Copyright © 2009 by American Institute of Certified Public Accountants, Inc. and Canadian Institute of Chartered Accountants. Retrieved October 15, 2020. https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/00250-generally-accepted-privacy-principles.pdf?la=en

Functional Security Assessment for Components. © Copyright 2021 ISASecure. All Rights Reserved. https://www.isasecure.org/en-US/Certification/IEC-62443-CSA-Certification. Referenced as per executed membership agreement with ISA.

“Final guidelines on the security of internet payments” European Banking Authority. BA/GL/2014/12_Rev1. Published 19 December 2014. Retrieved 20 October 2020. https://eba.europa.eu/sites/default/documents/files/documents/10180/934179/f27bf266-580a-4ad0-aaec-59ce52286af0/EBA-GL-2014-12%20%28Guidelines%20on%20the%20security%20of%20internet%20payments%29_Rev1.pdf

ISO/IEC 27001:2005. ISO/IEC 27001:2005 Information technology — Security techniques — Information security management systems — Requirements. Edition 1. Published October 2005. <https://www.iso.org/standard/42103.html> Referenced with written permission of ISO.

ISO/IEC 27001:2013. Information technology — Security techniques — Information security management systems — Requirements. Version 2. Published October 2013. <https://www.iso.org/standard/54534.html">> Referenced with written permission of ISO.

ANSI/ISA-62443-3-3 (99.03.03)-2013, Security for industrial automation and control systems Part 3-3: System security requirements and security levels. Copyright © 2013 by ISA. All rights reserved. https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu Referenced with written permission of ISA.

ANSI/ISA-62443-4-2-2018, Security for industrial automation and control systems, Part 4-2: Technical security requirements for IACS components. Copyright © 2018 by ISA. All rights reserved. https://webstore.ansi.org/Standards/ISA/ANSIISA624432018-1717607?gclid=CjwKCAiAwrf-BRA9EiwAUWwKXseedNTUjoyJzqU4K7m1nuEChUJUgxJ4t-83wbi9vH_5oTzXXykIsRoCO_4QAvD_BwE Referenced with written permission of ISA.

Copyright © 2006-2020, The MITRE Corporation. https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html

Reproduced with the permission of the Monetary Authority of Singapore ©2020 The Monetary Authority of Singapore. MAS’ Technology Risk Management guidelines republished on Security Compass’s Platform is available on, and can be obtained without cost, from the MAS’ website: https://www.veracode.com/sites/default/files/2020-04/TRM%20Guidelines%20%2021%20June%202013.pdf Referenced with written permission of Monetary Authority of Singapore.

© Copyright 2013 by the National Electrical Manufacturers Association and the Healthcare Information and Management Systems Society. All rights including translation into other languages, reserved under the Universal Copyright Convention, the Berne Convention for the Protection of Literary and Artistic Works, and the International and Pan American Copyright Conventions. Referenced with written permission of NEMA.

Ron Ross (NIST), Victoria Pillitteri (NIST), Kelley Dempsey (NIST), Mark Riddle (NARA), Gary Guissanie (IDA). “SP 800-171 Rev. 2 - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.” Published February 2020. <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf>

NIST Special Publication 800-53. Revision 5. Security and Privacy Controls for Federal Information Systems and Organizations. Published April 2013. <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf>

Keith Stouffer, Victoria Pillitteri, Suzanne Lightman, Marshall Abrams, Adam Hahn. NIST Special Publication 800-82. Revision 2. Guide to Industrial Control Systems (ICS) Security. Published May 2015. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf

OWASP Application Security Verification Standard (ASVS) Project by OWASP Foundation, Inc. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. OWASP does not endorse or recommend SD Elements of the use of this work.

OWASP IoT Attack Surface Areas by OWASP Foundation, Inc. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. OWASP does not endorse or recommend SD Elements of the use of this work.

OWASP IoT Top 10 by OWASP Foundation, Inc. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. OWASP does not endorse or recommend SD Elements of the use of this work.

OWASP Mobile Top 10 (2016) by OWASP Foundation, Inc. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. OWASP does not endorse or recommend SD Elements of the use of this work.

OWASP Top 10 (2013) by OWASP Foundation, Inc. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. OWASP does not endorse or recommend SD Elements of the use of this work.

OWASP Top 10 (2017) by OWASP Foundation, Inc. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. OWASP does not endorse or recommend SD Elements of the use of this work.

PrivacyPatterns.org. UC Berkeley School of Information is licensed under CC BY 3.0. Content may have been modified or adapted and such modifications or adaptations are not endorsed by original author.

Functional Security Assessment for Systems (FSA-S). © Copyright 2021 ISASecure. All Rights Reserved. https://www.isasecure.org/en-US/Certification/IEC-62443-SSA-Certification. Referenced as per executed membership agreement with ISA.

Secure Controls Framework by Secure Controls Framework. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. SCF does not endorse or recommend SD Elements of the use of this work. Referenced with written permission of SCF.

Application Security and Development STIG. Department of Defense. "Application Security and Development STIG - Ver 5, Rel 1" 26 Oct 2020. DoD Cyber Exchange Public. https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_ASD_V5R1_STIG.zip.

DoD Information Assurance Certification and Accreditation Process (DIACAP). NUMBER 8510.01 November 28, 2007. https://apps.dtic.mil/dtic/tr/fulltext/u2/a551538.pdf

As used herein, "CIS SecureSuite Products" refers to the following CIS benchmarks, as amended and updated:
CIS-Apache-HTTP-Server-2.4-v1.3.1
CIS-Apache-Tomcat-8-v1.0.1
CIS-Microsoft-IIS-10-v1.0.0
CIS-Google-Cloud-Platform-Foundation-v1.2.0"
CIS-Microsoft-SQL-Server-2016-v1.0.0
CIS-Oracle-Database-12c-v2.1.0
CIS-Kubernetes-1.20-v1.0.0
CIS-Oracle-MySQL-Enterprise-Edition-5.7-v1.0.0
CIS-AWS-Foundations-v1.4.0
CIS-AWS-Three-Tier-Web-Architecture-v1.0.0"
CIS-Microsoft-Azure-Foundations-v1.0.0
CIS-Docker-1.13.0-v1.0.0
CIS-Amazon-Elastic-Kubernetes-Service-(EKS)-v1.0.1
CIS SecureSuite Products are released under the Creative Commons Attribution Sharealike 4.0 license in accordance with the Organizational Consulting Membership Agreement between Infotek Solutions Inc. and Center for Internet Security, Inc. dated April 7, 2017. The work is provided without warranty or service or accuracy. CIS does not endorse or recommend SD Elements of the use of this work. Use of CIS SecureSuite Products by Security Compass is based upon recommendations incorporated in a CIS Benchmark developed by Center for Internet Security, Inc.

Code and documentation for Microsoft Cloud Security Benchmark (collectively, referred to as the “MCSB License”) is included in SD Elements and located at the following repository: https://github.com/MicrosoftDocs/SecurityBenchmarks

The MCSB License contains the following legal notices: https://github.com/MicrosoftDocs/SecurityBenchmarks?tab=readme-ov-file

The MCSB License contains the following declared licenses:

A license to any code in the repository under the MIT License: https://github.com/MicrosoftDocs/SecurityBenchmarks?tab=MIT-2-ov-file.

A license to the Microsoft documentation and other content in the repository under the Creative Commons Attribution 4.0 International Public License: https://github.com/MicrosoftDocs/SecurityBenchmarks?tab=CC-BY-4.0-1-ov-file. Documentation and other content may have been modified or adapted and such modifications or adaptations are not endorsed by original author.