INDEX.md

Reference Library Index

Auto-generated 2026-02-23 — 294 documents

This index includes direct links to files in this repo and source links where available.

By Content Type

Threat Intelligence

Document	Organization	Year
Accenture CyberSecurityConundrum 2016	Accenture	2016
Accenture RebootingPublicSectorCyberSecurity 2016	Accenture	2016
Accenture CyberThreatscape 2017	Accenture	2017
Accenture CyberThreatscape ExecSummary 2017	Accenture	2017
Accenture CyberThreatscape 2018	Accenture	2018
Cisco AnnualCyberSecurityReport 201802	Cisco	unknown
Cisco SpecialReport SMB Cybersecurity 201807	Cisco	unknown
Coveware RansomwareReport 2020Q3	Coveware	2020
Coveware RansomwareReport 2020Q4	Coveware	2020
Coveware RansomewareReport 2022Q2	Coveware	2022
Proofpoint HumanFactor 2018	Proofpoint	2018
Proofpoint QuarterlyThreatReport Q1 2018	Proofpoint	2018
Proofpoint QuarterlyThreatReport Q2 2018	Proofpoint	2018
Proofpoint QuarterlyThreatReport Q3 2018	Proofpoint	2018
pfpt us tr data loss landscape report 2024	Proofpoint	2024
pfpt us tr state of the phish 2024	Proofpoint	2024
SSC 2018Healthcare Report c06	SecurityScorecard	2018
SSC 2019 Healthcare Report	SecurityScorecard	2019
Symantec ISTR20 2015	Symantec	2015
Symantec ISTR SpecialReport EmailThreats 2017	Symantec	2017
Symantec ISTR22 2017	Symantec	2017
Symantec ISTR23 2018	Symantec	2018
Symantec ISTR24 2019	Symantec	2019
2019 Webroot Threat Report US Online	Webroot	2019

Breach Reports

Document	Organization	Year
Anthem 20161201	Anthem	unknown
Equifax EX99 StatementofRecord	Equifax	unknown
[Equifax GAO 20180906](breach-reports/Equifax_GAO_ 20180906.md)	Equifax	unknown
Equifax SenateReport 201903	Equifax	unknown
Ponemon StateofSMBCybersecurity 2017	IBM/Ponemon	2017
Ponemon CostofDataBreach 2018	IBM/Ponemon	2018
Ponemon CostofDataBreach 2019	IBM/Ponemon	2019
Ponemon CyberResilientOrganizationReport 2019	IBM/Ponemon	2019
Ponemon CostofDataBreach 2020	IBM/Ponemon	2020
Ponemon CyberResilientOrganizationReport 2020	IBM/Ponemon	2020
Ponemon StateofEndpointSecurity 2020	IBM/Ponemon	2020
Ponemon CostofDataBreach 2021	IBM/Ponemon	2021
CostofDataBreach 2022	IBM/Ponemon	2022
Cost of Data Breach Report 2023	IBM/Ponemon	2023
IBM Cost of a Data Breach Report 2023	IBM/Ponemon	2023
Verizon DBIR 2015	Verizon	2015
Verizon DBIR 2016	Verizon	2016
Verizon DBIR 2017	Verizon	2017
Verizon DBIR 2018	Verizon	2018
Verizon DBIR 2019	Verizon	2019
Verizon DBIR 2019 ExecBrief	Verizon	2019
Verizon DBIR 2020	Verizon	2020
Verizon DBIR 2020 ExecutiveBrief	Verizon	2020
Verizon DBIR 2021	Verizon	2021
Verizon DBIR 2022	Verizon	2022
Verizon DBIR 2023	Verizon	2023
Verizon DBIR 2024 data breach investigations report	Verizon	2024
Verizon DBIR 2024 executive summary	Verizon	2024
Verizon DBIR 2024 infographic	Verizon	2024

