Security & IT Compliance

Security standards, IT regulations, risk and control libraries, and best practices

Standards, regulations, and controls to quickly set-up your IT security compliance and governance programs

Using Galvanize's Security and IT Compliance toolkits increase assurance over IT general controls, data privacy, and cybersecurity using our integrated content to monitor compliance programs by mapping IT regulations and standards against common control frameworks.

Included in the Content For Security & IT Compliance

Browse by toolkit

A toolkit is a curated set of tools aimed at addressing one area of risk or compliance.

For example, a toolkit might include a set of data analytics, a risk control framework, and a best practices program.

IT Risk and Compliance

Standards

Best practices, rules, or principals designed to provide consistency to the planning, development, operation and governance of your IT services.

COBIT

  • COBIT® 2019 - Governance and Management Objectives

NIST

  • NIST Framework for Improving Critical Infrastructure Cybersecurity ver. 1.0 (2014)
  • NIST Framework for Improving Critical Infrastructure Cybersecurity ver. 1.1 (2018)
  • NIST SP 800-171 Rev. 1 (2018)
  • NIST SP 800-171 Rev. 2 (2020)
  • NIST SP 800-53 Rev. 4 Privacy Controls (2019)
  • NIST SP 800-53 Rev. 4 Program Management Controls (2019)
  • NIST SP 800-53 Rev. 4 Security Controls (2019) / FedRAMP (2016.01)
  • NIST SP 800-53 Rev. 4 Security Controls (2019) / FedRAMP (2016.01)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Low Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Moderate Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - High Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Full Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Privacy Baseline (2020)

Payment Card Industry (PCI)

  • Payment Card Industry (PCI) Data Security Standard ver. 3.2 (2017)
  • Payment Card Industry (PCI) Data Security Standard ver. 3.2.1 (2018)

SOC 2

  • Trust Services Criteria SOC 2® (AICPA 2016)
  • Trust Services Criteria SOC 2® (AICPA 2017)

Regulations

Laws that govern the planning, development, and operation of your IT services, information security, and electronic commerce

  • California Consumer Protection Act (Title 1.81.5, CA Legislative Information 2019)
  • Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500, NYDFS 2017)

Frameworks

Plans, processes, templates and guidance for the methods through which an organization can implement, manage and monitor IT governance.

COBIT

  • COBIT® 5 Controls
  • COBIT® 2019 - Governance and Management Objectives Controls

CSA

  • CSA Cloud Controls Matrix Version 3.0.1 (2016)
  • CSA Cloud Controls Matrix Version 3.0.1 (2019)

CIS

  • CIS Controls ver. 7.0 (2018)
  • CIS Controls ver. 7.1 (2019)

NIST

  • NIST SP 800-53 Rev. 4 FedRAMP Low Baseline Controls
  • NIST SP 800-53 Rev. 4 FedRAMP Moderate Baseline Controls
  • NIST SP 800-53 Rev. 4 FedRAMP High Baseline Controls
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls (2020)

Harmonized Control Framework

  • Secure Controls Framework (2020.04)
  • Secure Controls Framework™ (2021.01)

* Year reflects source publication used

Data Privacy Compliance

Emerging data privacy regulations, standards, and guidance, including:

Standards

Best practices, rules, or principals designed to provide consistency to the planning, development, operation and governance of your IT services

  • Privacy Principles (ISACA 2016)

Regulations

Laws that govern the planning, development, and operation of your IT services, information security and electronic commerce

  • General Data Protection Regulation (EU GDPR 2016)
  • California Consumer Protection Act (Title 1.81.5, CA Legislative Information 2019)

Guidance

  • GDPR Data Protection Impact Assessment (ISACA 2017)

Want to learn more about Galvanize's compliance with GDPR? Click here.

* Year reflects source publication used

ISO 2700X Toolkit

Information security management best practices to cover the risks related to technical privacy and confidentiality.

