Compliance Standards by Industry
- Ryan Seymour
Compliance Standard | Industry/Field | Geographical | Enterprise | SMB | Source |
|---|---|---|---|---|---|
CIS (Center for Internet Security) | Cross-industry, applicable to all organizations aiming to improve cybersecurity hygiene | Global | Public and Private Sector Organizations, CSP, MSP, Regulated industries | Public and Private Sector Organizations, CSP, MSP, Regulated industries | |
Cyber Essentials | General business, primarily in the UK (focuses on small to medium-sized enterprises) | UK-focused | UK-based SMEs, IT consultancies, local government | Local accounting firms, UK-based SMEs, startup tech companies | |
Essential Eight | Australian businesses and government organizations, particularly in critical infrastructure | Australia | Australian enterprises like Telstra, state agencies | Small Australian businesses, local contractors | |
GDPR (General Data Protection Regulation) | Any organization processing personal data of EU citizens (cross-industry) | European Union (applies globally if processing EU citizens' data) | Publicly traded companies like Google, Facebook, healthcare orgs | Small online retailers, EU-based local service businesses | |
GPG 13 (Good Practice Guide 13) | UK government and entities managing government-sensitive information | UK | UK defense contractors, large government vendors like BAE Systems | Small consulting firms, local UK contractors | |
HIPAA (Health Insurance Portability and Accountability Act) | Healthcare, Health Insurance, Medical Research | United States | Healthcare providers like UnitedHealth Group, research institutions | Small healthcare providers, medical practices, local clinics | |
ISO 27002 | Cross-industry, global standard for information security management systems (ISMS) | Global | Enterprises like Siemens, multinational corporations | Small IT services firms, local security consultants | |
NIST 800-53 | Government agencies, defense contractors, and sectors dealing with sensitive data | Primarily U.S. federal government and related sectors | Government contractors like Lockheed Martin, federal agencies | Small government subcontractors, U.S.-based MSPs | |
NIST 800-171 | Organizations working with the U.S. government that handle Controlled Unclassified Information (CUI) | United States | Contractors like Boeing, Raytheon, small defense-related businesses | Small U.S. defense subcontractors, local tech suppliers | |
NIST CSF 2.0 (Cybersecurity Framework) | Cross-industry, U.S. businesses, government agencies, and critical infrastructure sectors | United States (adopted globally by some industries) | Energy companies, utilities like ExxonMobil, Duke Energy | Small U.S. energy providers, local utility contractors | |
PCIDSS (Payment Card Industry Data Security Standard) | Finance, E-commerce, Retail (any entity handling credit card data) | Global | Retail giants like Walmart, e-commerce platforms like Amazon | Small online shops, local retail stores, restaurants |
Â