NIST

The National Institute of Standards and Technology (NIST) develops recognised frameworks that provide structured guidance for managing cybersecurity and technology risk. These frameworks help organisations strengthen governance, improve risk management, and implement proportionate security controls.

NIST Cybersecurity Framework (CSF) 2.0

The NIST CSF 2.0 provides a flexible structure for managing cybersecurity risk, built around six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. Version 2.0 places greater emphasis on governance and leadership accountability and can be applied across organisations of all sizes.

NIST Artificial Intelligence Risk Management Framework (AI RMF)

The NIST AI RMF supports organisations in identifying and managing risks associated with artificial intelligence systems. It promotes responsible and trustworthy AI by addressing security, reliability, and accountability throughout the AI lifecycle.

National Institute of Standards and Technology

ISO Standards

The International Organization for Standardization (ISO) develops globally recognised standards that provide structured guidance across security, technology, and governance. These standards help organisations implement risk-based management systems that support regulatory alignment and resilience.

ISO/IEC 27001 – Information Security Management

This ISO s the certifiable standard for information security management systems (ISMS). It provides a framework for managing and reducing information security risk, supporting the protection of confidentiality, integrity, and availability.

ISO/IEC 42001 – Artificial Intelligence Management

This ISO provides a management framework for organisations developing or using artificial intelligence systems, supporting governance, accountability, and oversight of AI risk.

International Organization for Standardization

PCI Security Standards Council

The PCI Security Standards Council (PCI SSC) was established by the major card brands to develop and maintain security standards that protect payment card data worldwide. The Council publishes and manages a suite of standards designed to strengthen payment security across merchants, service providers, and financial institutions.

PCI DSS Version 4.0.1

The Payment Card Industry Data Security Standard (PCI DSS) v4.0.1 is the current global framework for protecting cardholder data and reducing payment fraud. It defines detailed security requirements for organisations that store, process, or transmit payment card information. The standard supports the secure operation of payment environments through structured controls, regular validation, and ongoing risk management.

Center for Internet Security (CIS)

The Center for Internet Security (CIS) is a globally recognised, non-profit organisation dedicated to improving cybersecurity readiness and resilience. CIS develops practical guidance, standards, and best practices to help organisations defend against evolving cyber threats. Its resources are widely adopted across public and private sectors to strengthen security controls and reduce risk exposure.

CIS Benchmarks

CIS Benchmarks are detailed, consensus-based configuration guidelines designed to help organisations securely configure operating systems, cloud environments, applications, and network devices. These benchmarks provide prescriptive, prioritised recommendations aligned with industry best practice, supporting secure system hardening and consistent control implementation. Organisations use CIS Benchmarks to reduce vulnerabilities, demonstrate due diligence, and strengthen their overall security posture.