Skip to content
Home

Publication Type

In cybersecurity, there are different types of documents that together structure governance and compliance: laws and regulations (e.g., binding legal texts such as the EU’s General Data Protection Regulation) impose mandatory requirements and sanctions; contractual obligations translate security expectations into enforceable commitments between parties (such as security clauses in supplier agreements); standards (like ISO/IEC 27001) define certifiable best practices; frameworks (for example, the NIST Cybersecurity Framework) provide structured guidance to assess and improve security posture; guidelines offer non-binding recommendations and practical interpretation; and tools support implementation through technical or methodological means (e.g., risk assessment or vulnerability scanning tools). Together, these instruments differ in legal force, level of prescriptiveness, and operational purpose, but collectively shape an organization’s cybersecurity posture.

CISA Principles for the Secure Integration of Artificial Intelligence in Operational Technology

The CISA Principles for the Secure Integration of Artificial Intelligence in Operational Technology provide a comprehensive framework to help critical infrastructure owners and operators securely integrate AI into their OT… Read More »CISA Principles for the Secure Integration of Artificial Intelligence in Operational Technology

NIST IR 8349 Methodology for Characterizing Network Behavior of Internet of Things Devices

NIST Internal Report (IR) 8349, titled “Methodology for Characterizing Network Behavior of Internet of Things Devices,” outlines a comprehensive approach to capturing, documenting, and analyzing the network communication behaviors of… Read More »NIST IR 8349 Methodology for Characterizing Network Behavior of Internet of Things Devices

CIS Controls Internet of Things Companion Guide

The CIS Controls Internet of Things (IoT) Companion Guide provides detailed guidance on how to apply the cybersecurity best practices of the CIS Controls, particularly Version 8.1, to IoT environments.… Read More »CIS Controls Internet of Things Companion Guide

CISA Primary Mitigations to Reduce Cyber Threats to Operational Technology

The CISA “Primary Mitigations to Reduce Cyber Threats to Operational Technology” fact sheet outlines five core strategies for critical infrastructure operators to strengthen the cybersecurity of their operational technology (OT)… Read More »CISA Primary Mitigations to Reduce Cyber Threats to Operational Technology