Monday, August 6, 2012

Re-post: Spreadsheet: ISO PCI HIPAA 800-53 FedRAMP CSA SANS SCSEM CESG

Re-posting this because this spreadsheet is a popular item. I've been pulled into so many directions over the last couple months that contributing here has been difficult. My apologies for that... here is the information about the spreadsheet:

Get the 'Common Authorities on Information Assurance' spreadsheet here. (xlsx)

...There are different spreadsheets floating around with ISO, PCI, NIST, HIPAA, and more so that you can play to your heart's content. Here's mine. Why do I do this? It's fun for me and it forces me to digest to a certain extent what's in there.

We have vCM and Archer, real tools for managing compliance. It does make a quick, compelling view into exactly why a (good) compliance management tool can be sooooo helpful. :) Have fun! It's under the documents tab.

The most complete set of controls? 
Recently a customer asked my opinion about what I thought was the most complete set of controls. There are several I like, and some that are far too narrowly focused to build a comprehensive program. My answer? NIST SP800-53. Here's a look at some commonly referred to sources.

Common Regulations, Standards, Audit Practices and Guides: SOX | GLBA |FFIEC | Basel II | FCRA | HIPAA | NERC | NRC | CFAA | FISMA | FRCP | FISCAMPrivacy Act of 1974 | Safe Harbor | NYSE | PCI-DSS | COSO  | CESG | NIST |ISO 27001:2005 | ISO/IEC 27002-2005 | OGC ITIL | BCI | CobiT | ISACA | AICPA |ISACA | OECD | CSA | ENISA