NIST CSF 2.0
NIST Cybersecurity Framework 2.0
NISTRisk Framework
Outcome-based framework organized around Govern, Identify, Protect, Detect, Respond, Recover.
Catalog
Standards, frameworks & methodologies
The frameworks security teams actually use — from risk management and control catalogs to threat modeling and offensive testing.
NIST SP 800-53
Security and Privacy Controls for Information Systems
NISTControl Catalog
Comprehensive catalog of security and privacy controls used across US federal systems.
OWASP Top 10
OWASP Top 10 Web Application Security Risks
OWASP FoundationAppSec
Awareness document on the most critical security risks to web applications.
OWASP ASVS
Application Security Verification Standard
OWASP FoundationAppSec
Verification requirements for designing, building, and testing modern web apps and services.
OWASP SAMM
Software Assurance Maturity Model
OWASP FoundationProgram
Measurable framework for analyzing and improving a software security posture.
OSSTMM
Open Source Security Testing Methodology Manual
ISECOMTesting Methodology
Peer-reviewed methodology for operational security testing.
PTES
Penetration Testing Execution Standard
PTES ProjectTesting Methodology
Common language and scope for delivering and procuring penetration tests.
CWE
Common Weakness Enumeration
MITRETaxonomy
Community-developed list of software and hardware weakness types.
STRIDE
Spoofing, Tampering, Repudiation, Info Disclosure, DoS, Elevation
MicrosoftThreat Modeling
Mnemonic-based threat modeling categories used for system decomposition.
MITRE ATT&CK
Adversarial Tactics, Techniques & Common Knowledge
MITREThreat Intel
Globally accessible knowledge base of adversary tactics and techniques.
CIS Controls v8
Center for Internet Security Critical Security Controls
CISControl Catalog
Prioritized set of safeguards to mitigate the most common attacks.
ISO/IEC 27002
Information security controls
ISO/IECControl Catalog
Reference set of controls supporting an ISO/IEC 27001 ISMS.