Standards

Best practices, rules, or principals designed to provide consistency to the planning, development, operation and governance of your IT services

  • ISO/IEC 27001:2013 Information Security Management Systems (for US, Canada, & UK only)
  • ISO/IEC 27002:2013 Code of Practice for Information Security Controls (for US, Canada, & UK only)

* Year reflects source publication used

Banking IT Risk and Compliance

Regulations, standards, and risk and control matrices for Bank IT governance, including:

Standards

Best practices, rules, or principals designed to provide consistency to the planning, development, operation and governance of your IT services

FDIC

  • Effective Practices for Selecting a Service Provider (FIL-50-2001, FDIC 2001)
  • Techniques for Managing Multiple Service Providers (FIL-50-2001, FDIC 2001)
  • Tools to Manage Technology Providers' Performance Risk: Service Level Agreements (FIL-50-2001, FDIC 2001)
  • Information Technology Risk Examination (InTREx) (FDIC 2016)

FFIEC IT Handbook

  • IT Handbook - Audit (FFIEC 2012)
  • IT Handbook - Business Continuity Management (FFIEC 2019)
  • IT Handbook - Business Continuity Planning (FFIEC 2015)
  • IT Handbook - Development and Acquisition (FFIEC 2004)
  • IT Handbook - E-Banking (FFIEC 2003)
  • IT Handbook - Information Security (FFIEC 2016)
  • IT Handbook - Management (FFIEC 2015)
  • IT Handbook - Operations (FFIEC 2004)
  • IT Handbook - Outsourcing Technology Services (FFIEC 2004)
  • IT Handbook - Retail Payment Systems (FFIEC 2016)
  • IT Handbook - Supervision of Technology Service Providers (FFIEC 2012)
  • IT Handbook - Wholesale Payment Systems (FFIEC 2004)

Regulations

Laws that govern the planning, development, and operation of your IT services, information security and electronic commerce

  • Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500, NYDFS 2017)

Guidance

  • Audit IT Program (FFIEC 2012)
  • BCP IT Program (FFIEC 2015)
  • Development & Acquisition IT Program (FFIEC 2004)
  • E-Banking IT Program (FFIEC 2003)
  • Information Security IT Program (FFIEC 2016)
  • Management IT Program (FFIEC 2015)
  • Operations IT Program (FFIEC 2004)
  • Outsourcing Technology Services IT Program (FFIEC 2004)
  • Retail Payment Systems IT Program (FFIEC 2016)
  • Wholesale Payment Systems IT Program (FFIEC 2004)
  • URSIT Program (FFIEC 2012)
  • InTREx Program (FDIC 2016)

* Year reflects source publication used

Federal Government IT Compliance

Standards

Best practices, rules, or principals designed to provide consistency to the planning, development, operation and governance of your IT services.

NIST

  • NIST Framework for Improving Critical Infrastructure Cybersecurity ver. 1.0 (2014)
  • NIST Framework for Improving Critical Infrastructure Cybersecurity ver. 1.1 (2018)
  • NIST SP 800-171 Rev. 1 (2018)
  • NIST SP 800-171 Rev. 2 (2020)
  • NIST SP 800-53 Rev. 4 Privacy Controls (2019)
  • NIST SP 800-53 Rev. 4 Program Management Controls (2019)
  • NIST SP 800-53 Rev. 4 Security Controls (2019) / FedRAMP (2016.01)
  • NIST SP 800-53 Rev. 4 Security Controls (2019) / FedRAMP (2016.01)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Low Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Moderate Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - High Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Full Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Privacy Baseline (2020)

FISCAM

  • FISCAM Chapter 3 - Evaluating and Testing General Controls (GAO-09-232G, 2009)
  • FISCAM Chapter 4 - Evaluating and Testing Business Process Application Controls (GAO-09-232G, 2009)

Frameworks

Plans, processes, templates and guidance for the methods through which an organization can implement, manage and monitor IT governance.