Government & Regulatory

Document	Organization	Year	Source
AWS Guide to NYDFS Cybersecurity Regulation	AWS	2019
CISA MS ISAC Ransomware Guide	CISA	2020	source
CISA Fact Sheet Rising Ransomware Threat to OT Assets	CISA	2021	source
Known Exploited Vulnerabilities Catalog	CISA	2026	source
CISA Cybersecurity Advisories (Live Feed)	CISA	ongoing	source
CISA Known Exploited Vulnerabilities Catalog	CISA	ongoing	source
known exploited vulnerabilities	CISA	unknown
FFIEC CAT Appendix B Mapping to NIST CSF	FFIEC	2015	source
FFIEC CAT Appendix C Glossary	FFIEC	2015	source
FFIEC Cybersecurity Assessment Tool Cybersecurity Maturity 2017	FFIEC	2017	source
FFIEC Cybersecurity Assessment Tool Inherent Risk Profile 2017	FFIEC	2017	source
FFIEC Cybersecurity Assessment Tool User Guide 2017	FFIEC	2017	source
FFIEC IT Examination Handbook Business Continuity Planning	FFIEC	2019	source
FFIEC IT Examination Handbook Information Security	FFIEC	2019	source
FFIEC IT Examination Handbook Operations	FFIEC	2019	source
FFIEC IT Examination Handbook Outsourcing Technology Services	FFIEC	2019	source
FFIEC IT Examination Handbook Supervision of Technology Service Providers	FFIEC	2019	source
FFIEC IT Examination Handbook All In One	FFIEC	2019	source
FedRAMP Authorization Boundary Guidance for Cloud Service Providers	FedRAMP	2019	source
FedRAMP Program Overview	FedRAMP	2019	source
Health Industry Cybersecurity Practices Resources and Templates	HHS	2019	source
Health Industry Cybersecurity Practices Vol 2 Large Organizations	HHS	2019	source
Provider Alignment Report HICP 2019	HHS	2019
HHS HIPAA Administrative Safeguards Guidance	HHS	2020	source
HHS HIPAA Physical Safeguards Guidance	HHS	2020	source
HHS HIPAA Policies and Procedures Requirements	HHS	2020	source
HHS HIPAA Policies and Procedures Requirements Guidance	HHS	2020	source
HHS HIPAA Risk Assessment and Management Guidance	HHS	2020	source
HHS HIPAA Technical Safeguards Guidance	HHS	2020	source
HHS NIST CSF and HIPAA Security Rule Crosswalk	HHS	2020
NIST CSF Healthcare Sector Implementation Guidance	HHS	2020
Substance Use Disorder Privacy Part 2 IDN Workbook	HHS/SAMHSA	2017
42 CFR Part 2 How to Exchange Part 2 Records	HHS/SAMHSA	2020
42 CFR Part 2 Appendix D Consent Form	HHS/SAMHSA	2020
42 CFR Part 2 Consent for Release of Information	HHS/SAMHSA	2020	source
42 CFR Part 2 FAQs Confidentiality and Health Information Exchange	HHS/SAMHSA	2020
42 CFR Part 2 Overview Reference	HHS/SAMHSA	2020
CARES Act Section 3221 Summary 42 CFR Part 2 Amendments	HHS/SAMHSA	2020
Privacy and Confidentiality in Health Care 42 CFR Part 2	HHS/SAMHSA	2020
NIST National Vulnerability Database (NVD)	NIST	ongoing	source
National Security Telecommunications Advisory Committee Ransomware IT Sector Workshop	NSTAC	2021
OIG 7 Elements of an Effective Compliance Program	OIG	2019	source
OCR Audit Protocol 2018	US Government	2018
OCR Audit Protocol 2018	US Government	2018
Chinese Cyber Activity Targeting Managed Service Providers	US Government	unknown
HIPAA CFR list	US Government	unknown
HIPAA CFR reference	US Government	unknown
HIPAA CFR reference spreadsheet	US Government	unknown
HIPAA CFR reference spreadsheet	US Government	unknown
ATA 2018 Unclassified Report	US Intelligence Community	2018
ATA 2019 Unclassified Report	US Intelligence Community	2019
USNI WWTA 2019	US Intelligence Community	2019
ATA 2021 Unclassified Report	US Intelligence Community	2021
ATA 2022 Unclassified Report	US Intelligence Community	2022
ATA 2023 Unclassified Report	US Intelligence Community	2023
CCPA and GDPR Comparison Chart	multiple	2020

Research

Document	Organization	Year	Source
Illustrative Cybersecurity Risk Management Report	AICPA	2020
ENISA Threat Landscape Report (Annual)	ENISA	ongoing	source
[Introduction to the FAIR Controls Analytics Model (FAIR CAM)](research/Introduction to the FAIR Controls Analytics Model (FAIR-CAM™)_.md)	FAIR Institute	2021	source
Do No Harm 2.0 Data Practices and Vulnerable People	Future of Privacy Forum	2019
WEIS 2019 Vulnerability Management Economics Paper	WEIS	2019
Wiz Security Research	Wiz	ongoing	source
WEF Global Risks Report 2019	World Economic Forum	2019
WEF The Global Risks Report 2021	World Economic Forum	2021
WEF The Global Risks Report 2024	World Economic Forum	2024
WEF Global Cybersecurity Outlook (Annual)	World Economic Forum	ongoing	source
Minimum Viable Information Risk Management Program	multiple	2019
Ransomware History and Evolution	multiple	2020

