5.2 applicable regulations, standards, or frameworks that impact organizational security posture.

Question 1

CIS

Answer 1

Center for Internet Security

Question 2

NIST

Answer 2

Natl Institute of Standards and Technology

mandatory for federal agencies and federal data

Question 3

CSA

Answer 3

Cloud Security Alliance

Question 4

ISO/IEC

Answer 4

27001 - Information Security Mgmt System
27002 - Information Security Controls
27701 - Privacy Information mgmt Systems
31000 - Risk Management Practices

Question 5

ISO 27001

Answer 5

ISMS

establishing, implementing, and managing an information security management system (ISMS)

Question 6

ISO 27002

Answer 6

SUPPORTING

a supporting standard that guides how the information security controls can be implemented from 27001

Question 7

27701

Answer 7

PRIVACY

an international standard for managing privacy information

Question 8

31000

Answer 8

RISK

international standards for risk management

Question 9

RMF

Answer 9

Risk Management Framework
dictates how the United States government IT systems must be architected, secured, and monitored

Question 10

CSF

Answer 10

Cyber Security Framework
voluntary commercial framework

Question 11

SSAE SOC 2 type I/II

Answer 11

AUDIT

auditing standard covers security controls in large corporations

Question 12

CCM

Answer 12

Cloud Controls Matrix (CCM) is a cybersecurity framework for cloud computing. It’s considered the standard for cloud security and privacy.