NIST

  • NIST SP 800-53 Rev. 4 FedRAMP Low Baseline Controls
  • NIST SP 800-53 Rev. 4 FedRAMP Moderate Baseline Controls
  • NIST SP 800-53 Rev. 4 FedRAMP High Baseline Controls
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls (2020)

* Year reflects source publication used

State and Local Government IT Compliance

Standards

Best practices, rules, or principals designed to provide consistency to the planning, development, operation and governance of your IT services.

NIST

  • NIST Framework for Improving Critical Infrastructure Cybersecurity ver. 1.0 (2014)
  • NIST Framework for Improving Critical Infrastructure Cybersecurity ver. 1.1 (2018)
  • NIST SP 800-171 Rev. 1 (2018)
  • NIST SP 800-171 Rev. 2 (2020)
  • NIST SP 800-53 Rev. 4 Privacy Controls (2019)
  • NIST SP 800-53 Rev. 4 Program Management Controls (2019)
  • NIST SP 800-53 Rev. 4 Security Controls (2019) / FedRAMP (2016.01)
  • NIST SP 800-53 Rev. 4 Security Controls (2019) / FedRAMP (2016.01)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Low Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Moderate Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - High Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Full Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Privacy Baseline (2020)

FISCAM

  • FISCAM Chapter 3 - Evaluating and Testing General Controls (GAO-09-232G, 2009)
  • FISCAM Chapter 4 - Evaluating and Testing Business Process Application Controls (GAO-09-232G, 2009)

Frameworks

Plans, processes, templates and guidance for the methods through which an organization can implement, manage and monitor IT governance.

NIST

  • NIST SP 800-53 Rev. 4 FedRAMP Low Baseline Controls
  • NIST SP 800-53 Rev. 4 FedRAMP Moderate Baseline Controls
  • NIST SP 800-53 Rev. 4 FedRAMP High Baseline Controls
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls (2020)

* Year reflects source publication used

Healthcare IT Compliance

Standards

Best practices, rules, or principals designed to provide consistency to the planning, development, operation and governance of your IT services.

NIST

  • NIST Framework for Improving Critical Infrastructure Cybersecurity ver. 1.0 (2014)
  • NIST Framework for Improving Critical Infrastructure Cybersecurity ver. 1.1 (2018)
  • NIST SP 800-171 Rev. 1 (2018)
  • NIST SP 800-171 Rev. 2 (2020)
  • NIST SP 800-53 Rev. 4 Privacy Controls (2019)
  • NIST SP 800-53 Rev. 4 Program Management Controls (2019)
  • NIST SP 800-53 Rev. 4 Security Controls (2019) / FedRAMP (2016.01)
  • NIST SP 800-53 Rev. 4 Security Controls (2019) / FedRAMP (2016.01)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Low Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Moderate Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - High Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Full Baseline (2020)
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls - Privacy Baseline (2020)

FISCAM

  • FISCAM Chapter 3 - Evaluating and Testing General Controls (GAO-09-232G, 2009)
  • FISCAM Chapter 4 - Evaluating and Testing Business Process Application Controls (GAO-09-232G, 2009)

Frameworks

Plans, processes, templates and guidance for the methods through which an organization can implement, manage and monitor IT governance.

NIST

  • NIST SP 800-53 Rev. 4 FedRAMP Low Baseline Controls
  • NIST SP 800-53 Rev. 4 FedRAMP Moderate Baseline Controls
  • NIST SP 800-53 Rev. 4 FedRAMP High Baseline Controls
  • NIST SP 800-53 Rev. 5 Security and Privacy Controls (2020)

* Year reflects source publication used

Not what you were looking for? Explore more content suites

Regulatory Compliance

  • Banking Compliance
  • Financial Services Compliance
  • Federal Government Compliance

Audit & Internal Controls Management

  • Banking Audit
  • Financial Services Audit
  • Federal Government Audit

Robotics

  • Resources
  • Data Integration Robot Toolkits
  • Analysis Robot Toolkits

Rsam Integrated Content

  • Rsam Regulatory Guidance

Risk Management

  • Banking Risk Management
  • Enterprise Risk Libraries