Frameworks

Document	Organization	Year	Source
AICPA SOC for Cybersecurity Overview	AICPA	2018	source
SOC 2 Basics Guide	AICPA	2018
AICPA Trust Service Criteria Description Criteria	AICPA	2022	source
AWS Cloud Adoption Framework Overview	AWS	2020	source
Cloud Computing Compliance Controls Catalogue (C5)	BSI	2019
CIS Controls Version 7	CIS	2018	source
AWS CIS Foundations Benchmark	CIS	2019	source
CIS Controls Version 7.1	CIS	2019	source
CIS Controls Cloud Companion Guide	CIS	2020
CIS Controls v8 Implementation Guide	CIS	2021	source
CIS Controls 7 1 Mapping to Implementation Groups	CIS	unknown
CIS Controls 7 1 Mapping to Implementation Groups	CIS	unknown
CIS Controls Version 7 cc	CIS	unknown
CIS Controls Version 7 cc	CIS	unknown
CIS Controls Version 8	CIS	unknown
CIS Controls Version 8	CIS	unknown
CIS Controls v8	Center for Internet Security	2021	source
MITRE ATT&CK Framework	MITRE	ongoing	source
MITRE D3FEND	MITRE	ongoing	source
SOC Overview MSPAlliance 2018	MSPAlliance	2018
NIST CSF v1.1 2018 04 16	NIST	2018
NIST CSF v1.1 2018 04 16	NIST	2018
NIST Cybersecurity Framework v1.1	NIST	2018	source
NIST CSF 2.0 Initial Public Draft	NIST	2023
[NIST CSF 2.0 Implementation Examples](frameworks/CSF 2.0 Implementation Examples.md)	NIST	2024
NIST Cybersecurity Framework 2.0	NIST	2024	source
NIST Cybersecurity Framework 2.0	NIST	2024	source
NIST SP 1301 CSF 2.0 Small Business Quick Start Guide	NIST	2024	source
NIST SP 1302 CSF 2.0 Enterprise Risk Management Quick Start Guide	NIST	2024	source
NIST SP 1303 CSF 2.0 Getting Started Guide	NIST	2024	source
NIST OSCAL (Open Security Controls Assessment Language)	NIST	ongoing	source
[CSF 2.0 Implementation Examples](frameworks/CSF 2.0-Implementation_Examples.csv)	NIST	unknown
[CSF 2.0 Implementation Examples](frameworks/CSF 2.0-Implementation_Examples.md)	NIST	unknown
NIST CSF to HIPAA Mapping	NIST	unknown
NIST CSF to HIPAA Mapping	NIST	unknown
TSC mapping NIST CSF	NIST	unknown
TSC mapping NIST CSF	NIST	unknown
csf2	NIST	unknown
csf2	NIST	unknown
Open Policy Agent (OPA)	Open Policy Agent / CNCF	ongoing	source
PCI DSS v3.2.1	PCI SSC	2018	source
PCI DSS v3.2.1 Summary of Changes	PCI SSC	2018	source
Understanding PCI DSS Self Assessment Questionnaires	PCI SSC	2018	source
Secure Controls Framework Repository	Secure Controls Framework	ongoing	source
HIPAA master mapping	Unknown	unknown
HIPAA master mapping	Unknown	unknown
[VSA CORE FINAL 2022](frameworks/VSA CORE FINAL 2022.csv)	Vendor Security Alliance	2022
[VSA CORE FINAL 2022](frameworks/VSA CORE FINAL 2022.md)	Vendor Security Alliance	2022

Standards

Document	Organization	Year	Source
SPDX SBOM Specification	Linux Foundation / SPDX	ongoing	source
NIST SP 800 115 Technical Guide to Information Security Testing	NIST	2008	source
NIST SP 800 66 Rev 1 Implementing the HIPAA Security Rule	NIST	2008	source
NIST SP 800 39 Managing Information Security Risk	NIST	2011	source
NIST SP 1800 5 IT Asset Management	NIST	2018	source
NIST SP 800 171A Assessing CUI Security Requirements	NIST	2018	source
NIST SP 800 37 Rev 2 Risk Management Framework	NIST	2018	source
NIST Privacy Framework Informative References	NIST	2019	source
NIST Privacy Framework Preliminary Draft	NIST	2019	source
nist pf preliminary core excel 09.05.2019xlsx	NIST	2019
nist pf preliminary core excel 09.05.2019xlsx	NIST	2019
NIST SP 800 171 Assessment Methodology v1.2.1	NIST	2020
NIST SP 800 53 Rev 5 Security and Privacy Controls	NIST	2020	source
NIST SP 800 53 Rev 5 (Security and Privacy Controls)	NIST	2020	source
NIST SP 800 171 Rev 2 Protecting CUI	NIST	2021	source
NIST OSCAL Content Library (800 53 Controls in JSON/YAML)	NIST	ongoing	source
NIST Special Publications 800 Series	NIST	ongoing	source
NIST macOS Security Compliance Project	NIST	ongoing	source
NIST CSF to sp800 171 mapping	NIST	unknown
NIST CSF to sp800 171 mapping	NIST	unknown
NIST sp800 53r5 controls	NIST	unknown
NIST sp800 53r5 controls	NIST	unknown
CycloneDX SBOM Specification	OWASP / CycloneDX	ongoing	source

