Copyright © 2009 by American Institute of Certified Public Accountants, Inc. and Canadian Institute of Chartered Accountants. Retrieved October 15, 2020. https://www.cpacanada.ca/-/media/site/operational/ms-member-services/docs/00250-generally-accepted-privacy-principles.pdf?la=en
Third-party attribution
AICPA
American Institute of Certified Public Accountants
CSA-311
CSA-311
Functional Security Assessment for Components. © Copyright 2021 ISASecure. All Rights Reserved. https://www.isasecure.org/en-US/Certification/IEC-62443-CSA-Certification. Referenced as per executed membership agreement with ISA.
European Banking Authority
EBA - Security of Internet Payments
“Final guidelines on the security of internet payments” European Banking Authority. BA/GL/2014/12_Rev1. Published 19 December 2014. Retrieved 20 October 2020. https://eba.europa.eu/sites/default/documents/files/documents/10180/934179/f27bf266-580a-4ad0-aaec-59ce52286af0/EBA-GL-2014-12%20%28Guidelines%20on%20the%20security%20of%20internet%20payments%29_Rev1.pdf
ISO
ISO 27001:2005 / SOX
ISO/IEC 27001:2005. ISO/IEC 27001:2005 Information technology — Security techniques — Information security management systems — Requirements. Edition 1. Published October 2005. <https://www.iso.org/standard/42103.html> Referenced with written permission of ISO.
ISO 27001:2013 / SOX
ISO/IEC 27001:2013. Information technology — Security techniques — Information security management systems — Requirements. Version 2. Published October 2013. <https://www.iso.org/standard/54534.html">> Referenced with written permission of ISO.
International Society of Automation
ANSI/ISA 62443-3-3
ANSI/ISA-62443-3-3 (99.03.03)-2013, Security for industrial automation and control systems Part 3-3: System security requirements and security levels. Copyright © 2013 by ISA. All rights reserved. https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu Referenced with written permission of ISA.
ANSI/ISA 62443-4-2
ANSI/ISA-62443-4-2-2018, Security for industrial automation and control systems, Part 4-2: Technical security requirements for IACS components. Copyright © 2018 by ISA. All rights reserved. https://webstore.ansi.org/Standards/ISA/ANSIISA624432018-1717607?gclid=CjwKCAiAwrf-BRA9EiwAUWwKXseedNTUjoyJzqU4K7m1nuEChUJUgxJ4t-83wbi9vH_5oTzXXykIsRoCO_4QAvD_BwE Referenced with written permission of ISA.
MITRE
CWE/SANS Top 25
Copyright © 2006-2020, The MITRE Corporation. https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html
Monetary Authority of Singapore
Technology Risk Management Guidelines - June 2013
Reproduced with the permission of the Monetary Authority of Singapore ©2020 The Monetary Authority of Singapore. MAS’ Technology Risk Management guidelines republished on Security Compass’s Platform is available on, and can be obtained without cost, from the MAS’ website: https://www.veracode.com/sites/default/files/2020-04/TRM%20Guidelines%20%2021%20June%202013.pdf Referenced with written permission of Monetary Authority of Singapore.
NEMA: National Electrical Manufacturers Association
HIMSS/NEMA Standard HN 1-2013. Manufacturer Disclosure Statement for Medical Device Security.
© Copyright 2013 by the National Electrical Manufacturers Association and the Healthcare Information and Management Systems Society. All rights including translation into other languages, reserved under the Universal Copyright Convention, the Berne Convention for the Protection of Literary and Artistic Works, and the International and Pan American Copyright Conventions. Referenced with written permission of NEMA.
NIST
NIST 800-171
Ron Ross (NIST), Victoria Pillitteri (NIST), Kelley Dempsey (NIST), Mark Riddle (NARA), Gary Guissanie (IDA). “SP 800-171 Rev. 2 - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.” Published February 2020. <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf>
NIST 800-53
NIST Special Publication 800-53. Revision 5. Security and Privacy Controls for Federal Information Systems and Organizations. Published April 2013. <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf>
NIST 800-82
Keith Stouffer, Victoria Pillitteri, Suzanne Lightman, Marshall Abrams, Adam Hahn. NIST Special Publication 800-82. Revision 2. Guide to Industrial Control Systems (ICS) Security. Published May 2015. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf
OWASP
OWASP Application Security Verification Standard (ASVS) Project
OWASP Application Security Verification Standard (ASVS) Project by OWASP Foundation, Inc. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. OWASP does not endorse or recommend SD Elements of the use of this work.
OWASP IoT Attack Surface Areas
OWASP IoT Attack Surface Areas by OWASP Foundation, Inc. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. OWASP does not endorse or recommend SD Elements of the use of this work.
