Compliance Standard | Industry/Field | Geographical | Enterprise | SMB | Source |
|---|---|---|---|---|---|
CIS (Center for Internet Security) | Cross-industry, applicable to all organizations aiming to improve cybersecurity hygiene | Global | Public and Private Sector Organizations, CSP, MSP, Regulated industries | Public and Private Sector Organizations, CSP, MSP, Regulated industries | |
Cyber Essentials | General business, primarily in the UK (focuses on small to medium-sized enterprises) | UK-focused | UK-based SMEs, IT consultancies, local government | Local accounting firms, UK-based SMEs, startup tech companies | |
Essential Eight | Australian businesses and government organizations, particularly in critical infrastructure | Australia | Australian enterprises like Telstra, state agencies | Small Australian businesses, local contractors | |
GDPR (General Data Protection Regulation) | Any organization processing personal data of EU citizens (cross-industry) | European Union (applies globally if processing EU citizens' data) | Publicly traded companies like Google, Facebook, healthcare orgs | Small online retailers, EU-based local service businesses | |
GPG 13 (Good Practice Guide 13) | UK government and entities managing government-sensitive information | UK | UK defense contractors, large government vendors like BAE Systems | Small consulting firms, local UK contractors | |
HIPAA (Health Insurance Portability and Accountability Act) | Healthcare, Health Insurance, Medical Research | United States | Healthcare providers like UnitedHealth Group, research institutions | Small healthcare providers, medical practices, local clinics | |
ISO 27002 | Cross-industry, global standard for information security management systems (ISMS) | Global | Enterprises like Siemens, multinational corporations | Small IT services firms, local security consultants | |
NIST 800-53 | Government agencies, defense contractors, and sectors dealing with sensitive data | Primarily U.S. federal government and related sectors | Government contractors like Lockheed Martin, federal agencies | Small government subcontractors, U.S.-based MSPs | |
NIST 800-171 | Organizations working with the U.S. government that handle Controlled Unclassified Information (CUI) | United States | Contractors like Boeing, Raytheon, small defense-related businesses | Small U.S. defense subcontractors, local tech suppliers | |
NIST CSF 2.0 (Cybersecurity Framework) | Cross-industry, U.S. businesses, government agencies, and critical infrastructure sectors | United States (adopted globally by some industries) | Energy companies, utilities like ExxonMobil, Duke Energy | Small U.S. energy providers, local utility contractors | |
PCIDSS (Payment Card Industry Data Security Standard) | Finance, E-commerce, Retail (any entity handling credit card data) | Global | Retail giants like Walmart, e-commerce platforms like Amazon | Small online shops, local retail stores, restaurants |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article