Tools & Templates

Document	Organization	Year	Source
SOC System Type Diagram	AICPA	2018
SOC Ticket Flow Chart	AICPA	2018
AWS Security Automation Samples	Amazon Web Services	ongoing	source
AWS Security Services Best Practices	Amazon Web Services	ongoing	source
Checkov IaC Security and Compliance Scanner	Bridgecrew / Prisma Cloud	ongoing	source
CIS Small Business Budget for Implementing CIS Controls	CIS	2019
Cyber Readiness Institute Ransomware Playbook	CRI	2020	source
CIS CAT Centralized Compliance Reporting	Center for Internet Security	ongoing	source
CIS CAT Pro Assessor v4	Center for Internet Security	ongoing	source
Cloud Custodian Multi Cloud Governance as Code	Cloud Custodian / CNCF	ongoing	source
Cloudflare Documentation (Markdown)	Cloudflare	ongoing	source
Cloudflare Terraform Provider	Cloudflare	ongoing	source
CrowdStrike GitHub Organization	CrowdStrike	ongoing	source
FFIEC CCAT v0.2 20190124	FFIEC	unknown
FFIEC CCAT v0.2 20190124	FFIEC	unknown
FFIEC CCAT v2	FFIEC	unknown
FFIEC CCAT v2	FFIEC	unknown
FFIEC Cyber Assessment Tool v2.1 locked	FFIEC	unknown
FFIEC Cyber Assessment Tool v2.1 locked	FFIEC	unknown
[HIPAA Encryption Requirements Guide](tools-templates/hipaajournal.com-HIPAA Encryption Requirements.md)	HIPAA Journal	2020
MITRE Cyber Analytics Repository (CAR)	MITRE	ongoing	source
Active Directory Design Guide	Microsoft	2012
Azure Policy Definitions (JSON)	Microsoft	ongoing	source
Microsoft Security Code Samples	Microsoft	ongoing	source
NIST OSCAL CLI Tool	NIST	ongoing	source
NIST CSF GapAssessment TEMPLATE	NIST	unknown
NIST CSF GapAssessment TEMPLATE	NIST	unknown
PCI DSS SAQ Instructions and Guidelines v3.2.1	PCI SSC	2018	source
PCI DSS v3.2 Quick Reference Guide	PCI SSC	2018	source
CISO Mind Map	SANS	2019
SANS Internet Storm Center	SANS	ongoing	source
pyTenable Tenable Python SDK	Tenable	ongoing	source
FSSCC ACAT November 2015 V1 0 TLP WHITE	Various	2015
FSSCC ACAT November 2015 V1 0 TLP WHITE	Various	2015
AD DesignRecommendations	Various	unknown
AuditScripts Critical Security Control Executive Assessment Tool v7.0c	Various	unknown
AuditScripts Critical Security Control Executive Assessment Tool v7.0c	Various	unknown
AuditScripts Critical Security Control Manual Assessment Tool v7.0b	Various	unknown
AuditScripts Critical Security Control Manual Assessment Tool v7.0b	Various	unknown
AuditScripts Critical Security Control Master Mappings v7.0d	Various	unknown
AuditScripts Critical Security Control Master Mappings v7.0d	Various	unknown
Copy of Financial Services Sector Cybersecurity Profile MacroEnabled Assessment w User Guide and Mappings	Various	unknown
Copy of Financial Services Sector Cybersecurity Profile MacroEnabled Assessment w User Guide and Mappings	Various	unknown
Effective Compliance Program	Various	unknown
External Service Provider and Geolocation Policy	Various	unknown
ExternalProvider GeoLocation Policy	Various	unknown
FedRAMP ATO Letter Template	Various	unknown
FedRAMP Initial Authorization Package Checklist	Various	unknown
FedRAMP Initial Authorization Package Checklist	Various	unknown
FedRAMP POAM Template	Various	unknown
FedRAMP POAM Template	Various	unknown
FedRAMP SAP Template	Various	unknown
FedRAMP SAR Template	Various	unknown
FedRAMP SSP High Baseline Template	Various	unknown
HHS FaxMail PHI Checklist	Various	unknown
HIPAA Overview	Various	unknown
HIPAA PnP TEMPLATE AuditGuru	Various	unknown
[IPD Active Directory Domain Services version 2.2](tools-templates/IPD - Active Directory Domain Services version 2.2.md)	Various	unknown
Microsoft PasswordGuidance	Various	unknown
Office 365 Customer Security Considerations Workbook	Various	unknown
Office 365 Customer Security Considerations Workbook	Various	unknown
PHI 18 Identifiers	Various	unknown
RiskRegister ControlsLibrary TEMPLATE	Various	unknown
RiskRegister ControlsLibrary TEMPLATE	Various	unknown
SAP AA FedRAMP High Security Test Case Procedures Template	Various	unknown
SAP AA FedRAMP High Security Test Case Procedures Template	Various	unknown
SAR AA FedRAMP Risk Exposure Table Template	Various	unknown
SAR AA FedRAMP Risk Exposure Table Template	Various	unknown
SSP A04 FedRAMP PIA Template	Various	unknown
SSP A05 FedRAMP RoB Template	Various	unknown
SSP A06 FedRAMP ISCP Template	Various	unknown
SSP A09 FedRAMP High CIS Workbook Template	Various	unknown
SSP A09 FedRAMP High CIS Workbook Template	Various	unknown
SSP A12 FedRAMP Laws and Regulations Template	Various	unknown
SSP A12 FedRAMP Laws and Regulations Template	Various	unknown
SSP A13 FedRAMP Integrated Inventory Workbook Template	Various	unknown
SSP A13 FedRAMP Integrated Inventory Workbook Template	Various	unknown
STUDY UsabilityofPassphrases 20120711	Various	unknown
THE Windows GPG CLI CHEATSHEET	Various	unknown
[VSA Questionnaire 2019 FULL Final](tools-templates/VSA Questionnaire 2019 FULL Final.csv)	Vendor Security Alliance	2019
[VSA Questionnaire 2019 FULL Final](tools-templates/VSA Questionnaire 2019 FULL Final.md)	Vendor Security Alliance	2019
[VSA Questionnaire 2021 FULL Final](tools-templates/VSA Questionnaire 2021 FULL Final.csv)	Vendor Security Alliance	2021
[VSA CORE FINAL 2022](tools-templates/VSA CORE FINAL 2022.csv)	Vendor Security Alliance	2022
[VSA Questionnaire](tools-templates/VSA CORE FINAL 2022.md)	Vendor Security Alliance	2025	source
[VSA Questionnaire](tools-templates/VSA Questionnaire 2021 FULL Final.md)	Vendor Security Alliance	2025	source
VSA Questionnaire (Vendor Security Alliance)	Vendor Security Alliance	ongoing	source
[The One Page Linux Manual](tools-templates/The One Page Linux Manual.md)	multiple	2010
HIPAA Compliance Checklist	multiple	2020

