The following compliance standards were added to the Standards Catalog. You can now access them from the Posture Management → Compliance → Catalogs → Standards page.
| Compliance standard | Description | |
|---|---|---|
Cyber Risk Institute (CRI) Profile v2.1 |
Cyber Risk Institute (CRI) has developed CRI's Profile v2.1 framework to create an efficient approach to technology and cybersecurity risk management that effectively counters dynamic and evolving threats and provides adequate assurance to government supervisors. |
|
Korea – Information Security Management System (ISMS) For Finance |
The Korea Information Security Management System (K-ISMS) is a government-backed standard introduced in 2002 under Article 47 of the Act on Promotion of Information and Communications Network Utilization and Information Protection. The standard was developed by KISA to adapt the national ISMS-P (Information Security & Personal Information Management System) requirements governed by the Information and Communications Network Act and the Personal Information Protection Act—to the unique regulatory and operational environment of the financial industry. |
|
New Zealand Information Security Manual (NZISM) v3.9 |
The New Zealand Information Security Manual (NZISM) is the New Zealand Government's manual on information assurance and information systems security. Its role is to promote a consistent approach to information assurance and information security across all New Zealand Government agencies. The NZISM is based on security threat and risk assessments for any information that is collected, processed, stored or communicated by New Zealand Government systems with corresponding risk treatments (control sets) to manage security risk. The NZISM is intended to support the structure and assist the implementation of the New Zealand Government policy that requires agencies to protect the privacy, integrity and confidentiality of the information they collect, process, store and archive. |
|
NIST SP 800-172 |
NIST Special Publication 800-172, titled "Enhanced Security Requirements for Protecting Controlled Unclassified Information" contains recommendations for enhanced security requirements to provide additional protection for Controlled Unclassified Information (CUI) in nonfederal systems and organizations when such information is associated with critical programs or high value assets. The enhanced security requirements are designed to respond to the advanced persistent threat (APT) and supplement the basic and derived security requirements in Special Publication 800-171. |