The Bank for International Settlements (BIS) is an international organisation which fosters international monetary and financial cooperation and serves as a bank for central banks.

Established in 1930, the BIS is owned by 63 central banks, representing countries from around the world that together account for about 95% of world GDP. Its head office is in Basel, Switzerland and it has two representative offices: in Hong Kong SAR and in Mexico City, as well as Innovation Hub Centres around the world.

The mission is to support central banks' pursuit of monetary and financial stability through international cooperation, and to act as a bank for central banks.

To deliver on our mission and be able to respond to the evolving nature of our business, our work is anchored in strong core values that shape the way in which we work. These values are the shared principles and beliefs that unite our staff and guide our actions to promote a cohesive, purpose-driven culture to support central banks through their current and future challenges.

• We deliver value through excellence in performance.
  
• We are committed to continuous improvement and innovation.
  
• We act with integrity.
  
• We foster a culture of diversity, inclusion, sustainability and social responsibility.
  

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation.

We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud.

CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. elections offices.

The Cybersecurity Maturity Model Certification (CMMC) program enhances cyber protection standards for companies in the DIB. It is designed to protect sensitive unclassified information that is shared by the Department with its contractors and subcontractors.

The program incorporates a set of cybersecurity requirements into acquisition programs and provides the Department increased assurance that contractors and subcontractors are meeting these requirements. The framework has three key features:

• Tiered Model: CMMC requires that companies entrusted with national security information implement cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the information. The program also sets forward the process for information flow down to subcontractors.
• Assessment Requirement: CMMC assessments allow the Department to verify the implementation of clear cybersecurity standards.
• Implementation through Contracts: Once CMMC is fully implemented, certain DoD contractors that handle sensitive unclassified DoD information will be required to achieve a particular CMMC level as a condition of contract award

The Capability Maturity Model Integration (CMMI) is a process level improvement training and appraisal program. Administered by the CMMI Institute, a subsidiary of ISACA, it was developed at Carnegie Mellon University (CMU). CMMI is registered in the U.S. Patent and Trademark Office by CMU. It is required by many U.S. Government contracts, especially in software development.

CMU claims CMMI can be used to guide process improvement across a project, division, or an entire organization. CMMI defines the following maturity levels for processes:

1. Initial,
2. Managed,
3. Defined,
4. Quantitatively Managed, and
5. Optimizing.

Version 2.0 was published in 2018 (Version 1.3 was published in 2010, and is the reference model for the remaining information in this wiki article).

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative to combat corporate fraud. It was established in the United States by five private sector organizations, dedicated to guiding executive management and government entities in relevant aspects of organizational governance, business ethics, internal control, business risk management, fraud and financial reports.

COSO has established a common internal control model against which companies and organizations can evaluate their control systems.

COSO has the support of five support organizations: American Institute of Certified Public Accountants (AICPA), American Accounting Association (AAA), Financial Executives International (FEI), Institute of Internal Auditors (IIA) and Institute of Management Accountants (IMA)

The Department of Defense Chief Information Officer (DoD CIO) is the Principal Staff Assistant and senior Information Technology advisor to the Secretary of Defense.

This role includes overseeing many national security and defense business systems, managing information resources, and finding efficiencies. It is responsible for all matters relating to the Department’s information enterprise, including:

• Communications
• Spectrum management
• Network policy and standards
• Information systems
• Cybersecurity
• Positioning, navigation, and timing policy
• DoD information enterprise that supports DoD command and control

The Digital Operational Resilience Act (DORA) (Regulation (EU) 2022/2554) solves an important problem in the EU financial regulation.

Before DORA, financial institutions managed the main categories of operational risk mainly with the allocation of capital, but they did not manage all components of operational resilience.

After DORA, they must also follow rules for the protection, detection, containment, recovery and repair capabilities against ICT-related incidents.

DORA explicitly refers to ICT risk and sets rules on ICT risk-management, incident reporting, operational resilience testing and ICT third-party risk monitoring.

This Regulation acknowledges that ICT incidents and a lack of operational resilience have the possibility to jeopardiZe the soundness of the entire financial system, even if there is "adequate" capital for the traditional risk categories.

The European Union Agency for Cybersecurity (ENISA) is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

Established in 2004 and strengthened by the EU Cybersecurity Act, the European Union Agency for Cybersecurity contributes to EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow.

Through knowledge sharing, capacity building and awareness raising, the Agency works together with its key stakeholders to strengthen trust in the connected economy, to boost resilience of the Union’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure.

The Federal Information Security Modernization Act of 2014 (FISMA 2014) codifies the Department of Homeland Security’s role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies’ compliance with those policies, and assisting OMB in developing those policies.