OWASP IoT Top 10
OWASP IoT Top 10 by OWASP Foundation, Inc. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. OWASP does not endorse or recommend SD Elements of the use of this work.
OWASP Mobile Top 10 (2016)
OWASP Mobile Top 10 (2016) by OWASP Foundation, Inc. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. OWASP does not endorse or recommend SD Elements of the use of this work.
OWASP Top 10 (2013)
OWASP Top 10 (2013) by OWASP Foundation, Inc. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. OWASP does not endorse or recommend SD Elements of the use of this work.
OWASP Top 10 (2017)
OWASP Top 10 (2017) by OWASP Foundation, Inc. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. OWASP does not endorse or recommend SD Elements of the use of this work.
Privacy Patterns
PrivacyPatterns.org
PrivacyPatterns.org. UC Berkeley School of Information is licensed under CC BY 3.0. Content may have been modified or adapted and such modifications or adaptations are not endorsed by original author.
SSA-311
SSA-311
Functional Security Assessment for Systems (FSA-S). © Copyright 2021 ISASecure. All Rights Reserved. https://www.isasecure.org/en-US/Certification/IEC-62443-SSA-Certification. Referenced as per executed membership agreement with ISA.
Security Controls Framework
Security Controls Framework
Secure Controls Framework by Secure Controls Framework. This document is released under the Creative Commons Attribution Sharealike 4.0 license. For any reuse or distribution, you must make clear that license terms of this work. The work is provided without warranty or service or accuracy. SCF does not endorse or recommend SD Elements of the use of this work. Referenced with written permission of SCF.
United States Department of Defense
Application Security and Development STIG
Application Security and Development STIG. Department of Defense. "Application Security and Development STIG - Ver 5, Rel 1" 26 Oct 2020. DoD Cyber Exchange Public. https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_ASD_V5R1_STIG.zip.
DIACAP
DoD Information Assurance Certification and Accreditation Process (DIACAP). NUMBER 8510.01 November 28, 2007. https://apps.dtic.mil/dtic/tr/fulltext/u2/a551538.pdf
Federal Risk and Authorization Management Program
FedRAMP Security Controls Baseline (High/Moderate/Low)
FedRAMP Security Controls Baseline. FedRAMP. Published July 31 2020. https://www.fedramp.gov/assets/resources/documents/FedRAMP_Security_Controls_Baseline.xlsx Referenced with written permission of FedRAMP.
Center for Internet Security, Inc.
CIS SecureSuite Products
As used herein, "CIS SecureSuite Products" refers to the following CIS benchmarks, as amended and updated: CIS-Apache-HTTP-Server-2.4-v1.3.1 CIS-Apache-Tomcat-8-v1.0.1 CIS-Microsoft-IIS-10-v1.0.0 CIS-Google-Cloud-Platform-Foundation-v1.2.0" CIS-Microsoft-SQL-Server-2016-v1.0.0 CIS-Oracle-Database-12c-v2.1.0 CIS-Kubernetes-1.20-v1.0.0 CIS-Oracle-MySQL-Enterprise-Edition-5.7-v1.0.0 CIS-AWS-Foundations-v1.4.0 CIS-AWS-Three-Tier-Web-Architecture-v1.0.0" CIS-Microsoft-Azure-Foundations-v1.0.0 CIS-Docker-1.13.0-v1.0.0 CIS-Amazon-Elastic-Kubernetes-Service-(EKS)-v1.0.1 CIS SecureSuite Products are released under the Creative Commons Attribution Sharealike 4.0 license in accordance with the Organizational Consulting Membership Agreement between Infotek Solutions Inc. and Center for Internet Security, Inc. dated April 7, 2017. The work is provided without warranty or service or accuracy. CIS does not endorse or recommend SD Elements of the use of this work. Use of CIS SecureSuite Products by Security Compass is based upon recommendations incorporated in a CIS Benchmark developed by Center for Internet Security, Inc.
Microsoft
Microsoft Cloud Security Benchmark
Code and documentation for Microsoft Cloud Security Benchmark (collectively, referred to as the “MCSB License”) is included in SD Elements and located at the following repository: https://github.com/MicrosoftDocs/SecurityBenchmarks The MCSB License contains the following legal notices: https://github.com/MicrosoftDocs/SecurityBenchmarks?tab=readme-ov-file The MCSB License contains the following declared licenses: A license to any code in the repository under the MIT License: https://github.com/MicrosoftDocs/SecurityBenchmarks?tab=MIT-2-ov-file. A license to the Microsoft documentation and other content in the repository under the Creative Commons Attribution 4.0 International Public License: https://github.com/MicrosoftDocs/SecurityBenchmarks?tab=CC-BY-4.0-1-ov-file. Documentation and other content may have been modified or adapted and such modifications or adaptations are not endorsed by original author.