Miscellaneous

Document	Organization	Year
BBB StateofCyberSecuritySMB 2017	Various	2017
NTTSecurity GTIR KeyFindings 2017	Various	2017
UK DCMS CyberSecurityBreachesSurvey 2017	Various	2017
191028 MWB CTNT 2019 Healthcare FINAL	Various	2019
Checkpoint cyber security report 2020	Various	2020
Gone Phishing Tournament Global Benchmark Report 2020	Various	2020
CSIS SignificantCyberEventsList 201812	Various	unknown
Cybersecurity Statistics & Statements	Various	unknown
DamageControl CybeInsuranceebook	Various	unknown
FBI Flash ChinaAPT10 20190102 TLPWHITE	Various	unknown
NCSA SMBCyberSecurityAwarenessToolkit 20180824	Various	unknown
PedagogicCyberSecurityFramework 201810	Various	unknown
Switchfast SMBCybersecurityReport 20180827	Various	unknown
USFED WorldwideThreatAssessment 20170511	Various	unknown

By Organization

Equifax

Equifax EX99 StatementofRecord (unknown)
[Equifax GAO 20180906](breach-reports/Equifax_GAO_ 20180906.md) (unknown)
Equifax SenateReport 201903 (unknown)

FAIR Institute

[Introduction to the FAIR Controls Analytics Model (FAIR CAM)](research/Introduction to the FAIR Controls Analytics Model (FAIR-CAM™)_.md) (2021) · source

FFIEC

FFIEC CAT Appendix B Mapping to NIST CSF (2015) · source
FFIEC CAT Appendix C Glossary (2015) · source
FFIEC Cybersecurity Assessment Tool Cybersecurity Maturity 2017 (2017) · source
FFIEC Cybersecurity Assessment Tool Inherent Risk Profile 2017 (2017) · source
FFIEC Cybersecurity Assessment Tool User Guide 2017 (2017) · source
FFIEC IT Examination Handbook Business Continuity Planning (2019) · source
FFIEC IT Examination Handbook Information Security (2019) · source
FFIEC IT Examination Handbook Operations (2019) · source
FFIEC IT Examination Handbook Outsourcing Technology Services (2019) · source
FFIEC IT Examination Handbook Supervision of Technology Service Providers (2019) · source
FFIEC IT Examination Handbook All In One (2019) · source
FFIEC CCAT v0.2 20190124 (unknown)
FFIEC CCAT v0.2 20190124 (unknown)
FFIEC CCAT v2 (unknown)
FFIEC CCAT v2 (unknown)
FFIEC Cyber Assessment Tool v2.1 locked (unknown)
FFIEC Cyber Assessment Tool v2.1 locked (unknown)

FedRAMP

FedRAMP Authorization Boundary Guidance for Cloud Service Providers (2019) · source
FedRAMP Program Overview (2019) · source

Future of Privacy Forum

Do No Harm 2.0 Data Practices and Vulnerable People (2019)

HHS

Health Industry Cybersecurity Practices Resources and Templates (2019) · source
Health Industry Cybersecurity Practices Vol 2 Large Organizations (2019) · source
Provider Alignment Report HICP 2019 (2019)
HHS HIPAA Administrative Safeguards Guidance (2020) · source
HHS HIPAA Physical Safeguards Guidance (2020) · source
HHS HIPAA Policies and Procedures Requirements (2020) · source
HHS HIPAA Policies and Procedures Requirements Guidance (2020) · source
HHS HIPAA Risk Assessment and Management Guidance (2020) · source
HHS HIPAA Technical Safeguards Guidance (2020) · source
HHS NIST CSF and HIPAA Security Rule Crosswalk (2020)
NIST CSF Healthcare Sector Implementation Guidance (2020)

