory and policy frameworks. The ...
CAPEC™
Summary Common Attack Pattern Enumeration and Classification helps by providing a comprehensive dictionary of known patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, ...
BSIMM
Summary The Building Security In Maturity Model is a data-driven model developed through rigorous analysis of software security initiatives (SSIs), also known as application/product security programs. The version used in this section is BSIMM14. ...