| California Consumer Privacy Act (CCPA) – |
| Cloud Controls Matrix (CCM) – Industry‑standard controls for cloud service providers. |
| Control Objectives for Information and Related Technologies (COBIT) – Governance and management framework for enterprise IT. |
| Cybersecurity Maturity Model Certification for DoD contractors (CMMC 2.0) – |
| Federal Financial Institutions Examination Council (FFIEC) – United States banking regulatory framework. |
| General Data Protection Regulation (GDPR) – European Union (EU) – |
| Health Insurance Portability and Accountability Act (HIPAA) – Data Privacy and Security Rules – United States – |
| International Organization for Standardization (ISO) 27001:2013 & ISO 27001:2022 – Establishes and maintains an Information Security Management Systems (ISMS) – |
| International Organization for Standardization (ISO) 27017 – Cloud‑specific security controls as an add‑on to ISO 27001. |
| International Organization for Standardization (ISO) 27018 – Privacy controls for personally identifiable information in the cloud (add‑on to ISO 27001). |
| International Organization for Standardization (ISO) 27701 – Privacy Information Management System (PIMS) extension to ISO 27001. |
| Microsoft Supplier Security and Privacy Assurance program (SSPA) – |
| National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) – Risk‑based approach to managing cybersecurity. |
| National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0 – Updated controls aligned with the latest CSF version. |
| National Institute of Standards and Technology (NIST) SP 800‑53 – Security and privacy controls for federal information systems. |
| National Institute of Standards and Technology (NIST) SP 800‑171 – Protecting Controlled Unclassified Information in non‑federal systems. |
| National Institute of Standards and Technology (NIST) AI Risk Management Framework – Guidance for managing risks related to artificial intelligence |
| Network and Information Security 2 Directive (NIS 2) Cybersecurity Core – For EU entities under the NIS 2 Directive. |
| Payment Card Industry Security Standard (PCI-DSS) – |
| Payment Card Industry PIN Transaction Security (PCI-PTS) – |
| Sarbanes‑Oxley IT General Controls (SOX ITGC) – |
| United Kingdom (UK) Cyber Essentials – UK Government cybersecurity baseline. |
Call (541) 508-5574
Copyright 2025 Gilberts Cyber. All rights reserved.
1900 NE Third Street, Suite 106 #1088, Bend, OR 97701
A USMC Veteran-Owned Business