Trademark Notices

International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)

ISO, IEC, ISO/IEC, ISO 9001, ISO 14001, ISO 20000, ISO 22000, ISO 22301, ISO 26000, ISO 27001, ISO 27002, ISO 27017, ISO 27018, ISO 27701, ISO 31000, ISO 37001, ISO 37301, ISO 38500, ISO 42001, ISO 45001, ISO 55001, ISO 13485, ISO/IEC 27035, ISO/IEC 27040, ISO/IEC 29134, and all other ISO and IEC standard numbers

ISO standards are copyrighted publications of ISO. This platform does not reproduce official ISO standard text.

National Institute of Standards and Technology (NIST), U.S. Department of Commerce

NIST, NIST Cybersecurity Framework (CSF), NIST SP 800-53, NIST SP 800-171, NIST SP 800-82, NIST SP 800-218, NIST AI Risk Management Framework (AI RMF), NIST Privacy Framework

NIST publications are in the public domain. Framework names and logos are used with attribution.

AICPA (American Institute of Certified Public Accountants)

SOC, SOC 1, SOC 2, SOC 2 Type II, SOC 3, SSAE 18, Trust Services Criteria

SOC and Trust Services Criteria are service marks of the AICPA.

ISACA (Information Systems Audit and Control Association)

COBIT, COBIT 2019, COBIT 5

COBIT is a registered trademark of ISACA.

PeopleCert / AXELOS Limited

ITIL, ITIL 4, ITIL Foundation

ITIL is a registered trademark of PeopleCert (formerly AXELOS Limited).

PCI Security Standards Council (PCI SSC)

PCI, PCI DSS, PCI DSS v4.0, Payment Card Industry Data Security Standard

PCI DSS is a registered trademark of the PCI Security Standards Council.

Center for Internet Security (CIS)

CIS, CIS Controls, CIS Controls v8, CIS Benchmarks

Cloud Security Alliance (CSA)

CSA, CSA STAR, Cloud Controls Matrix (CCM), CCM v4

OWASP Foundation

OWASP, OWASP Top 10, OWASP ASVS, OWASP Application Security Verification Standard

OWASP materials are published under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0). See the Open-Source Licence Attributions section below.

MITRE Corporation

MITRE ATT&CK, ATT&CK

ATT&CK is a registered trademark of The MITRE Corporation.

European Union / European Commission

GDPR (General Data Protection Regulation), EU AI Act, DORA (Digital Operational Resilience Act), Digital Services Act (DSA), Digital Markets Act (DMA), EU Data Act, NIS2 Directive, ePrivacy Directive

U.S. Department of Health and Human Services (HHS)

HIPAA, HIPAA Security Rule, HIPAA Privacy Rule, HITECH Act

U.S. Department of Defense (DoD)

CMMC, CMMC 2.0, Cybersecurity Maturity Model Certification, DFARS, DISA STIGs

U.S. General Services Administration (GSA)

FedRAMP, Federal Risk and Authorization Management Program

Australian Signals Directorate (ASD)

ISM (Information Security Manual), Essential Eight, Essential Eight Maturity Model

Australian Government, Department of the Attorney-General

PSPF (Protective Security Policy Framework)

Australian Prudential Regulation Authority (APRA)

APRA CPS 234, CPS 230

Global Reporting Initiative (GRI)

GRI, GRI Standards

Health Level Seven International (HL7)

HL7, FHIR, HL7 FHIR

HL7 and FHIR are registered trademarks of Health Level Seven International.

COSO (Committee of Sponsoring Organizations of the Treadway Commission)

COSO, COSO Internal Control — Integrated Framework, COSO ERM

Basel Committee on Banking Supervision (BCBS)

Basel III, Basel Framework

World Wide Web Consortium (W3C)

WCAG, Web Content Accessibility Guidelines

WCAG 2.2 is a W3C Recommendation subject to the W3C Document License. See the Open-Source Licence Attributions section below.

IEEE (Institute of Electrical and Electronics Engineers)

IEEE, IEEE 7000