Skip to content
    Home / Publication Type

    Publication Type

    In cybersecurity, there are different types of documents that together structure governance and compliance: laws and regulations (e.g., binding legal texts such as the EU’s General Data Protection Regulation) impose mandatory requirements and sanctions; contractual obligations translate security expectations into enforceable commitments between parties (such as security clauses in supplier agreements); standards (like ISO/IEC 27001) define certifiable best practices; frameworks (for example, the NIST Cybersecurity Framework) provide structured guidance to assess and improve security posture; guidelines offer non-binding recommendations and practical interpretation; and tools support implementation through technical or methodological means (e.g., risk assessment or vulnerability scanning tools). Together, these instruments differ in legal force, level of prescriptiveness, and operational purpose, but collectively shape an organization’s cybersecurity posture.

    CISA Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators

    The CISA guidance titled “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators” provides operational technology (OT) owners and operators across critical infrastructure sectors with practical, step-by-step recommendations… Read More »CISA Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators

    NIST SP 800-18 Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems

    NIST SP 800-18 Revision 2, “Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems,” provides a structured framework for creating comprehensive security plans for federal information systems,… Read More »NIST SP 800-18 Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems

    CISA Primary Mitigations to Reduce Cyber Threats to Operational Technology

    The CISA “Primary Mitigations to Reduce Cyber Threats to Operational Technology” fact sheet outlines five core strategies for critical infrastructure operators to strengthen the cybersecurity of their operational technology (OT)… Read More »CISA Primary Mitigations to Reduce Cyber Threats to Operational Technology

    OWASP Application Security Verification Standard (ASVS) 5.0

    The OWASP Application Security Verification Standard (ASVS) is a comprehensive framework that defines security requirements for designing, developing, and testing web applications and APIs. It is organized into 14 chapters,… Read More »OWASP Application Security Verification Standard (ASVS) 5.0