Skip to content
Home

Publication Type

In cybersecurity, there are different types of documents that together structure governance and compliance: laws and regulations (e.g., binding legal texts such as the EU’s General Data Protection Regulation) impose mandatory requirements and sanctions; contractual obligations translate security expectations into enforceable commitments between parties (such as security clauses in supplier agreements); standards (like ISO/IEC 27001) define certifiable best practices; frameworks (for example, the NIST Cybersecurity Framework) provide structured guidance to assess and improve security posture; guidelines offer non-binding recommendations and practical interpretation; and tools support implementation through technical or methodological means (e.g., risk assessment or vulnerability scanning tools). Together, these instruments differ in legal force, level of prescriptiveness, and operational purpose, but collectively shape an organization’s cybersecurity posture.

NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile

The NIST Cyber AI Profile offers a structured approach to integrating AI into cybersecurity operations. It provides guidance on leveraging AI for threat detection, risk assessment, and automated response while… Read More »NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile

NIST IR 8374 Rev. 1 Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile

The “Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile” is a NIST publication that provides organizations with a practical guide to managing ransomware risks using the updated NIST Cybersecurity… Read More »NIST IR 8374 Rev. 1 Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile