Complete List of Cyber Security Standards (Updated 2023)

The foremost aim of the formulation of cybersecurity standards is to improve the security of IT infrastructure and IT products used in organizations. Here, I am listing out a comprehensive list of standards that help you understand the benchmark in IT security.

  1. Information security management system (ISMS) (ISO/IEC 27000 Family):  It is a set of guidelines for maintaining infrastructure, mainly the company's data centers, to follow certain legal, technical and physical policies to ensure confidentiality, integrity, and availability of data reside in the company's data centers. It consists of a set of ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27003, ISO/IEC 27004, ISO/IEC 27005, ISO/IEC 27006, and ISO/IEC 27007.
  2. Common Criteria (ISO/IEC 15408): This standard mainly deals with the certification of IT products. It ensures the evaluation of IT products based on a set of approving standards that are widely followed by industry and governments. ISO/IEC 15408 consists of three parts: Part 1 (Introduction and general model), Part 2 (Security functional requirements), and Part 3 (Security assurance requirements). The Common Evaluation Methodology (CEM) is another document used by security auditors to evaluate IT products.
  3. ISO/IEC 18043: This standard helps an organization in the selection, deployment, and operations of intrusion detection systems within an organization's IT infrastructure.
  4. Center of Internet Security, CIS ( CIS publishes security benchmarks for mobile devices, network devices, server operating systems, virtualization platforms and cloud, desktops, and web browsers. These benchmarks are security configuration guides that governments and the industry widely accept and are available for free. Most security auditing organizations used these benchmarks to evaluate the configuration of IT infrastructure.
  5. ISO 22301:2012: This standard contains requirements for Business continuity management systems.
  6. National Information Security Technology (NIST) Standard Specification: NIST is a US-based agency that publishes cybersecurity-related standards. Most of the cryptography-related standards come from NIST, and different countries across the globe widely follow them. NIST 800-115 (Technical Guide to Information Security Testing and Assessment) is an important standard for assessing the IT system.
  7. SANS Security Policy Resource: This resource contains templates related to network devices, servers, and application security.
  8. ISO 28000: This ISO standard contains the specification for security management systems for the supply chain.
  9. OWASP Foundation: It is a non-profit organization that regularly publishes the Top 10 security issues of the web application, mobile, web services, etc. Most security auditing organizations follow these Top 10 security issues to categorize security vulnerabilities.
  10. ISO/IEC 27037: This ISO standard contains guidelines for the identification, collection, acquisition, and preservation of digital evidence.
  11. Payment Card Industry Data Security Standard (PCI DSS): This compliance formulates financial organizations' and sellers' requirements to transact credit card payments securely.
  12. Cloud Security Alliance (CSA): CSA is a non-profit organization that regularly publishes the best security practices related to cloud security.
  13. ISO/SAE 21434: Standard covers the aspects of automotive cybersecurity. This standard includes a list of requirements related to cyber security risk management. It also covers a cybersecurity process framework that helps OEMs to come on a common platform and communicate risks related to security.
  14. ISO/IEC 20243-1: This Information technology standard refers Open Trusted Technology ProviderTM Standard (O-TTPS). This particular standard helps in mitigating maliciously tainted and counterfeit products.
  15. ISO/IEC 27400:2022 - This standard provides a set of guidelines for Internet of Things (IoT) solutions. It provides a list of risks, principles, and controls for security and privacy for IoT solutions.
  16. ISO/IEC 27017 - Based on ISO/IEC 27001 and ISO/IEC 27002, covers specifically the cloud controls applicable for cloud service providers.
  17. ISO/IEC 29147 - related to vulnerability disclosure in IT products and services. It provides both guidance and recommendation to vendors in technical vulnerability management.
  18. ISO/IEC 30111 - related to vulnerability handling processes. It provides requirements and recommendations to manage and remediate vulnerabilities in IT products.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

6 Responses

  1. Charles says:

    Nice article..

  2. Reena Jaiswal says:

    Nicely written…

  3. Irfan says:


  4. James says:

    list is ok.. explain more

Leave a Reply

Your email address will not be published. Required fields are marked *