← Main Menu
--:--:--

SECURITYRESOURCE HUB

Compliance Frameworks · Government Sources · Official Guidance

OFFICIAL SOURCES ONLY — ALL LINKS GO DIRECTLY TO GOVERNMENT & STANDARDS BODIES
PCI DSS · HIPAA · FTC · CMMC · CIS · NIST · CISA
🛡
CISA
US GOV

Cybersecurity & Infrastructure Security Agency — the nation's cyber defense agency.

Cybersecurity Advisories
cisa.gov/news-events/cybersecurity-advisories
ADVISORIES
Known Exploited Vulnerabilities (KEV)
cisa.gov/known-exploited-vulnerabilities-catalog
KEV
ICS Security Advisories
cisa.gov/ics-advisories
ICS/OT
Free Cybersecurity Services & Tools
cisa.gov/resources-tools/resources
TOOLS
StopRansomware.gov
cisa.gov/stopransomware
RANSOMWARE
Secure by Design Principles
cisa.gov/secure-by-design
GUIDANCE
💳
PCI DSS 4.0+
PAYMENT

Payment Card Industry Data Security Standard v4.0 — mandatory for all entities handling cardholder data.

PCI SSC Document Library
pcisecuritystandards.org/document_library
STANDARD
PCI DSS v4.0 Overview
pcisecuritystandards.org/standards/pci-dss
v4.0
Find a Qualified Security Assessor (QSA)
pcisecuritystandards.org/assessors_and_solutions
QSA
SAQ & Supporting Documents
Self-Assessment Questionnaires for merchants
SAQ
PCI SSC Official Blog
blog.pcisecuritystandards.org
NEWS
🏥
HIPAA
HEALTHCARE

Health Insurance Portability and Accountability Act — federal law protecting patient health information.

HHS HIPAA Security Rule
hhs.gov/hipaa/for-professionals/security
SECURITY RULE
HHS HIPAA Privacy Rule
hhs.gov/hipaa/for-professionals/privacy
PRIVACY RULE
Breach Notification Rule
hhs.gov/hipaa/for-professionals/breach-notification
BREACH
Compliance & Enforcement
hhs.gov/hipaa/for-professionals/compliance-enforcement
ENFORCEMENT
Security Guidance Documents
Risk analysis, remote access, mobile device guidance
GUIDANCE
⚖️
FTC SAFEGUARDS
FINANCIAL

FTC Safeguards Rule — requires non-banking financial institutions to implement information security programs.

What Your Business Needs to Know
ftc.gov/business-guidance/resources/ftc-safeguards-rule
OVERVIEW
Safeguards Rule — Full Text
ftc.gov/legal-library/browse/rules/safeguards-rule
RULE TEXT
Cybersecurity for Small Business
ftc.gov/business-guidance/small-businesses/cybersecurity
SMB
Data Security Enforcement Actions
ftc.gov/news-events/topics/privacy-security/data-security
ENFORCEMENT
🎖
CMMC 2.0
DEFENSE

Cybersecurity Maturity Model Certification — required for DoD contractors handling CUI or FCI.

DoD CMMC Official Program
dodcio.defense.gov/CMMC
OFFICIAL
CMMC FAQ
acq.osd.mil/cmmc/faq.html
FAQ
NIST SP 800-171 Rev 3
Protecting Controlled Unclassified Information
CUI
DCSA Cybersecurity & CMCC
dcsa.mil/is/cmcc
DCSA
DoD Cyber Exchange — CMMC Resources
cyber.mil/cmmc
RESOURCES
🔒
CIS CONTROLS 8.1+
FRAMEWORK

Center for Internet Security Controls v8.1 — prescriptive, prioritized set of security best practices.

CIS Controls v8 Overview
cisecurity.org/controls/v8
v8
CIS Benchmarks (Free Download)
Configuration hardening guides for 100+ technologies
BENCHMARKS
Implementation Groups (IG1/IG2/IG3)
Prioritized controls by organization size & risk
IG MAPPING
CIS & CISA Partnership Resources
Joint guidance for state & local government
GOV
MS-ISAC (Free for SLTT orgs)
24/7 cyber threat monitoring for state/local gov
MS-ISAC
📐
NIST FRAMEWORK
US GOV

National Institute of Standards and Technology — the gold standard for cybersecurity frameworks and SP 800-series publications.

NIST CSF 2.0 — Cybersecurity Framework
nist.gov/cyberframework
CSF 2.0
SP 800-Series Publications
800-53, 800-171, 800-63 and all special publications
SP 800
National Vulnerability Database (NVD)
nvd.nist.gov — CVE search, CVSS scores
NVD
NIST Privacy Framework
nist.gov/privacy-framework
PRIVACY
NIST SP 800-53 Rev 5
Security & Privacy Controls for Information Systems
800-53
📡
CISA LATEST NEWS & ALERTS
● LIVE

Direct links to CISA's current alert channels and news streams. Updated continuously by CISA.

NEWS Latest CISA News Press releases and announcements ALERTS Active Threat Alerts Current US-CERT activity alerts ADVISORIES Current Activity Timely information about current threats APT APT Threat Actors Nation-state and advanced threat profiles MALWARE Malware & Phishing Active campaigns and IOCs BLOG CISA Blog Insights from CISA leadership