HHS/SAMHSA

Substance Use Disorder Privacy Part 2 IDN Workbook (2017)
42 CFR Part 2 How to Exchange Part 2 Records (2020)
42 CFR Part 2 Appendix D Consent Form (2020)
42 CFR Part 2 Consent for Release of Information (2020) · source
42 CFR Part 2 FAQs Confidentiality and Health Information Exchange (2020)
42 CFR Part 2 Overview Reference (2020)
CARES Act Section 3221 Summary 42 CFR Part 2 Amendments (2020)
Privacy and Confidentiality in Health Care 42 CFR Part 2 (2020)

HIPAA Journal

[HIPAA Encryption Requirements Guide](tools-templates/hipaajournal.com-HIPAA Encryption Requirements.md) (2020)

IBM/Ponemon

Ponemon StateofSMBCybersecurity 2017 (2017)
Ponemon CostofDataBreach 2018 (2018)
Ponemon CostofDataBreach 2019 (2019)
Ponemon CyberResilientOrganizationReport 2019 (2019)
Ponemon CostofDataBreach 2020 (2020)
Ponemon CyberResilientOrganizationReport 2020 (2020)
Ponemon StateofEndpointSecurity 2020 (2020)
Ponemon CostofDataBreach 2021 (2021)
CostofDataBreach 2022 (2022)
Cost of Data Breach Report 2023 (2023)
IBM Cost of a Data Breach Report 2023 (2023)

Linux Foundation / SPDX

SPDX SBOM Specification (ongoing) · source

MITRE

MITRE ATT&CK Framework (ongoing) · source
MITRE Cyber Analytics Repository (CAR) (ongoing) · source
MITRE D3FEND (ongoing) · source

MSPAlliance

SOC Overview MSPAlliance 2018 (2018)

Microsoft

Active Directory Design Guide (2012)
Azure Policy Definitions (JSON) (ongoing) · source
Microsoft Security Code Samples (ongoing) · source

NIST

NIST SP 800 115 Technical Guide to Information Security Testing (2008) · source
NIST SP 800 66 Rev 1 Implementing the HIPAA Security Rule (2008) · source
NIST SP 800 39 Managing Information Security Risk (2011) · source
NIST CSF v1.1 2018 04 16 (2018)
NIST CSF v1.1 2018 04 16 (2018)
NIST Cybersecurity Framework v1.1 (2018) · source
NIST SP 1800 5 IT Asset Management (2018) · source
NIST SP 800 171A Assessing CUI Security Requirements (2018) · source
NIST SP 800 37 Rev 2 Risk Management Framework (2018) · source
NIST Privacy Framework Informative References (2019) · source
NIST Privacy Framework Preliminary Draft (2019) · source
nist pf preliminary core excel 09.05.2019xlsx (2019)
nist pf preliminary core excel 09.05.2019xlsx (2019)
NIST SP 800 171 Assessment Methodology v1.2.1 (2020)
NIST SP 800 53 Rev 5 Security and Privacy Controls (2020) · source
NIST SP 800 53 Rev 5 (Security and Privacy Controls) (2020) · source
NIST SP 800 171 Rev 2 Protecting CUI (2021) · source
NIST CSF 2.0 Initial Public Draft (2023)
[NIST CSF 2.0 Implementation Examples](frameworks/CSF 2.0 Implementation Examples.md) (2024)
NIST Cybersecurity Framework 2.0 (2024) · source
NIST Cybersecurity Framework 2.0 (2024) · source
NIST SP 1301 CSF 2.0 Small Business Quick Start Guide (2024) · source
NIST SP 1302 CSF 2.0 Enterprise Risk Management Quick Start Guide (2024) · source
NIST SP 1303 CSF 2.0 Getting Started Guide (2024) · source
NIST National Vulnerability Database (NVD) (ongoing) · source
NIST OSCAL (Open Security Controls Assessment Language) (ongoing) · source
NIST OSCAL CLI Tool (ongoing) · source
NIST OSCAL Content Library (800 53 Controls in JSON/YAML) (ongoing) · source
NIST Special Publications 800 Series (ongoing) · source
NIST macOS Security Compliance Project (ongoing) · source
[CSF 2.0 Implementation Examples](frameworks/CSF 2.0-Implementation_Examples.csv) (unknown)
[CSF 2.0 Implementation Examples](frameworks/CSF 2.0-Implementation_Examples.md) (unknown)
NIST CSF GapAssessment TEMPLATE (unknown)
NIST CSF GapAssessment TEMPLATE (unknown)
NIST CSF to HIPAA Mapping (unknown)
NIST CSF to HIPAA Mapping (unknown)
NIST CSF to sp800 171 mapping (unknown)
NIST CSF to sp800 171 mapping (unknown)
NIST sp800 53r5 controls (unknown)
NIST sp800 53r5 controls (unknown)
TSC mapping NIST CSF (unknown)
TSC mapping NIST CSF (unknown)
csf2 (unknown)
csf2 (unknown)

