Compliance Standard | Industry/Field | Geographical | Enterprise | SMB | Source | |
---|---|---|---|---|---|---|
CIS (Center for Internet Security) | Cross-industry, applicable to all organizations aiming to improve cybersecurity hygiene | Global | Enterprises like Cisco, IBM, publicly traded and private businesses | Small IT firms, managed service providers (MSPs), consultancies Public and Private Sector Organizations, CSP, MSP, Regulated industries | Public and Private Sector Organizations, CSP, MSP, Regulated industries | |
Cyber Essentials | General business, primarily in the UK (focuses on small to medium-sized enterprises) | UK-focused | UK-based SMEs, IT consultancies, local government | Local accounting firms, UK-based SMEs, startup tech companies | ||
Essential Eight | Australian businesses and government organizations, particularly in critical infrastructure | Australia | Australian enterprises like Telstra, state agencies | Small Australian businesses, local contractors | ||
GDPR (General Data Protection Regulation) | Any organization processing personal data of EU citizens (cross-industry) | European Union (applies globally if processing EU citizens' data) | Publicly traded companies like Google, Facebook, healthcare orgs | Small online retailers, EU-based local service businesses | ||
GPG 13 (Good Practice Guide 13) | UK government and entities managing government-sensitive information | UK | UK defense contractors, large government vendors like BAE Systems | Small consulting firms, local UK contractors | ||
HIPAA (Health Insurance Portability and Accountability Act) | Healthcare, Health Insurance, Medical Research | United States | Healthcare providers like UnitedHealth Group, research institutions | Small healthcare providers, medical practices, local clinics | ||
ISO 27002 | Cross-industry, global standard for information security management systems (ISMS) | Global | Enterprises like Siemens, multinational corporations | Small IT services firms, local security consultants | ||
NIST 800-53 | Government agencies, defense contractors, and sectors dealing with sensitive data | Primarily U.S. federal government and related sectors | Government contractors like Lockheed Martin, federal agencies | Small government subcontractors, U.S.-based MSPs | ||
NIST 800-171 | Organizations working with the U.S. government that handle Controlled Unclassified Information (CUI) | United States | Contractors like Boeing, Raytheon, small defense-related businesses | Small U.S. defense subcontractors, local tech suppliers | ||
NIST CSF 2.0 (Cybersecurity Framework) | Cross-industry, U.S. businesses, government agencies, and critical infrastructure sectors | United States (adopted globally by some industries) | Energy companies, utilities like ExxonMobil, Duke Energy | Small U.S. energy providers, local utility contractors | ||
PCIDSS (Payment Card Industry Data Security Standard) | Finance, E-commerce, Retail (any entity handling credit card data) | Global | Retail giants like Walmart, e-commerce platforms like Amazon | Small online shops, local retail stores, restaurants |
...