Security frameworks, decoded.

Prescriptive, consensus-based hardening baselines for cloud, OS, and platforms. Curated highlights — full benchmark PDFs at cisecurity.org.

Outcome-based framework for managing cybersecurity risk across six core functions.

Catalog of security and privacy controls for federal information systems.

Payment Card Industry Data Security Standard — 12 requirements protecting cardholder data.

Globally-accessible knowledge base of adversary tactics and techniques.

Australian Cyber Security Centre baseline mitigation strategies — eight controls across three maturity levels.

International standard for information security management systems — 93 Annex A controls in 4 themes.

AICPA Trust Services Criteria for service organizations — five trust categories.

Protecting Controlled Unclassified Information (CUI) in non-federal systems. 14 control families with 110+ requirements.

Top 10 web application security risks, with CWE mappings and mitigations for each category (A01–A10).

Top 10 API-specific security risks with attack vectors and mitigations (API1–API10).

Top 10 risks for large language model applications: prompt injection, data poisoning, model theft, and more.

Australian Prudential Regulation Authority information security standard for regulated financial institutions.

US health data protection. Administrative, Physical, and Technical safeguards for protected health information (PHI).

Cloud-specific security controls extending ISO/IEC 27002, with guidance for cloud service providers and customers.

Protection of personally identifiable information (PII) in public clouds acting as PII processors.

AI risk management across four functions: Govern, Map, Measure, Manage — with categories and subcategories.

Cloud Security Alliance control framework: 17 domains and 197 controls for cloud-specific security.

European regulation governing personal data protection and privacy — 99 articles across 11 chapters with significant global reach.