NSTAC

National Security Telecommunications Advisory Committee Ransomware IT Sector Workshop (2021)

OIG

OIG 7 Elements of an Effective Compliance Program (2019) · source

OWASP / CycloneDX

CycloneDX SBOM Specification (ongoing) · source

Open Policy Agent / CNCF

Open Policy Agent (OPA) (ongoing) · source

PCI SSC

PCI DSS SAQ Instructions and Guidelines v3.2.1 (2018) · source
PCI DSS v3.2 Quick Reference Guide (2018) · source
PCI DSS v3.2.1 (2018) · source
PCI DSS v3.2.1 Summary of Changes (2018) · source
Understanding PCI DSS Self Assessment Questionnaires (2018) · source

Proofpoint

Proofpoint HumanFactor 2018 (2018)
Proofpoint QuarterlyThreatReport Q1 2018 (2018)
Proofpoint QuarterlyThreatReport Q2 2018 (2018)
Proofpoint QuarterlyThreatReport Q3 2018 (2018)
pfpt us tr data loss landscape report 2024 (2024)
pfpt us tr state of the phish 2024 (2024)

SANS

CISO Mind Map (2019)
SANS Internet Storm Center (ongoing) · source

Secure Controls Framework

Secure Controls Framework Repository (ongoing) · source

SecurityScorecard

SSC 2018Healthcare Report c06 (2018)
SSC 2019 Healthcare Report (2019)

Symantec

Symantec ISTR20 2015 (2015)
Symantec ISTR SpecialReport EmailThreats 2017 (2017)
Symantec ISTR22 2017 (2017)
Symantec ISTR23 2018 (2018)
Symantec ISTR24 2019 (2019)

Tenable

pyTenable Tenable Python SDK (ongoing) · source

US Government

OCR Audit Protocol 2018 (2018)
OCR Audit Protocol 2018 (2018)
Chinese Cyber Activity Targeting Managed Service Providers (unknown)
HIPAA CFR list (unknown)
HIPAA CFR reference (unknown)
HIPAA CFR reference spreadsheet (unknown)
HIPAA CFR reference spreadsheet (unknown)

US Intelligence Community

Unknown

HIPAA master mapping (unknown)
HIPAA master mapping (unknown)

Various

FSSCC ACAT November 2015 V1 0 TLP WHITE (2015)
FSSCC ACAT November 2015 V1 0 TLP WHITE (2015)
BBB StateofCyberSecuritySMB 2017 (2017)
NTTSecurity GTIR KeyFindings 2017 (2017)
UK DCMS CyberSecurityBreachesSurvey 2017 (2017)
191028 MWB CTNT 2019 Healthcare FINAL (2019)
Checkpoint cyber security report 2020 (2020)
Gone Phishing Tournament Global Benchmark Report 2020 (2020)
AD DesignRecommendations (unknown)
AuditScripts Critical Security Control Executive Assessment Tool v7.0c (unknown)
AuditScripts Critical Security Control Executive Assessment Tool v7.0c (unknown)
AuditScripts Critical Security Control Manual Assessment Tool v7.0b (unknown)
AuditScripts Critical Security Control Manual Assessment Tool v7.0b (unknown)
AuditScripts Critical Security Control Master Mappings v7.0d (unknown)
AuditScripts Critical Security Control Master Mappings v7.0d (unknown)
CSIS SignificantCyberEventsList 201812 (unknown)
Copy of Financial Services Sector Cybersecurity Profile MacroEnabled Assessment w User Guide and Mappings (unknown)
Copy of Financial Services Sector Cybersecurity Profile MacroEnabled Assessment w User Guide and Mappings (unknown)
Cybersecurity Statistics & Statements (unknown)
DamageControl CybeInsuranceebook (unknown)
Effective Compliance Program (unknown)
External Service Provider and Geolocation Policy (unknown)
ExternalProvider GeoLocation Policy (unknown)
FBI Flash ChinaAPT10 20190102 TLPWHITE (unknown)
FedRAMP ATO Letter Template (unknown)
FedRAMP Initial Authorization Package Checklist (unknown)
FedRAMP Initial Authorization Package Checklist (unknown)
FedRAMP POAM Template (unknown)
FedRAMP POAM Template (unknown)
FedRAMP SAP Template (unknown)
FedRAMP SAR Template (unknown)
FedRAMP SSP High Baseline Template (unknown)
HHS FaxMail PHI Checklist (unknown)
HIPAA Overview (unknown)
HIPAA PnP TEMPLATE AuditGuru (unknown)
[IPD Active Directory Domain Services version 2.2](tools-templates/IPD - Active Directory Domain Services version 2.2.md) (unknown)
Microsoft PasswordGuidance (unknown)
NCSA SMBCyberSecurityAwarenessToolkit 20180824 (unknown)
Office 365 Customer Security Considerations Workbook (unknown)
Office 365 Customer Security Considerations Workbook (unknown)
PHI 18 Identifiers (unknown)
PedagogicCyberSecurityFramework 201810 (unknown)
RiskRegister ControlsLibrary TEMPLATE (unknown)
RiskRegister ControlsLibrary TEMPLATE (unknown)
SAP AA FedRAMP High Security Test Case Procedures Template (unknown)
SAP AA FedRAMP High Security Test Case Procedures Template (unknown)
SAR AA FedRAMP Risk Exposure Table Template (unknown)
SAR AA FedRAMP Risk Exposure Table Template (unknown)
SSP A04 FedRAMP PIA Template (unknown)
SSP A05 FedRAMP RoB Template (unknown)
SSP A06 FedRAMP ISCP Template (unknown)
SSP A09 FedRAMP High CIS Workbook Template (unknown)
SSP A09 FedRAMP High CIS Workbook Template (unknown)
SSP A12 FedRAMP Laws and Regulations Template (unknown)
SSP A12 FedRAMP Laws and Regulations Template (unknown)
SSP A13 FedRAMP Integrated Inventory Workbook Template (unknown)
SSP A13 FedRAMP Integrated Inventory Workbook Template (unknown)
STUDY UsabilityofPassphrases 20120711 (unknown)
Switchfast SMBCybersecurityReport 20180827 (unknown)
THE Windows GPG CLI CHEATSHEET (unknown)
USFED WorldwideThreatAssessment 20170511 (unknown)