The legislation provides the Department authority to develop and oversee the implementation of binding operational directives to other agencies, in coordination and consistent with OMB policies and practices. It also:

• Authorizes DHS to provide operational and technical assistance to other federal Executive Branch civilian agencies at the agency’s request;
• Places the federal information security incident center (a function fulfilled by US-CERT) within DHS by law;
• Authorizes DHS technology deployments to other agencies' networks (upon those agencies' request);
• Directs OMB to revise policies regarding notification of individuals affected by federal agency data breaches;
• Requires agencies to report major information security incidents as well as data breaches to Congress as they occur and annually; and
• Simplifies existing FISMA reporting to eliminate inefficient or wasteful reporting while adding new reporting requirements for major information security incident

The Federal Information Security Modernization Act of 2014 (FISMA 2014) codifies the Department of Homeland Security’s role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies’ compliance with those policies, and assisting OMB in developing those policies.

The legislation provides the Department authority to develop and oversee the implementation of binding operational directives to other agencies, in coordination and consistent with OMB policies and practices. It also:

• Authorizes DHS to provide operational and technical assistance to other federal Executive Branch civilian agencies at the agency’s request;
• Places the federal information security incident center (a function fulfilled by US-CERT) within DHS by law;
• Authorizes DHS technology deployments to other agencies' networks (upon those agencies' request);
• Directs OMB to revise policies regarding notification of individuals affected by federal agency data breaches;
• Requires agencies to report major information security incidents as well as data breaches to Congress as they occur and annually; and
• Simplifies existing FISMA reporting to eliminate inefficient or wasteful reporting while adding new reporting requirements for major information security incident

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR's primary aim is to enhance individuals' control and rights over their personal data and to simplify the regulatory environment for international business. Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals (formally called data subjects in the GDPR) who are located in the EEA, and applies to any enterprise—regardless of its location and the data subjects' citizenship or residence—that is processing the personal information of individuals inside the EEA.

The GDPR was adopted on 14 April 2016 and became enforceable beginning 25 May 2018. As the GDPR is a regulation, not a directive, it is directly binding and applicable, but does provide flexibility for certain aspects of the regulation to be adjusted by individual member states.

The regulation became a model for many other laws across the world, including in Turkey, Mauritius, Chile, Japan, Brazil, South Korea, Argentina and Kenya. As of 2021 the United Kingdom retains the law in identical form despite no longer being an EU member state. The California Consumer Privacy Act (CCPA), adopted on 28 June 2018, has many similarities with the GDPR.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy–Kassebaum Act) is a United States federal statute enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. It modernized the flow of healthcare information, stipulates how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and addressed some limitations on healthcare insurance coverage. It generally prohibits healthcare providers and healthcare businesses, called covered entities, from disclosing protected information to anyone other than a patient and the patient's authorized representatives without their consent. With limited exceptions, it does not restrict patients from receiving information about themselves. It does not prohibit them from voluntarily sharing their health information however they choose, or – if they disclose medical information to family members, friends, or other individuals not a part of a covered entity – legally require them to maintain confidentiality. The act consists of five titles.

1. protects health insurance coverage for workers and their families when they change or lose their jobs.
2. known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
3. sets guidelines for pre-tax medical spending accounts,
4. sets guidelines for group health plans,
5. governs company-owned life insurance policies.

The International Electrotechnical Commission (IEC) is a global, not-for-profit membership organization that brings together more than 170 countries and coordinates the work of 20 000 experts globally.

It prepares and publishes international standards for all electrical, electronic and related technologies – collectively known as "electrotechnology".

IEC standards cover a vast range of technologies from power generation, transmission and distribution to home appliances and office equipment, semiconductors, fiber optics, batteries, solar energy, nanotechnology and marine energy as well as many others.

The IEC also manages four global conformity assessment systems that certify whether equipment, system or components conform to its international standards.

All electrotechnologies are covered by IEC Standards, including energy production and distribution, electronics, magnetics and electromagnetics, electroacoustics, multimedia, telecommunication and medical technology, as well as associated general disciplines such as terminology and symbols, electromagnetic compatibility, measurement and performance, dependability, design and development, safety and the environment.

The Institute of Electrical and Electronics Engineers (IEEE) is a professional association for electronic engineering and electrical engineering (and associated disciplines) with its corporate office in New York City and its operations center in Piscataway, New Jersey. It was formed in 1963 from the amalgamation of the American Institute of Electrical Engineers and the Institute of Radio Engineers.

Due to its expansion of scope into so many related fields, it is simply referred to by the letters I-E-E-E (pronounced I-triple-E), except on legal business documents. As of 2018, it is the world's largest association of technical professionals with more than 423,000 members in over 160 countries around the world. Its objectives are the educational and technical advancement of electrical and electronic engineering, telecommunications, computer engineering and similar disciplines.

The IFRS Foundation is a not-for-profit, public interest organisation established to develop high-quality, understandable, enforceable and globally accepted accounting and sustainability disclosure standards—IFRS Standards—and to promote and facilitate adoption of the standards.

Our Standards are developed by our two standard-setting boards, the International Accounting Standards Board (IASB) and the newly created International Sustainability Standards Board (ISSB). The IASB sets IFRS Accounting Standards and the ISSB sets IFRS Sustainability Disclosure Standards.

IFRS Accounting Standards set out how a company prepares its financial statements. IFRS Sustainability Disclosure Standards set out how a company discloses information about sustainability-related factors that may help or hinder a company in creating value.

