Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Compliance Standard

Industry/Field

Geographical

Enterprise

SMB

Source

CIS (Center for Internet Security)

Cross-industry, applicable to all organizations aiming to improve cybersecurity hygiene

Global

Enterprises like Cisco, IBM, publicly traded and private businesses

Small IT firms, managed service providers (MSPs), consultancies

cisecurity.org

Cyber Essentials

General business, primarily in the UK (focuses on small to medium-sized enterprises)

UK-focused

UK-based SMEs, IT consultancies, local government

Local accounting firms, UK-based SMEs, startup tech companies

cyberessentials.ncsc.gov.uk

Essential Eight

Australian businesses and government organizations, particularly in critical infrastructure

Australia

Australian enterprises like Telstra, state agencies

Small Australian businesses, local contractors

cyber.gov.au

GDPR (General Data Protection Regulation)

Any organization processing personal data of EU citizens (cross-industry)

European Union (applies globally if processing EU citizens' data)

Publicly traded companies like Google, Facebook, healthcare orgs

Small online retailers, EU-based local service businesses

gdpr.eu

GPG 13 (Good Practice Guide 13)

UK government and entities managing government-sensitive information

UK

UK defense contractors, large government vendors like BAE Systems

Small consulting firms, local UK contractors

ncsc.gov.uk

HIPAA (Health Insurance Portability and Accountability Act)

Healthcare, Health Insurance, Medical Research

United States

Healthcare providers like UnitedHealth Group, research institutions

Small healthcare providers, medical practices, local clinics

hhs.gov/hipaa

ISO 27002

Cross-industry, global standard for information security management systems (ISMS)

Global

Enterprises like Siemens, multinational corporations

Small IT services firms, local security consultants

iso.org

NIST 800-53

Government agencies, defense contractors, and sectors dealing with sensitive data

Primarily U.S. federal government and related sectors

Government contractors like Lockheed Martin, federal agencies

Small government subcontractors, U.S.-based MSPs

nist.gov

NIST 800-171

Organizations working with the U.S. government that handle Controlled Unclassified Information (CUI)

United States

Contractors like Boeing, Raytheon, small defense-related businesses

Small U.S. defense subcontractors, local tech suppliers

nist.gov

NIST CSF 2.0 (Cybersecurity Framework)

Cross-industry, U.S. businesses, government agencies, and critical infrastructure sectors

United States (adopted globally by some industries)

Energy companies, utilities like ExxonMobil, Duke Energy

Small U.S. energy providers, local utility contractors

nist.gov

PCIDSS (Payment Card Industry Data Security Standard)

Finance, E-commerce, Retail (any entity handling credit card data)

Global

Retail giants like Walmart, e-commerce platforms like Amazon

Small online shops, local retail stores, restaurants

pcisecuritystandards.org

  • No labels