Vendor Security Alliance

[VSA Questionnaire 2019 FULL Final](tools-templates/VSA Questionnaire 2019 FULL Final.csv) (2019)
[VSA Questionnaire 2019 FULL Final](tools-templates/VSA Questionnaire 2019 FULL Final.md) (2019)
[VSA Questionnaire 2021 FULL Final](tools-templates/VSA Questionnaire 2021 FULL Final.csv) (2021)
[VSA CORE FINAL 2022](frameworks/VSA CORE FINAL 2022.csv) (2022)
[VSA CORE FINAL 2022](frameworks/VSA CORE FINAL 2022.md) (2022)
[VSA CORE FINAL 2022](tools-templates/VSA CORE FINAL 2022.csv) (2022)
[VSA Questionnaire](tools-templates/VSA CORE FINAL 2022.md) (2025) · source
[VSA Questionnaire](tools-templates/VSA Questionnaire 2021 FULL Final.md) (2025) · source
VSA Questionnaire (Vendor Security Alliance) (ongoing) · source

Verizon

Verizon DBIR 2015 (2015)
Verizon DBIR 2016 (2016)
Verizon DBIR 2017 (2017)
Verizon DBIR 2018 (2018)
Verizon DBIR 2019 (2019)
Verizon DBIR 2019 ExecBrief (2019)
Verizon DBIR 2020 (2020)
Verizon DBIR 2020 ExecutiveBrief (2020)
Verizon DBIR 2021 (2021)
Verizon DBIR 2022 (2022)
Verizon DBIR 2023 (2023)
Verizon DBIR 2024 data breach investigations report (2024)
Verizon DBIR 2024 executive summary (2024)
Verizon DBIR 2024 infographic (2024)

WEIS

WEIS 2019 Vulnerability Management Economics Paper (2019)

Webroot

2019 Webroot Threat Report US Online (2019)

Wiz

Wiz Security Research (ongoing) · source

World Economic Forum

WEF Global Risks Report 2019 (2019)
WEF The Global Risks Report 2021 (2021)
WEF The Global Risks Report 2024 (2024)
WEF Global Cybersecurity Outlook (Annual) (ongoing) · source

multiple

[The One Page Linux Manual](tools-templates/The One Page Linux Manual.md) (2010)
Minimum Viable Information Risk Management Program (2019)
CCPA and GDPR Comparison Chart (2020)
HIPAA Compliance Checklist (2020)
Ransomware History and Evolution (2020)

FilesExpand file tree

INDEX.md

Latest commit

History

INDEX.md

File metadata and controls

Reference Library Index

Contents

By Content Type

Threat Intelligence

Breach Reports

Government & Regulatory

Research

Frameworks

Standards

Tools & Templates

Miscellaneous

By Organization

AICPA

AWS

Accenture

Amazon Web Services

Anthem

BSI

Bridgecrew / Prisma Cloud

CIS

CISA

CRI

Center for Internet Security

Cisco

Cloud Custodian / CNCF

Cloudflare

Coveware

CrowdStrike

ENISA

Equifax

FAIR Institute

FFIEC

FedRAMP

Future of Privacy Forum

HHS

HHS/SAMHSA

HIPAA Journal

IBM/Ponemon

Linux Foundation / SPDX

MITRE

MSPAlliance

Microsoft

NIST

NSTAC

OIG

OWASP / CycloneDX

Open Policy Agent / CNCF

PCI SSC

Proofpoint

SANS

Secure Controls Framework

SecurityScorecard

Symantec

Tenable

US Government

US Intelligence Community

Unknown

Various

Vendor Security Alliance

Verizon

WEIS

Webroot

Wiz

World Economic Forum

multiple