Compliance
Britannica
The Compliance Command Center — official resources, documentation, and field manuals for every major federal and commercial compliance framework.
The US government standard for cloud service providers seeking to sell to federal agencies. Covers Low, Moderate, and High impact levels plus the new FedRAMP 20x pathway.
DoD framework requiring defense contractors to demonstrate cybersecurity maturity across three levels. Mandatory for all DoD contracts involving Controlled Unclassified Information.
State and local government cloud security authorization program, rebranded from StateRAMP. Helps government entities verify cloud vendors meet security standards.
The six-step NIST Risk Management Framework as implemented by the Department of Defense. Required for all DoD information systems before achieving an Authority to Operate.
AICPA framework for service organizations covering security, availability, processing integrity, confidentiality, and privacy. Type II reports cover a period of time and are most commonly required.
Global standard for organizations that handle cardholder data. Version 4.0.1 is the current standard with new requirements phasing in through 2025 and beyond.
Globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Used for threat modeling, red teaming, and detection engineering.