The two boards will work closely to ensure their Standards complement each other to provide investors with transparent and reliable information about a company’s financial position and performance, as well as information about sustainability factors that could create or erode its enterprise value in the short, medium and long term.

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 166 national standards bodies.

Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges. It is the world's largest developer of voluntary international standards, and it facilitates world trade by providing common standards among nations.

More than twenty thousand standards have been set, covering everything from manufactured products and technology to food safety, agriculture, and healthcare. Use of the standards aids in the creation of products and services that are safe, reliable, and of good quality.

The standards help businesses increase productivity while minimizing errors and waste. By enabling products from different markets to be directly compared, they facilitate companies in entering new markets and assist in the development of global trade on a fair basis.

The standards also serve to safeguard consumers and the end-users of products and services, ensuring that certified products conform to the minimum standards set internationally.

The International Telecommunication Union (ITU) is a specialized agency of the United Nations responsible for all matters related to information and communication technologies.

The ITU was initially aimed at helping connect telegraphic networks between countries, with its mandate consistently broadening with the advent of new communications technologies; it adopted its current name in 1934 to reflect its expanded responsibilities over radio and the telephone.

he ITU promotes the shared global use of the radio spectrum, facilitates international cooperation in assigning satellite orbits, assists in developing and coordinating worldwide technical standards, and works to improve telecommunication infrastructure in the developing world.

It is also active in the areas of broadband Internet, wireless technologies, aeronautical and maritime navigation, radio astronomy, satellite-based meteorology, TV broadcasting, and next-generation networks.

The ITU's global membership includes 193 countries and around 900 business, academic institutions, and international and regional organizations.

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.

The National Aeronautics and Space Administration (NASA) is America’s civil space program and the global leader in space exploration. The agency has a diverse workforce of just under 18,000 civil servants, and works with many more U.S. contractors, academia, and international and commercial partners to explore, discover, and expand knowledge for the benefit of humanity. With an annual budget of $23.2 billion in Fiscal Year 2021, which is less than 0.5% of the overall U.S. federal budget, NASA supports more than 312,000 jobs across the United States, generating more than $64.3 billion in total economic output (Fiscal Year 2019).

NASA also leads a Moon to Mars exploration approach, which includes working with U.S. industry, international partners, and academia to develop new technology, and send science research and soon humans to explore the Moon on Artemis missions that will help prepare for human exploration of the Red Planet. In addition to those major missions, the agency shares what it learns so that its information can make life better for people worldwide. For example, companies use NASA discoveries and technologies to create new products for the public. To ensure future success for the agency and the nation, NASA also supports education efforts in STEM with an emphasis on increasing diversity in our future workforce.

The Payment Card Industry Security Standards Council (PCI SSC) is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

Its role is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders. It achieves this with a strategic framework to guide our decision-making process and ensure that every initiative is aligned with our mission and supports the needs of the global payments industry.

The PCI SSC is led by a policy-setting Executive Committee composed of representatives from American Express, Discover, JCB International, Mastercard, UnionPay and Visa Inc.

Enforcement of compliance with PCI Standards and determination of any non-compliance penalties are carried out by the individual payment brands and not by the PCI SSC. This At-a-Glance describes how the PCI SSC leverages the Strategic Framework to help stakeholders enhance security for payment cardholder data.

The Sarbanes–Oxley Act of 2002 is a United States federal law that mandates certain practices in financial record keeping and reporting for corporations.

The act, (Pub.L. 107–204 (text) (pdf), 116 Stat. 745, enacted July 30, 2002), also known as the "Public Company Accounting Reform and Investor Protection Act" (in the Senate) and "Corporate and Auditing Accountability, Responsibility, and Transparency Act" (in the House) and more commonly called Sarbanes–Oxley or SOX, contains eleven sections that place requirements on all U.S. public company boards of directors and management and public accounting firms.

A number of provisions of the Act also apply to privately held companies, such as the willful destruction of evidence to impede a federal investigation.

The law was enacted as a reaction to a number of major corporate and accounting scandals, including Enron and WorldCom. The sections of the bill cover responsibilities of a public corporation's board of directors, add criminal penalties for certain misconduct, and require the Securities and Exchange Commission to create regulations to define how public corporations are to comply with the law.

The Cybersecurity program aims to enhance capacities of Member States and private organizations in preventing cyber-attacks carried out by terrorist actors against critical infrastructure.

The UN Office of Counter-Terrorism (UNOCT) has several initiatives in the field of new technologies, including a project on the use of social media to gather open source information and digital evidence to counter terrorism and violent extremism while respecting human rights. It has provided expertise in international for a on the use of unmanned aerial systems (UAS) and will develop further programming in this area.

In particular, the Cybersecurity and New Technologies program aims to enhance capacities of Member States and private organizations in preventing cyber-attacks carried out by terrorist actors against critical infrastructure. The project program also seeks to mitigate the impact and recover and restore the targeted systems should such cyber-attacks occur.